Vulnerabilities and security researches forpost-and-page-builder post-and-page-builder

Jun 07, 2024

CVE, Research URL: CVE-2024-4400
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: May 16, 2024
Research Description: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-25480
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Oct 06, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2888
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Mar 26, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2.
Affected versions: Min -, max -.
Status: vulnerable

Jul 21, 2024

CVE, Research URL: CVE-2024-6848
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Jul 20, 2024
Research Description: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions: Min -, max -.
Status: vulnerable

Jan 17, 2025

CVE, Research URL: CVE-2025-22759
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Jan 15, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4.
Affected versions: Min -, max -.
Status: vulnerable

Feb 12, 2025

CVE, Research URL: CVE-2025-0859
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Feb 06, 2025
Research Description: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable

Jun 23, 2025

CVE, Research URL: CVE-2025-52713
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Jun 20, 2025
Research Description: Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-52711
Home page URL: Security reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Application: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Date: Jun 20, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Affected versions: Min -, max -.
Status: vulnerable