Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

boldthemes — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting boldthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BoldThemes operates as a prominent developer of premium WordPress themes and plugins, primarily targeting business and portfolio websites. Its extensive product portfolio has historically exposed users to significant security risks, resulting in fifty recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution, Cross-Site Scripting, and Privilege Escalation, often stemming from insufficient input validation and weak authentication mechanisms in older plugin versions. While the company has implemented security patches for identified flaws, the sheer volume of past incidents highlights systemic challenges in maintaining code integrity across a large, diverse suite of products. Users are advised to prioritize regular updates and rigorous security auditing to mitigate the inherent risks associated with these widely deployed WordPress extensions.

Top products by boldthemes: Bold Page Builder Bold Timeline Lite Bello - Directory & Listing ReConstruction Avantage Medicare Amwerk Goldenblatt Addison DentiCare Codiqa Ippsum Nestin Travelicious Celeste
CVE IDTitleCVSSSeverityPublished
CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability — CelesteCWE-502 8.1 High2026-03-05
CVE-2025-68541 WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability — IppsumCWE-502 9.8 Critical2026-02-20
CVE-2025-67997 WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability — TraveliciousCWE-502 9.8 Critical2026-02-20
CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability — NestinCWE-502 9.8 Critical2026-02-20
CVE-2026-25451 WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2026-02-19
CVE-2025-12159 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Bold Page BuilderCWE-79 6.4 Medium2026-02-07
CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid — Bold Page BuilderCWE-79 6.4 Medium2026-02-07
CVE-2025-12803 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode — Bold Page BuilderCWE-80 6.4 Medium2026-02-07
CVE-2025-15267 Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode — Bold Page BuilderCWE-79 6.4 Medium2026-02-07
CVE-2025-68513 WordPress Bold Timeline Lite plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — Bold Timeline LiteCWE-79 6.5 Medium2025-12-24
CVE-2025-64233 WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability — CodiqaCWE-502 9.8 Critical2025-12-18
CVE-2025-54723 WordPress DentiCare Theme < 1.4.3 - PHP Object Injection Vulnerability — DentiCareCWE-502 9.8 Critical2025-12-18
CVE-2025-14032 Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode — Bold Timeline LiteCWE-79 6.4 Medium2025-12-12
CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-11-21
CVE-2025-7730 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter — Bold Page BuilderCWE-79 6.4 Medium2025-10-23
CVE-2025-60216 WordPress Addison theme < 1.4.8 - PHP Object Injection vulnerability — AddisonCWE-502 9.8 Critical2025-10-22
CVE-2025-60214 WordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerability — GoldenblattCWE-502 9.8 Critical2025-10-22
CVE-2025-58194 WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-08-27
CVE-2025-54006 WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-07-16
CVE-2025-52724 WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability — AmwerkCWE-502 9.8 Critical2025-06-27
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter — Bold Page BuilderCWE-79 6.4 Medium2025-05-29
CVE-2025-39495 WordPress Avantage Theme <= 2.4.9 - PHP Object Injection vulnerability — AvantageCWE-502 9.8 Critical2025-05-23
CVE-2025-39499 WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability — MedicareCWE-502 9.8 Critical2025-05-23
CVE-2025-3715 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter — Bold Page BuilderCWE-79 6.4 Medium2025-05-18
CVE-2025-47525 WordPress Bold Page Builder plugin <= 5.3.0 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 5.9 Medium2025-05-07
CVE-2025-47488 WordPress Bold Page Builder plugin <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-05-07
CVE-2023-45110 WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability — Bold Timeline LiteCWE-862 4.3 Medium2025-01-02
CVE-2024-54382 WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability — Bold Page BuilderCWE-22 4.9 Medium2024-12-16
CVE-2024-53801 WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-12-06
CVE-2024-50417 WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability — Bold Page BuilderCWE-862 4.3 Medium2024-11-19

This page lists every published CVE security advisory associated with boldthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.