Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

boldthemes — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting boldthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BoldThemes operates as a prominent developer of premium WordPress themes and plugins, primarily targeting business and portfolio websites. Its extensive product portfolio has historically exposed users to significant security risks, resulting in fifty recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution, Cross-Site Scripting, and Privilege Escalation, often stemming from insufficient input validation and weak authentication mechanisms in older plugin versions. While the company has implemented security patches for identified flaws, the sheer volume of past incidents highlights systemic challenges in maintaining code integrity across a large, diverse suite of products. Users are advised to prioritize regular updates and rigorous security auditing to mitigate the inherent risks associated with these widely deployed WordPress extensions.

Top products by boldthemes: Bold Page Builder Bold Timeline Lite Bello - Directory & Listing ReConstruction Avantage Medicare Amwerk Goldenblatt Addison DentiCare Codiqa Ippsum Nestin Travelicious Celeste
CVE IDTitleCVSSSeverityPublished
CVE-2024-52417 WordPress ReConstruction theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — ReConstructionCWE-79 7.1 High2024-11-18
CVE-2024-47298 WordPress Bold Page Builder plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-10-06
CVE-2024-47391 WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-10-05
CVE-2024-43294 WordPress Bold Timeline Lite plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability — Bold Timeline LiteCWE-79 6.5 Medium2024-08-18
CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode — Bold Page BuilderCWE-79 6.4 Medium2024-07-30
CVE-2024-2735 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element — Bold Page BuilderCWE-79 6.4 Medium2024-04-10
CVE-2024-2736 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags — Bold Page BuilderCWE-79 6.4 Medium2024-04-10
CVE-2024-2734 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features — Bold Page BuilderCWE-79 6.4 Medium2024-04-10
CVE-2024-2733 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element — Bold Page BuilderCWE-79 5.4 Medium2024-04-10
CVE-2024-3267 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode — Bold Page BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-3266 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute — Bold Page BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-30442 WordPress Bold Page Builder plugin <= 4.8.0 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-03-29
CVE-2024-30179 WordPress Bold Page Builder plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79 6.5 Medium2024-03-27
CVE-2024-1159 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content — Bold Page BuilderCWE-79 6.4 Medium2024-02-13
CVE-2024-1157 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL — Bold Page BuilderCWE-79 5.4 Medium2024-02-13
CVE-2024-1160 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link — Bold Page BuilderCWE-79 5.4 Medium2024-02-13
CVE-2023-49823 WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) — Bold Page BuilderCWE-79 6.5 Medium2023-12-15
CVE-2021-24319 Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS — Bello - Directory & ListingCWE-79 5.4 -2021-06-01
CVE-2021-24321 Bello < 1.6.0 - Unauthenticated Blind SQL Injection — Bello - Directory & ListingCWE-89 8.8 -2021-06-01
CVE-2021-24320 Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS — Bello - Directory & ListingCWE-79 7.2 -2021-06-01

This page lists every published CVE security advisory associated with boldthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.