Browse all 3 CVE security advisories affecting peregrinethemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Peregrinethemes develops WordPress themes and website templates, primarily serving small businesses and bloggers seeking customizable website solutions. Historically, their products have been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to insufficient input validation and insecure file handling. In 2021, a critical RCE vulnerability in multiple themes allowed attackers to execute arbitrary code through manipulated theme parameters. While no major data breaches have been publicly documented, the consistent presence of similar vulnerabilities across their product line suggests ongoing security challenges in their development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25333 | WordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerability — ShopwellCWE-862 | 5.3 | Medium | 2026-02-19 |
| CVE-2025-26734 | WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability — HesterCWE-79 | 6.5 | Medium | 2025-03-27 |
| CVE-2024-35715 | WordPress Bloglo and Blogvi themes affected by Cross Site Scripting (XSS) vulnerability — BlogloCWE-79 | 6.5 | Medium | 2024-06-08 |
This page lists every published CVE security advisory associated with peregrinethemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.