Cross-Site Request Forgery Vulnerability in BoldGrid Post and Page Builder by BoldGrid
CVE-2025-52711

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Post And Page Builder By Boldgrid – Visual Drag And Drop Editor
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-52711?

A Cross-Site Request Forgery (CSRF) vulnerability in the BoldGrid Post and Page Builder allows attackers to execute unauthorized commands on behalf of the user. This weakness can lead to unauthorized changes within the application, as it may enable malicious actors to manipulate or access user data without their consent. Users of the Post and Page Builder should ensure they implement the latest updates to safeguard against this risk.

Affected Version(s)

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8

References

https://patchstack.com/database/wordpress/plugin/post-and...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

WordPress

What is CVE-2025-52711?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit