CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Vulnrichment•added 2026/02/07 5:52 a.m.•2 views

CVE-2025-12803 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'btbbtabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00014EPSS

Exploits0References3

Vulnrichment•added 2025/05/29 8:22 a.m.•10 views

CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additionalsettings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00253EPSS

Exploits0References7

Cvelist•added 2025/05/29 8:22 a.m.•16 views

CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter

6.4CVSS0.00253EPSS

Exploits0References7

CVE•added 2025/05/29 8:22 a.m.•51 views

CVE-2025-5286

The CVE-2025-5286 entry concerns the WordPress Bold Page Builder plugin. Affected: Bold Page Builder plugin for WordPress ≤ 5.3.6. Issue: Stored Cross-Site Scripting via the additional_settings parameter due to insufficient input sanitization and output escaping. Impact: Authenticated attackers w...

6.4CVSS5.8AI score0.00253EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by