3 matches found
CVE-2024-1157
The CVE concerns Bold Page Builder for WordPress (affected: all versions up to 4.8.0) with a Stored Cross‑Site Scripting (XSS) flaw via the plugin’s button URL due to insufficient input sanitization/output escaping. Exploitation requires authenticated access (contributor+). Wordfence and Red Hat ...
CVE-2024-1157 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...
WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)
Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1157 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d94380d5f2fc Credits Mdr Required privilege...