WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25480

8.8HIGH

Key Information:

Vendor: WordPress
Status: Post And Page Builder By Boldgrid – Visual Drag And Drop Editor
Vendor: CVE Published:; 6 October 2023

What is CVE-2023-25480?

This vulnerability involves a Cross-Site Request Forgery (CSRF) flaw found in versions of the BoldGrid Post and Page Builder plugin v1.24.1 and earlier. It allows an attacker to trick a user into submitting unwanted actions on a web application in which they are authenticated. By exploiting this flaw, malicious entities could potentially manipulate site content without the user's consent, posing significant security risks to affected WordPress sites.

Affected Version(s)

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1

References

https://patchstack.com/database/vulnerability/post-and-pa...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2023
Vulnerability Reserved
Feb 6, 2023

Credit

Rio Darmawan (Patchstack Alliance)