Browse all 43 CVE security advisories affecting boldgrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.
BoldGrid operates as a WordPress plugin and theme provider, primarily targeting small business owners and agencies seeking an integrated website building solution. Security audits have identified forty-three distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these flaws predominantly involve Cross-Site Scripting (XSS) and SQL Injection, stemming from insufficient input validation and improper sanitization of user-supplied data. Several incidents also highlight privilege escalation risks, where authenticated users could exploit weak access controls to perform administrative actions. The platform’s architecture, which tightly couples themes with plugins, has occasionally amplified the blast radius of individual vulnerabilities. While no massive data breaches have been publicly confirmed, the high volume of disclosed CVEs indicates a pattern of delayed patching or recurring coding errors in core components. Users are advised to maintain strict update protocols to mitigate these persistent exposure vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-22512 | WordPress Help Scout Plugin <= 6.5.6 - Broken Access Control vulnerability — Help ScoutCWE-862 | 4.3 | Medium | 2025-01-07 |
This page lists every published CVE security advisory associated with boldgrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.