Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

boldgrid — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting boldgrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BoldGrid operates as a WordPress plugin and theme provider, primarily targeting small business owners and agencies seeking an integrated website building solution. Security audits have identified forty-three distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these flaws predominantly involve Cross-Site Scripting (XSS) and SQL Injection, stemming from insufficient input validation and improper sanitization of user-supplied data. Several incidents also highlight privilege escalation risks, where authenticated users could exploit weak access controls to perform administrative actions. The platform’s architecture, which tightly couples themes with plugins, has occasionally amplified the blast radius of individual vulnerabilities. While no massive data breaches have been publicly confirmed, the high volume of disclosed CVEs indicates a pattern of delayed patching or recurring coding errors in core components. Users are advised to maintain strict update protocols to mitigate these persistent exposure vectors.

Top products by boldgrid: W3 Total Cache Client Invoicing by Sprout Invoices Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Post and Page Builder by BoldGrid Sprout Clients weForms – Easy Drag & Drop Contact Form Builder For WordPress BoldGrid Easy SEO – Simple and Effective SEO weForms Total Upkeep Help Scout
CVE IDTitleCVSSSeverityPublished
CVE-2026-3143 Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-862 5.3 Medium2026-05-01
CVE-2026-39562 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability — Client Invoicing by Sprout InvoicesCWE-862 5.3 Medium2026-04-08
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header — W3 Total CacheCWE-200 7.5 High2026-04-02
CVE-2026-32484 WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability — weFormsCWE-502 8.8 High2026-03-25
CVE-2026-32424 WordPress Sprout Clients plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability — Sprout ClientsCWE-79 6.5 Medium2026-03-13
CVE-2026-32401 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.9 - Local File Inclusion vulnerability — Client Invoicing by Sprout InvoicesCWE-98 7.2 High2026-03-13
CVE-2026-2707 weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API — weForms – Easy Drag & Drop Contact Form Builder For WordPressCWE-79 6.4 Medium2026-03-11
CVE-2026-27384 WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability — W3 Total CacheCWE-1284 9.0 Critical2026-03-05
CVE-2026-25364 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.8 - Broken Access Control vulnerability — Client Invoicing by Sprout InvoicesCWE-862 5.3 Medium2026-02-19
CVE-2025-69345 WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability — Post and Page Builder by BoldGridCWE-862 4.3 Medium2026-01-06
CVE-2025-69028 WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability — weFormsCWE-862 5.3 Medium2025-12-30
CVE-2025-66118 WordPress Sprout Clients plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability — Sprout ClientsCWE-79 7.1 High2025-12-18
CVE-2025-64227 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability — Client Invoicing by Sprout InvoicesCWE-502 9.8 Critical2025-12-18
CVE-2025-64229 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerability — Client Invoicing by Sprout InvoicesCWE-862 4.3 Medium2025-10-29
CVE-2025-52712 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability — Post and Page Builder by BoldGridCWE-35 4.2 Medium2025-08-14
CVE-2020-36848 Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-200 7.5 High2025-07-12
CVE-2025-52711 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability — Post and Page Builder by BoldGridCWE-352 4.3 Medium2025-06-20
CVE-2025-52713 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability — Post and Page Builder by BoldGridCWE-918 6.4 Medium2025-06-20
CVE-2025-31797 WordPress Sprout Clients plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability — Sprout ClientsCWE-79 6.5 Medium2025-04-01
CVE-2025-2257 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-78 7.2 High2025-03-26
CVE-2024-13907 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-918 4.9 Medium2025-02-27
CVE-2025-0859 Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function — Post and Page Builder by BoldGrid – Visual Drag and Drop EditorCWE-22 6.5 Medium2025-02-06
CVE-2025-24606 WordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Control vulnerability — Client Invoicing by Sprout InvoicesCWE-862 6.4 Medium2025-01-27
CVE-2025-22759 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability — Post and Page Builder by BoldGridCWE-79 6.5 Medium2025-01-15
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files — W3 Total CacheCWE-200 5.3 Medium2025-01-14
CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation — W3 Total CacheCWE-862 5.3 Medium2025-01-14
CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery — W3 Total CacheCWE-862 8.5 High2025-01-14
CVE-2025-22512 WordPress Help Scout Plugin <= 6.5.6 - Broken Access Control vulnerability — Help ScoutCWE-862 4.3 Medium2025-01-07
CVE-2024-53819 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.0 - Insecure Direct Object References (IDOR) vulnerability — Client Invoicing by Sprout InvoicesCWE-862 5.3 Medium2024-12-09
CVE-2024-9461 Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-78 7.2 High2024-11-26

This page lists every published CVE security advisory associated with boldgrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.