177 matches found
WordPress plugin Post and Page Builder by BoldGrid – Visual Drag and Drop Editor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.5...
WordPress Total Upkeep Unauthenticated Backup Downloader
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Total Upkeep Unauthenticated Backup Downloader', 'Description' = %q This module exploits an unauthenticated database backup vulnerabili...
CVE-2024-6848
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX...
CVE-2024-6848
CVE-2024-6848 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor” up to version 1.26.6. The issue is Stored Cross-Site Scripting via file uploads, caused by insufficient input sanitization and output escaping on the boldgrid_canvas_image AJAX endpoint. A...
CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX...
CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX...
CVE-2024-24869
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8...
CVE-2024-24869
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8...
PT-2024-20625 · Boldgrid · Boldgrid Total Upkeep
Name of the Vulnerable Software and Affected Versions: BoldGrid Total Upkeep versions 1.15.8 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path Traversal in...
CVE-2024-4400
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-4400
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-4400
CVE-2024-4400 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor.” The vulnerability is a Stored Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in versions up to and including 1.26.4. Authentication is requi...
CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting vulnerability
Authenticated Contributer+ Stored Cross-Site Scripting vulnerability discovered by andrea bocchetti in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.26.4...
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.4 is vulnerable to Cross Site Scripting (XSS)
Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.26.4 Fixed in 1.26.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4400 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership...
PT-2024-30865 · Boldgrid · Post/Page Builder By Boldgrid
Name of the Vulnerable Software and Affected Versions: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress versions up to, and including, 1.26.4 Description: The issue is related to Stored Cross-Site Scripting via an unknown parameter due to insufficient input...
WordPress plugin Post and Page Builder by BoldGrid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor < 1.26.5 - Authenticated (Contributer+) Stored Cross-Site Scripting
Description The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible fo...
WordPress BoldGrid Easy SEO plugin <= 1.6.14 - Information Exposure vulnerability
Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin BoldGrid Easy SEO versions = 1.6.14...