Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bold Page Builder — Vulnerabilities & Security Advisories 34

All 34 CVE vulnerabilities found in Bold Page Builder, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerabilities for Bold Page Builder, a WordPress plugin developed by Bold Themes, focusing on common weakness types such as cross-site scripting and injection flaws. It collects detailed records of disclosed security issues affecting this specific product, covering incidents reported from early 2019 through mid-2024 to provide a comprehensive historical view of its security posture. Here, users can discover a complete timeline of advisories issued by the vendor and security researchers, allowing them to track how quickly patches were deployed for critical flaws. The resource also enables security professionals to understand the broader context of weakness classes prevalent in similar WordPress plugins, offering insights into common coding errors and misconfigurations. Visitors can look up the complete vulnerability history of Bold Page Builder to assess the impact of specific releases or identify patterns in recurring security defects. This centralized aggregation serves as a reference for developers, security auditors, and website administrators seeking to evaluate the risks associated with running this page builder in production environments. By consolidating disparate reports into a single accessible location, the page facilitates efficient risk assessment and informed decision-making regarding plugin maintenance and updates.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-3694 Bold Page Builder <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode CWE-79 6.4 Medium2026-05-14
CVE-2026-25451 WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-02-19
CVE-2025-12159 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2026-02-07
CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid CWE-79 6.4 Medium2026-02-07
CVE-2025-12803 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode CWE-80 6.4 Medium2026-02-07
CVE-2025-15267 Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode CWE-79 6.4 Medium2026-02-07
CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-11-21
CVE-2025-7730 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter CWE-79 6.4 Medium2025-10-23
CVE-2025-58194 WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability CWE-79 6.5 Medium2025-08-27
CVE-2025-54006 WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability CWE-79 6.5 Medium2025-07-16
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter CWE-79 6.4 Medium2025-05-29
CVE-2025-3715 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter CWE-79 6.4 Medium2025-05-18
CVE-2025-47525 WordPress Bold Page Builder plugin <= 5.3.0 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-05-07
CVE-2025-47488 WordPress Bold Page Builder plugin <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability CWE-79 6.5 Medium2025-05-07
CVE-2024-54382 WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability CWE-22 4.9 Medium2024-12-16
CVE-2024-53801 WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-12-06
CVE-2024-50417 WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-11-19
CVE-2024-47298 WordPress Bold Page Builder plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-10-06
CVE-2024-47391 WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-10-05
CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode CWE-79 6.4 Medium2024-07-30
CVE-2024-2736 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CWE-79 6.4 Medium2024-04-10
CVE-2024-2735 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element CWE-79 6.4 Medium2024-04-10
CVE-2024-2734 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features CWE-79 6.4 Medium2024-04-10
CVE-2024-2733 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element CWE-79 5.4 Medium2024-04-10
CVE-2024-3267 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode CWE-79 6.4 Medium2024-04-09
CVE-2024-3266 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute CWE-79 6.4 Medium2024-04-09
CVE-2024-30442 WordPress Bold Page Builder plugin <= 4.8.0 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-03-29
CVE-2024-30179 WordPress Bold Page Builder plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-03-27
CVE-2024-1159 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content CWE-79 6.4 Medium2024-02-13
CVE-2024-1157 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL CWE-79 5.4 Medium2024-02-13

All 34 known CVE vulnerabilities affecting Bold Page Builder with full Chinese analysis, references, and POCs where available.