Vulnerabilities > Boldgrid > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-27 CVE-2024-13907 Server-Side Request Forgery (SSRF) vulnerability in Boldgrid Total Upkeep
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function.
network
low complexity
boldgrid CWE-918
6.5
2025-02-06 CVE-2025-0859 Path Traversal vulnerability in Boldgrid Post and Page Builder
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function.
network
low complexity
boldgrid CWE-22
6.5
2025-01-15 CVE-2025-22759 Cross-site Scripting vulnerability in Boldgrid Post and Page Builder BY Boldgrid - Visual Drag and Drop Editor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4.
network
low complexity
boldgrid CWE-79
5.4
2025-01-14 CVE-2024-12006 Missing Authorization vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1.
network
low complexity
boldgrid CWE-862
5.3
2024-07-20 CVE-2024-6848 Cross-site Scripting vulnerability in Boldgrid Post and Page Builder
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint.
network
low complexity
boldgrid CWE-79
5.4
2024-05-16 CVE-2024-4400 Cross-site Scripting vulnerability in Boldgrid Post and Page Builder
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping.
network
low complexity
boldgrid CWE-79
5.4
2024-03-26 CVE-2024-2888 Unspecified vulnerability in Boldgrid Post and Page Builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2.
network
low complexity
boldgrid
5.4
2023-03-07 CVE-2022-4932 Unspecified vulnerability in Boldgrid Total Upkeep
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13.
network
low complexity
boldgrid
4.3
2021-07-19 CVE-2021-24436 Unspecified vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first.
network
low complexity
boldgrid
6.1
2021-07-19 CVE-2021-24452 Unspecified vulnerability in Boldgrid W3 Total Cache
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping.
network
low complexity
boldgrid
6.1