21 matches found
CVE-2024-30442
CVE-2024-30442 affects WordPress Bold Page Builder up to version 4.8.0. The issue is an Improper Neutralization of Input During Web Page Generation, i.e., a Stored XSS in the plugin. Evidence across sources indicates the vulnerable component is the Bold Page Builder plugin (WordPress ecosystem) a...
CVE-2024-1160
CVE-2024-1160 : Bold Page Builder (WordPress) is vulnerable to Stored XSS via the plugin’s Icon Link in all versions up to and including 4.8.0 due to insufficient input sanitization and output escaping. Exploitation requires contributor-level or higher authentication, and scripts execute when use...
CVE-2022-2089
The CVE-2022-2089 entry concerns the WordPress Bold Page Builder plugin prior to 4.3.3. It describes a vulnerability where unsanitized and unescaped settings can allow Cross-Site Scripting (XSS) by high-privilege users (such as admins), even when unfiltered_html is disallowed. The impact is store...
CVE-2021-24579
CVE-2021-24579 affects the Bold Page Builder WordPress plugin (before 3.1.6). The bt_bb_get_grid AJAX action passes user input to unserialize() without validation, enabling PHP Object Injection. Although no gadget was found in the plugin itself to fully exploit, it could enable RCE in some scenar...
CVE-2024-30179
CVE-2024-30179 is a Stored XSS in Bold Page Builder (BoldThemes) caused by improper input neutralization during web page generation. The issue affects Bold Page Builder up to version 4.7.6 (no exposure beyond that is stated in the sources). Public references (NVD/Red Hat/ENISA Wordfence context) ...
CVE-2024-2734
CVE-2024-2734 : Bold Page Builder (WordPress) is vulnerable to Stored Cross-Site Scripting via the plugin’s AI features in versions up to and including 4.8.8. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with C...
CVE-2019-15821
The CVE-2019-15821 entry concerns the WordPress Bold Page Builder plugin (versions before 2.3.2). Affected: Bold Page Builder plugin for WordPress. Vulnerability: lack of access control allows an unauthenticated user to modify plugin settings and import data, enabling unauthorized configuration c...
CVE-2024-3266
CVE-2024-3266 (Bold Page Builder, WordPress) is a Stored XSS vulnerability in the Bold Page Builder plugin via the Widget URL Attribute. Connected sources confirm this affects versions up to and including 4.8.8 and requires at least Contributor-level authentication to exploit. The vulnerability c...
CVE-2024-53801
CVE-2024-53801 : Bold Page Builder (WordPress plugin)
CVE-2024-54382
CVE-2024-54382: Bold Page Builder (WordPress) contains an improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability. Affected: Bold Page Builder versions up to and including 5.1.5 (the description notes impact starts at n/a up to 5.1.5). Impact: potential access t...
CVE-2024-1159
CVE-2024-1159 concerns the Bold Page Builder WordPress plugin. A stored cross-site scripting (XSS) flaw exists in all versions up to and including 4.8.0, caused by insufficient input sanitization and output escaping on shortcode attributes. Exploitation requires authenticated access at contributo...
CVE-2024-2735
CVE-2024-2735 affects the Bold Page Builder WordPress plugin. It is a Stored XSS via the Price List element in all versions up to 4.8.8 due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access can inject scripts that execute when pages are ...
CVE-2024-2736
The Bold Page Builder plugin for WordPress is affected by CVE-2024-2736: Stored Cross-Site Scripting via HTML Tags in all versions up to 4.8.8 due to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability requires authentication at the Contributor level...
CVE-2024-1157
The CVE concerns Bold Page Builder for WordPress (affected: all versions up to 4.8.0) with a Stored Cross‑Site Scripting (XSS) flaw via the plugin’s button URL due to insufficient input sanitization/output escaping. Exploitation requires authenticated access (contributor+). Wordfence and Red Hat ...
CVE-2024-50417
CVE-2024-50417 is a Missing Authorization vulnerability affecting the Bold Page Builder WordPress plugin up to version 5.1.3, enabling exploitation through incorrectly configured access control. Multiple sources (NVD entry) specify a high-severity impact with CVSS v3.1 scores of 8.8 (I, A, C) and...
CVE-2024-7100
The Bold Page Builder plugin for WordPress is affected by CVE-2024-7100: stored XSS via the bt_bb_button shortcode in versions
CVE-2024-2733
Bold Page Builder for WordPress is affected by CVE-2024-2733: a Stored XSS via the Separator element in all versions up to 4.8.8. Attack requires authentication (Contributor+) and can inject scripts that run when pages are viewed. The linked documents indicate the issue has a patch and that updat...
CVE-2024-3267
CVE-2024-3267 affects the Bold Page Builder WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the bt_bb_price_list shortcode, present in all versions up to and including 4.8.8, caused by insufficient input sanitization and output escaping on user-supplied attributes. T...
CVE-2024-47298
CVE-2024-47298 is a stored XSS in Bold Page Builder (WordPress plugin) up to version 5.1.1, caused by improper input neutralization during page generation. Affected versions are Bold Page Builder
CVE-2024-47391
CVE-2024-47391 affects Bold Page Builder (WordPress plugin) prior to 5.1.1. The vulnerability is a Stored XSS caused by improper neutralization of input during web page generation, enabling an attacker to inject scripts that persist in pages viewed by users. Affected product/version: Bold Page Bu...
CVE-2023-49823
CVE-2023-49823 affects Bold Page Builder (WordPress plugin)