Cross-Site Scripting Vulnerability in BoldGrid Post and Page Builder by BoldGrid
CVE-2025-22759

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Post And Page Builder By Boldgrid – Visual Drag And Drop Editor
Vendor: CVE Published:; 15 January 2025

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the BoldGrid Post and Page Builder, allowing for stored XSS attacks. This flaw can enable attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data or carrying out unauthorized actions. The vulnerability affects versions from n/a up to 1.27.4, requiring immediate attention to safeguard web applications built with this editor.

Affected Version(s)

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.4

References

https://patchstack.com/database/wordpress/plugin/post-and...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)