Bold Page Builder

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Bold Page Builder

Information

Software Type Plugin
Software Slug bold-page-builder (view on wordpress.org)
Software Status Active
Software Author boldthemes
Software Downloads 1,844,222
Software Active Installs 50,000
Software Record Last Updated July 26, 2024

14 Vulnerabilities

Bold Page Builder <= 3.1.5 - PHP Object Injection
7.5
CVE-2021-24579
Aug 2, 2021
Researcher: dc11
Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update
7.5
CVE-2019-15821
Aug 23, 2019
Researcher: Jerome Bruandet
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features
6.4
CVE-2024-2734
Apr 9, 2024
Researcher: João Pedro Soares de Alcântara
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element
6.4
CVE-2024-2735
Apr 9, 2024
Researcher: João Pedro Soares de Alcântara
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
6.4
CVE-2024-2736
Apr 9, 2024
Researcher: João Pedro Soares de Alcântara
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute
6.4
CVE-2024-3266
Apr 5, 2024
Researcher: wesley (wcraft)
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode
6.4
CVE-2024-3267
Apr 5, 2024
Researcher: stealthcopter
Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class
6.4
CVE-2024-30179
Mar 25, 2024
Researcher: LVT-tholv2k
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content
6.4
CVE-2024-1159
Feb 12, 2024
Researcher: RandomRoot
Bold Page Builder <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-49823
Dec 5, 2023
Researcher: Ngô Thiên An (ancorn_)
Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting
5.5
CVE-2022-2089
Jun 20, 2022
Researcher: Nikhil Kapoor
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element
5.4
CVE-2024-2733
Apr 9, 2024
Researcher: João Pedro Soares de Alcântara
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link
5.4
CVE-2024-1160
Feb 12, 2024
Researcher: wesley (wcraft)
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL
5.4
CVE-2024-1157
Feb 12, 2024
Researcher: Nikolas
Title Status CVE ID CVSS Researchers Date
Bold Page Builder <= 3.1.5 - PHP Object Injection Patched CVE-2021-24579 7.5 dc11 August 2, 2021
Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update Patched CVE-2019-15821 7.5 Jerome Bruandet August 23, 2019
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features Patched CVE-2024-2734 6.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element Patched CVE-2024-2735 6.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags Patched CVE-2024-2736 6.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute Patched CVE-2024-3266 6.4 wesley (wcraft) April 5, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode Patched CVE-2024-3267 6.4 stealthcopter April 5, 2024
Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Patched CVE-2024-30179 6.4 LVT-tholv2k March 25, 2024
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content Patched CVE-2024-1159 6.4 RandomRoot February 12, 2024
Bold Page Builder <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-49823 6.4 Ngô Thiên An (ancorn_) December 5, 2023
Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2022-2089 5.5 Nikhil Kapoor June 20, 2022
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element Patched CVE-2024-2733 5.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link Patched CVE-2024-1160 5.4 wesley (wcraft) February 12, 2024
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL Patched CVE-2024-1157 5.4 Nikolas February 12, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation