cleantalk
Vulnerabilities and Security Researches

Bold Page Builder, CVE-2021-24579

CVE, Research URL

CVE-2021-24579

Home page URL

Security reports for Bold Page Builder

Application

Bold Page Builder

Published on
Aug 30, 2021
Research Description
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.
Affected versions
max 3.1.6.
Status
vulnerable
Previous vulnerability researches
Bold Page Builder (CVE-2022-2089) , Jun 06, 2024
Bold Page Builder (CVE-2023-49823) , Jun 06, 2024
Bold Page Builder (CVE-2024-3266) , Jun 06, 2024
Bold Page Builder (CVE-2025-58194) , Aug 28, 2025
Bold Page Builder (CVE-2019-15821) , Jun 06, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025