Vulnerabilities > Boldgrid > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-27 | CVE-2024-13907 | Server-Side Request Forgery (SSRF) vulnerability in Boldgrid Total Upkeep The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. | 6.5 |
2025-02-06 | CVE-2025-0859 | Path Traversal vulnerability in Boldgrid Post and Page Builder The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. | 6.5 |
2025-01-15 | CVE-2025-22759 | Cross-site Scripting vulnerability in Boldgrid Post and Page Builder BY Boldgrid - Visual Drag and Drop Editor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4. | 5.4 |
2025-01-14 | CVE-2024-12006 | Missing Authorization vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. | 5.3 |
2024-07-20 | CVE-2024-6848 | Cross-site Scripting vulnerability in Boldgrid Post and Page Builder The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. | 5.4 |
2024-05-16 | CVE-2024-4400 | Cross-site Scripting vulnerability in Boldgrid Post and Page Builder The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. | 5.4 |
2024-03-26 | CVE-2024-2888 | Unspecified vulnerability in Boldgrid Post and Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. | 5.4 |
2023-03-07 | CVE-2022-4932 | Unspecified vulnerability in Boldgrid Total Upkeep The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. | 4.3 |
2021-07-19 | CVE-2021-24436 | Unspecified vulnerability in Boldgrid W3 Total Cache The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. | 6.1 |
2021-07-19 | CVE-2021-24452 | Unspecified vulnerability in Boldgrid W3 Total Cache The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. | 6.1 |