RSS   Vulnerabilities for 'Bold page builder'   RSS

2022-07-11
 
CVE-2022-2089

CWE-79
 

 
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

 
2021-08-30
 
CVE-2021-24579

CWE-502
 

 
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.

 
2019-08-30
 
CVE-2019-15821

CWE-264
 

 
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.

 

 >>> Vendor: Bold-themes 2 Products
Bold page builder
Cost calculator


Copyright 2024, cxsecurity.com

 

Back to Top