Lucene search

CVE-2024-7100

🗓️ 30 Jul 2024 07:02:15Reported by WordfenceType

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user supplied attribute

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode	30 Jul 202406:48	–	cvelist
Vulnrichment	CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode	30 Jul 202406:48	–	vulnrichment
NVD	CVE-2024-7100	30 Jul 202407:15	–	nvd
Patchstack	WordPress Bold Page Builder Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)	30 Jul 202400:00	–	patchstack
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 29, 2024 to August 4, 2024)	8 Aug 202415:35	–	wordfence

Nvd

Vulners

Node

bold-themes bold_page_builderRange<5.0.3wordpress

[
  {
    "vendor": "boldthemes",
    "product": "Bold Page Builder",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordpress	www.wordpress.org/plugins/bold-page-builder/
plugins	www.plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements/bt_bb_button/bt_bb_button.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/4999bbf3-3dbd-4c9a-b648-744192c9586c
plugins	www.plugins.trac.wordpress.org/changeset/3127440/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Jul 2024 07:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.4 - 6.4

EPSS0.00097

SSVC

CWE-79