2 matches found
CVE-2025-0859
CVE-2025-0859 : Post and Page Builder by BoldGrid – Visual Drag and Drop Editor (WordPress) is affected by a Path Traversal in versions up to 1.27.6 via template_via_url(), enabling authenticated users at Contributor level or higher to read arbitrary server files. The vulnerability is documented ...
CVE-2025-0859 Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the templateviaurl function. This makes it possible for authenticated attackers, with Contributor-level access and above, to re...