5 matches found
CVE-2024-2888
CVE-2024-2888 is a Stored XSS vulnerability in BoldGrid Post and Page Builder – Visual Drag and Drop Editor for WordPress. The description (shared across sources) states improper input neutralization during web page generation, enabling stored XSS. Affected range is shown as requiring patching up...
CVE-2025-0859
CVE-2025-0859 : Post and Page Builder by BoldGrid – Visual Drag and Drop Editor (WordPress) is affected by a Path Traversal in versions up to 1.27.6 via template_via_url(), enabling authenticated users at Contributor level or higher to read arbitrary server files. The vulnerability is documented ...
CVE-2024-6848
CVE-2024-6848 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor” up to version 1.26.6. The issue is Stored Cross-Site Scripting via file uploads, caused by insufficient input sanitization and output escaping on the boldgrid_canvas_image AJAX endpoint. A...
CVE-2023-25480
CVE-2023-25480 describes a Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor for WordPress. The issue affects versions = 1.24.2. Reported impact categories in the sources include potential unauthorized actions performed on ...
CVE-2024-4400
CVE-2024-4400 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor.” The vulnerability is a Stored Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in versions up to and including 1.26.4. Authentication is requi...