Cross-Site Scripting Vulnerability in Bold Page Builder by BoldThemes
CVE-2025-66057
6.3MEDIUM
What is CVE-2025-66057?
The Bold Page Builder plugin presents a significant cross-site scripting (XSS) vulnerability, particularly affecting versions up to 5.5.2. This flaw arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that are executed in the context of the victim's browser. This could lead to unauthorized actions or data exposure, posing serious security risks for users and their websites.
Affected Version(s)
Bold Page Builder <= n/a
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
TarcĂsio Luchesi(Poystick) | Patchstack Bug Bounty Program