Cross-Site Scripting Vulnerability in Bold Page Builder by BoldThemes
CVE-2025-66057
6.5MEDIUM
What is CVE-2025-66057?
The Bold Page Builder plugin presents a significant cross-site scripting (XSS) vulnerability, particularly affecting versions up to 5.5.2. This flaw arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that are executed in the context of the victim's browser. This could lead to unauthorized actions or data exposure, posing serious security risks for users and their websites.
Affected Version(s)
Bold Page Builder 0 <= 5.5.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
TarcĂsio Luchesi(Poystick) | Patchstack Bug Bounty Program