Bold Page Builder

Information

Software Type Plugin
Software Slug bold-page-builder (view on wordpress.org)
Software Status Active
Software Author boldthemes
Software Downloads 2,033,415
Software Active Installs 50,000
Software Record Last Updated November 18, 2024

18 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Bold Page Builder <= 5.1.3 - Missing Authorization Patched CVE-2024-50417 4.3 Trương Hữu Phúc (truonghuuphuc) October 24, 2024
Bold Page Builder <= 5.1.- - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-47391 6.4 Robert DeVore September 30, 2024
Bold Page Builder <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-47298 6.4 stealthcopter September 24, 2024
Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode Patched CVE-2024-7100 6.4 Arkadiusz Hydzik July 29, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags Patched CVE-2024-2736 6.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element Patched CVE-2024-2735 6.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features Patched CVE-2024-2734 6.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element Patched CVE-2024-2733 5.4 João Pedro Soares de Alcântara April 9, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode Patched CVE-2024-3267 6.4 stealthcopter April 5, 2024
Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute Patched CVE-2024-3266 6.4 wesley (wcraft) April 5, 2024
Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Patched CVE-2024-30179 6.4 LVT-tholv2k March 25, 2024
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL Patched CVE-2024-1157 5.4 Nikolas February 12, 2024
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content Patched CVE-2024-1159 6.4 RandomRoot February 12, 2024
Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link Patched CVE-2024-1160 5.4 wesley (wcraft) February 12, 2024
Bold Page Builder <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-49823 6.4 Ngô Thiên An (ancorn_) December 5, 2023
Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2022-2089 5.5 Nikhil Kapoor June 20, 2022
Bold Page Builder <= 3.1.5 - PHP Object Injection Patched CVE-2021-24579 7.5 dc11 August 2, 2021
Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update Patched CVE-2019-15821 7.5 Jerome Bruandet August 23, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation