Vulnerabilities > Boldgrid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-27 | CVE-2024-13907 | Server-Side Request Forgery (SSRF) vulnerability in Boldgrid Total Upkeep The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. | 6.5 |
| 2025-02-06 | CVE-2025-0859 | Path Traversal vulnerability in Boldgrid Post and Page Builder The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. | 6.5 |
| 2025-01-15 | CVE-2025-22759 | Cross-site Scripting vulnerability in Boldgrid Post and Page Builder BY Boldgrid - Visual Drag and Drop Editor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4. | 5.4 |
| 2025-01-14 | CVE-2024-12006 | Missing Authorization vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. | 5.3 |
| 2025-01-14 | CVE-2024-12008 | Unspecified vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. | 7.5 |
| 2025-01-14 | CVE-2024-12365 | Missing Authorization vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. | 8.5 |
| 2024-09-25 | CVE-2023-5359 | Cleartext Storage of Sensitive Information vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. | 7.5 |
| 2024-07-20 | CVE-2024-6848 | Cross-site Scripting vulnerability in Boldgrid Post and Page Builder The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. | 5.4 |
| 2024-05-16 | CVE-2024-4400 | Cross-site Scripting vulnerability in Boldgrid Post and Page Builder The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-26 | CVE-2024-2888 | Unspecified vulnerability in Boldgrid Post and Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. | 5.4 |