Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

boldthemes — Vulnerabilities & Security Advisories 51

Browse all 51 CVE security advisories affecting boldthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BoldThemes operates as a prominent developer of premium WordPress themes and plugins, primarily targeting business and portfolio websites. Its extensive product portfolio has historically exposed users to significant security risks, resulting in fifty recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution, Cross-Site Scripting, and Privilege Escalation, often stemming from insufficient input validation and weak authentication mechanisms in older plugin versions. While the company has implemented security patches for identified flaws, the sheer volume of past incidents highlights systemic challenges in maintaining code integrity across a large, diverse suite of products. Users are advised to prioritize regular updates and rigorous security auditing to mitigate the inherent risks associated with these widely deployed WordPress extensions.

Found 32 results / 51Clear Filters
Top products by boldthemes: Bold Page Builder Bold Timeline Lite Bello - Directory & Listing ReConstruction Avantage Medicare Amwerk Goldenblatt Addison DentiCare Codiqa Ippsum Nestin Travelicious Celeste
CVE IDTitleCVSSSeverityPublished
CVE-2026-3694 Bold Page Builder <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode — Bold Page BuilderCWE-79 6.4 Medium2026-05-14
CVE-2026-25451 WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2026-02-19
CVE-2025-12159 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Bold Page BuilderCWE-79 6.4 Medium2026-02-07
CVE-2025-13463 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid — Bold Page BuilderCWE-79 6.4 Medium2026-02-07
CVE-2025-12803 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode — Bold Page BuilderCWE-80 6.4 Medium2026-02-07
CVE-2025-15267 Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode — Bold Page BuilderCWE-79 6.4 Medium2026-02-07
CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-11-21
CVE-2025-7730 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter — Bold Page BuilderCWE-79 6.4 Medium2025-10-23
CVE-2025-58194 WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-08-27
CVE-2025-54006 WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-07-16
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter — Bold Page BuilderCWE-79 6.4 Medium2025-05-29
CVE-2025-3715 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter — Bold Page BuilderCWE-79 6.4 Medium2025-05-18
CVE-2025-47525 WordPress Bold Page Builder plugin <= 5.3.0 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 5.9 Medium2025-05-07
CVE-2025-47488 WordPress Bold Page Builder plugin <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79 6.5 Medium2025-05-07
CVE-2024-54382 WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability — Bold Page BuilderCWE-22 4.9 Medium2024-12-16
CVE-2024-53801 WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-12-06
CVE-2024-50417 WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability — Bold Page BuilderCWE-862 4.3 Medium2024-11-19
CVE-2024-47298 WordPress Bold Page Builder plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-10-06
CVE-2024-47391 WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-10-05
CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode — Bold Page BuilderCWE-79 6.4 Medium2024-07-30
CVE-2024-2736 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags — Bold Page BuilderCWE-79 6.4 Medium2024-04-10
CVE-2024-2735 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element — Bold Page BuilderCWE-79 6.4 Medium2024-04-10
CVE-2024-2734 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features — Bold Page BuilderCWE-79 6.4 Medium2024-04-10
CVE-2024-2733 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element — Bold Page BuilderCWE-79 5.4 Medium2024-04-10
CVE-2024-3267 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode — Bold Page BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-3266 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute — Bold Page BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-30442 WordPress Bold Page Builder plugin <= 4.8.0 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-03-29
CVE-2024-30179 WordPress Bold Page Builder plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-03-27
CVE-2024-1157 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL — Bold Page BuilderCWE-79 5.4 Medium2024-02-13
CVE-2024-1159 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content — Bold Page BuilderCWE-79 6.4 Medium2024-02-13

This page lists every published CVE security advisory associated with boldthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.