Lucene search
+L
Bold-themesBold Page Builder

21 matches found

CVE
CVE
added 2024/03/29 5:13 p.m.78 views

CVE-2024-30442

CVE-2024-30442 affects WordPress Bold Page Builder up to version 4.8.0. The issue is an Improper Neutralization of Input During Web Page Generation, i.e., a Stored XSS in the plugin. Evidence across sources indicates the vulnerable component is the Bold Page Builder plugin (WordPress ecosystem) a...

6.5CVSS5.2AI score0.00312EPSS
CVE
CVE
added 2024/02/13 9:31 a.m.68 views

CVE-2024-1160

CVE-2024-1160 : Bold Page Builder (WordPress) is vulnerable to Stored XSS via the plugin’s Icon Link in all versions up to and including 4.8.0 due to insufficient input sanitization and output escaping. Exploitation requires contributor-level or higher authentication, and scripts execute when use...

5.4CVSS6.8AI score0.00381EPSS
CVE
CVE
added 2022/07/11 12:57 p.m.66 views

CVE-2022-2089

The CVE-2022-2089 entry concerns the WordPress Bold Page Builder plugin prior to 4.3.3. It describes a vulnerability where unsanitized and unescaped settings can allow Cross-Site Scripting (XSS) by high-privilege users (such as admins), even when unfiltered_html is disallowed. The impact is store...

4.8CVSS4.7AI score0.01046EPSS
CVE
CVE
added 2021/08/30 2:11 p.m.64 views

CVE-2021-24579

CVE-2021-24579 affects the Bold Page Builder WordPress plugin (before 3.1.6). The bt_bb_get_grid AJAX action passes user input to unserialize() without validation, enabling PHP Object Injection. Although no gadget was found in the plugin itself to fully exploit, it could enable RCE in some scenar...

8.8CVSS8.8AI score0.08215EPSS
Web
CVE
CVE
added 2024/03/27 11:25 a.m.63 views

CVE-2024-30179

CVE-2024-30179 is a Stored XSS in Bold Page Builder (BoldThemes) caused by improper input neutralization during web page generation. The issue affects Bold Page Builder up to version 4.7.6 (no exposure beyond that is stated in the sources). Public references (NVD/Red Hat/ENISA Wordfence context) ...

6.5CVSS8.6AI score0.00423EPSS
CVE
CVE
added 2024/04/10 4:30 a.m.62 views

CVE-2024-2734

CVE-2024-2734 : Bold Page Builder (WordPress) is vulnerable to Stored Cross-Site Scripting via the plugin’s AI features in versions up to and including 4.8.8. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with C...

6.4CVSS5.7AI score0.0052EPSS
CVE
CVE
added 2019/08/30 12:41 p.m.61 views

CVE-2019-15821

The CVE-2019-15821 entry concerns the WordPress Bold Page Builder plugin (versions before 2.3.2). Affected: Bold Page Builder plugin for WordPress. Vulnerability: lack of access control allows an unauthenticated user to modify plugin settings and import data, enabling unauthorized configuration c...

7.5CVSS7.6AI score0.11019EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.61 views

CVE-2024-3266

CVE-2024-3266 (Bold Page Builder, WordPress) is a Stored XSS vulnerability in the Bold Page Builder plugin via the Widget URL Attribute. Connected sources confirm this affects versions up to and including 4.8.8 and requires at least Contributor-level authentication to exploit. The vulnerability c...

6.4CVSS7.6AI score0.00426EPSS
CVE
CVE
added 2024/12/06 1:7 p.m.58 views

CVE-2024-53801

CVE-2024-53801 : Bold Page Builder (WordPress plugin)

6.5CVSS7.2AI score0.00389EPSS
CVE
CVE
added 2024/12/16 2:31 p.m.58 views

CVE-2024-54382

CVE-2024-54382: Bold Page Builder (WordPress) contains an improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability. Affected: Bold Page Builder versions up to and including 5.1.5 (the description notes impact starts at n/a up to 5.1.5). Impact: potential access t...

4.9CVSS7.2AI score0.02206EPSS
CVE
CVE
added 2024/02/13 9:31 a.m.57 views

CVE-2024-1159

CVE-2024-1159 concerns the Bold Page Builder WordPress plugin. A stored cross-site scripting (XSS) flaw exists in all versions up to and including 4.8.0, caused by insufficient input sanitization and output escaping on shortcode attributes. Exploitation requires authenticated access at contributo...

6.4CVSS6AI score0.00384EPSS
CVE
CVE
added 2024/04/10 4:30 a.m.57 views

CVE-2024-2735

CVE-2024-2735 affects the Bold Page Builder WordPress plugin. It is a Stored XSS via the Price List element in all versions up to 4.8.8 due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access can inject scripts that execute when pages are ...

6.4CVSS5.7AI score0.00516EPSS
CVE
CVE
added 2024/04/10 4:30 a.m.55 views

CVE-2024-2736

The Bold Page Builder plugin for WordPress is affected by CVE-2024-2736: Stored Cross-Site Scripting via HTML Tags in all versions up to 4.8.8 due to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability requires authentication at the Contributor level...

6.4CVSS5.7AI score0.00516EPSS
CVE
CVE
added 2024/02/13 9:31 a.m.54 views

CVE-2024-1157

The CVE concerns Bold Page Builder for WordPress (affected: all versions up to 4.8.0) with a Stored Cross‑Site Scripting (XSS) flaw via the plugin’s button URL due to insufficient input sanitization/output escaping. Exploitation requires authenticated access (contributor+). Wordfence and Red Hat ...

5.4CVSS5.6AI score0.00393EPSS
CVE
CVE
added 2024/11/19 4:30 p.m.54 views

CVE-2024-50417

CVE-2024-50417 is a Missing Authorization vulnerability affecting the Bold Page Builder WordPress plugin up to version 5.1.3, enabling exploitation through incorrectly configured access control. Multiple sources (NVD entry) specify a high-severity impact with CVSS v3.1 scores of 8.8 (I, A, C) and...

8.8CVSS5.9AI score0.01918EPSS
CVE
CVE
added 2024/07/30 6:48 a.m.54 views

CVE-2024-7100

The Bold Page Builder plugin for WordPress is affected by CVE-2024-7100: stored XSS via the bt_bb_button shortcode in versions

6.4CVSS5.7AI score0.00439EPSS
CVE
CVE
added 2024/04/10 3:31 a.m.51 views

CVE-2024-2733

Bold Page Builder for WordPress is affected by CVE-2024-2733: a Stored XSS via the Separator element in all versions up to 4.8.8. Attack requires authentication (Contributor+) and can inject scripts that run when pages are viewed. The linked documents indicate the issue has a patch and that updat...

5.4CVSS5.7AI score0.00516EPSS
CVE
CVE
added 2024/04/09 6:59 p.m.51 views

CVE-2024-3267

CVE-2024-3267 affects the Bold Page Builder WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the bt_bb_price_list shortcode, present in all versions up to and including 4.8.8, caused by insufficient input sanitization and output escaping on user-supplied attributes. T...

6.4CVSS7.6AI score0.00404EPSS
CVE
CVE
added 2024/10/06 11:44 a.m.51 views

CVE-2024-47298

CVE-2024-47298 is a stored XSS in Bold Page Builder (WordPress plugin) up to version 5.1.1, caused by improper input neutralization during page generation. Affected versions are Bold Page Builder

6.5CVSS5.9AI score0.00313EPSS
CVE
CVE
added 2024/10/05 2:44 p.m.48 views

CVE-2024-47391

CVE-2024-47391 affects Bold Page Builder (WordPress plugin) prior to 5.1.1. The vulnerability is a Stored XSS caused by improper neutralization of input during web page generation, enabling an attacker to inject scripts that persist in pages viewed by users. Affected product/version: Bold Page Bu...

6.5CVSS5.9AI score0.00295EPSS
CVE
CVE
added 2023/12/15 3:27 p.m.43 views

CVE-2023-49823

CVE-2023-49823 affects Bold Page Builder (WordPress plugin)

6.5CVSS6.7AI score0.00466EPSS