Bold-themes Bold Page Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Bold-themes Bold Page Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2021-24579 — CVSS 8.8 (high): The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function…
CVE-2019-15821 — CVSS 7.5 (high): The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.
CVE-2024-53801 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder…
CVE-2024-30179 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows…
CVE-2024-30442 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows…
CVE-2024-47391 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder…
CVE-2024-47298 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder…
CVE-2023-49823 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows…
CVE-2024-7100 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_button shortcode in all…
CVE-2024-1159 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up…
CVE-2024-2734 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to…
CVE-2024-2735 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to…
CVE-2024-2736 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including…
CVE-2024-3266 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up…
CVE-2024-3267 — CVSS 6.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all…
CVE-2024-2733 — CVSS 5.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all…
CVE-2024-1160 — CVSS 5.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to…
CVE-2024-1157 — CVSS 5.4 (medium): The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to…
CVE-2024-54382 — CVSS 4.9 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in boldthemes Bold Page Builder…
CVE-2022-2089 — CVSS 4.8 (medium): The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege…