Vulnerabilities > Boldgrid

DATE CVE VULNERABILITY TITLE RISK
2025-02-27 CVE-2024-13907 Server-Side Request Forgery (SSRF) vulnerability in Boldgrid Total Upkeep
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function.
network
low complexity
boldgrid CWE-918
6.5
2025-02-06 CVE-2025-0859 Path Traversal vulnerability in Boldgrid Post and Page Builder
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function.
network
low complexity
boldgrid CWE-22
6.5
2025-01-15 CVE-2025-22759 Cross-site Scripting vulnerability in Boldgrid Post and Page Builder BY Boldgrid - Visual Drag and Drop Editor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4.
network
low complexity
boldgrid CWE-79
5.4
2025-01-14 CVE-2024-12006 Missing Authorization vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1.
network
low complexity
boldgrid CWE-862
5.3
2025-01-14 CVE-2024-12008 Unspecified vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file.
network
low complexity
boldgrid
7.5
2025-01-14 CVE-2024-12365 Missing Authorization vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1.
network
low complexity
boldgrid CWE-862
8.5
2024-09-25 CVE-2023-5359 Cleartext Storage of Sensitive Information vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source.
network
low complexity
boldgrid CWE-312
7.5
2024-07-20 CVE-2024-6848 Cross-site Scripting vulnerability in Boldgrid Post and Page Builder
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint.
network
low complexity
boldgrid CWE-79
5.4
2024-05-16 CVE-2024-4400 Cross-site Scripting vulnerability in Boldgrid Post and Page Builder
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping.
network
low complexity
boldgrid CWE-79
5.4
2024-03-26 CVE-2024-2888 Unspecified vulnerability in Boldgrid Post and Page Builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2.
network
low complexity
boldgrid
5.4