Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

boldgrid — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting boldgrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BoldGrid operates as a WordPress plugin and theme provider, primarily targeting small business owners and agencies seeking an integrated website building solution. Security audits have identified forty-three distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these flaws predominantly involve Cross-Site Scripting (XSS) and SQL Injection, stemming from insufficient input validation and improper sanitization of user-supplied data. Several incidents also highlight privilege escalation risks, where authenticated users could exploit weak access controls to perform administrative actions. The platform’s architecture, which tightly couples themes with plugins, has occasionally amplified the blast radius of individual vulnerabilities. While no massive data breaches have been publicly confirmed, the high volume of disclosed CVEs indicates a pattern of delayed patching or recurring coding errors in core components. Users are advised to maintain strict update protocols to mitigate these persistent exposure vectors.

Found 6 results / 43Clear Filters
Top products by boldgrid: W3 Total Cache Client Invoicing by Sprout Invoices Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Post and Page Builder by BoldGrid Sprout Clients weForms – Easy Drag & Drop Contact Form Builder For WordPress BoldGrid Easy SEO – Simple and Effective SEO weForms Total Upkeep Help Scout
CVE IDTitleCVSSSeverityPublished
CVE-2026-3143 Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-862 5.3 Medium2026-05-01
CVE-2020-36848 Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-200 7.5 High2025-07-12
CVE-2025-2257 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-78 7.2 High2025-03-26
CVE-2024-13907 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-918 4.9 Medium2025-02-27
CVE-2024-9461 Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-78 7.2 High2024-11-26
CVE-2022-4932 Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridCWE-862 4.3 Medium2023-03-07

This page lists every published CVE security advisory associated with boldgrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.