Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

boldgrid — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting boldgrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BoldGrid operates as a WordPress plugin and theme provider, primarily targeting small business owners and agencies seeking an integrated website building solution. Security audits have identified forty-three distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these flaws predominantly involve Cross-Site Scripting (XSS) and SQL Injection, stemming from insufficient input validation and improper sanitization of user-supplied data. Several incidents also highlight privilege escalation risks, where authenticated users could exploit weak access controls to perform administrative actions. The platform’s architecture, which tightly couples themes with plugins, has occasionally amplified the blast radius of individual vulnerabilities. While no massive data breaches have been publicly confirmed, the high volume of disclosed CVEs indicates a pattern of delayed patching or recurring coding errors in core components. Users are advised to maintain strict update protocols to mitigate these persistent exposure vectors.

Top products by boldgrid: W3 Total Cache Client Invoicing by Sprout Invoices Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Post and Page Builder by BoldGrid Sprout Clients weForms – Easy Drag & Drop Contact Form Builder For WordPress BoldGrid Easy SEO – Simple and Effective SEO weForms Total Upkeep Help Scout
CVE IDTitleCVSSSeverityPublished
CVE-2023-5359 W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext — W3 Total CacheCWE-200 3.7 Low2024-09-24
CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload — Post and Page Builder by BoldGrid – Visual Drag and Drop EditorCWE-79 6.4 Medium2024-07-20
CVE-2024-24869 WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability — Total UpkeepCWE-22 7.5 High2024-05-17
CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting — Post and Page Builder by BoldGrid – Visual Drag and Drop EditorCWE-79 6.4 Medium2024-05-16
CVE-2024-2950 BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure — BoldGrid Easy SEO – Simple and Effective SEOCWE-200 5.3 Medium2024-04-06
CVE-2024-1692 BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description — BoldGrid Easy SEO – Simple and Effective SEOCWE-79 6.4 Medium2024-03-30
CVE-2024-2888 WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability — Post and Page Builder by BoldGrid – Visual Drag and Drop EditorCWE-79 6.5 Medium2024-03-26
CVE-2024-0386 weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer — weForms – Easy Drag & Drop Contact Form Builder For WordPressCWE-79 7.2 High2024-03-12
CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF) — Post and Page Builder by BoldGrid – Visual Drag and Drop EditorCWE-352 4.3 Medium2023-10-06
CVE-2022-4932 Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-862 4.3 Medium2023-03-07
CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context) — W3 Total CacheCWE-79 6.1 -2021-07-19
CVE-2021-24436 W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context) — W3 Total CacheCWE-79 6.1 -2021-07-19
CVE-2021-24427 W3 Total Cache < 2.1.3 - Authenticated Stored XSS — W3 Total CacheCWE-79 4.8 -2021-07-12

This page lists every published CVE security advisory associated with boldgrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.