Vulnerabilities > Bold Themes > Bold Page Builder > 4.8.7

DATE CVE VULNERABILITY TITLE RISK
2024-04-09 CVE-2024-3266 Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bold-themes CWE-79
5.4
5.4
2024-04-09 CVE-2024-3267 Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bold-themes CWE-79
5.4
5.4