Lucene search
K

177 matches found

CNNVD
CNNVD
added 2025/01/15 12:0 a.m.4 views

WordPress plugin Post and Page Builder by BoldGrid – Visual Drag and Drop Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

6.5CVSS7.4AI score0.00303EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/14 6:21 a.m.5 views

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.5...

6.5CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.168 views

WordPress Total Upkeep Unauthenticated Backup Downloader

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Total Upkeep Unauthenticated Backup Downloader', 'Description' = %q This module exploits an unauthenticated database backup vulnerabili...

7.4AI score
Exploits0
NVD
NVD
added 2024/07/20 12:15 p.m.36 views

CVE-2024-6848

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX...

6.4CVSS0.00466EPSS
Exploits1References5
CVE
CVE
added 2024/07/20 11:18 a.m.72 views

CVE-2024-6848

CVE-2024-6848 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor” up to version 1.26.6. The issue is Stored Cross-Site Scripting via file uploads, caused by insufficient input sanitization and output escaping on the boldgrid_canvas_image AJAX endpoint. A...

6.4CVSS5.7AI score0.00466EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/20 11:18 a.m.14 views

CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX...

6.4CVSS5.8AI score0.00466EPSS
Exploits1References5
OSV
OSV
added 2024/07/20 11:18 a.m.6 views

CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX...

6.4CVSS6.1AI score0.00466EPSS
Exploits1References7
OSV
OSV
added 2024/05/17 9:15 a.m.5 views

CVE-2024-24869

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/05/17 9:15 a.m.26 views

CVE-2024-24869

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8...

7.5CVSS7.5AI score0.00658EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.7 views

PT-2024-20625 · Boldgrid · Boldgrid Total Upkeep

Name of the Vulnerable Software and Affected Versions: BoldGrid Total Upkeep versions 1.15.8 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path Traversal in...

7.5CVSS9.3AI score0.00658EPSS
Exploits0References5
OSV
OSV
added 2024/05/16 11:15 a.m.5 views

CVE-2024-4400

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 11:15 a.m.26 views

CVE-2024-4400

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 11:5 a.m.62 views

CVE-2024-4400

CVE-2024-4400 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor.” The vulnerability is a Stored Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in versions up to and including 1.26.4. Authentication is requi...

6.4CVSS7.7AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/16 11:5 a.m.30 views

CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.4AI score0.00263EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/16 1:43 a.m.4 views

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting vulnerability

Authenticated Contributer+ Stored Cross-Site Scripting vulnerability discovered by andrea bocchetti in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.26.4...

6.4CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/16 12:0 a.m.16 views

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.4 is vulnerable to Cross Site Scripting (XSS)

Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.26.4 Fixed in 1.26.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4400 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.7 views

PT-2024-30865 · Boldgrid · Post/Page Builder By Boldgrid

Name of the Vulnerable Software and Affected Versions: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress versions up to, and including, 1.26.4 Description: The issue is related to Stored Cross-Site Scripting via an unknown parameter due to insufficient input...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

WordPress plugin Post and Page Builder by BoldGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.15 views

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor < 1.26.5 - Authenticated (Contributer+) Stored Cross-Site Scripting

Description The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/08 5:8 a.m.7 views

WordPress BoldGrid Easy SEO plugin <= 1.6.14 - Information Exposure vulnerability

Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin BoldGrid Easy SEO versions = 1.6.14...

5.3CVSS7AI score0.00508EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder