Browse all 5 CVE security advisories affecting bolt. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bolt is a PHP-based content management system designed for building websites and applications with its templating engine and modular architecture. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The platform's extensibility through plugins has introduced additional attack vectors, with several CVEs documented in areas like file upload handling and authentication bypasses. While no major public security incidents have been widely reported, the consistent discovery of flaws in core components and third-party extensions underscores the importance of regular updates and input sanitization when implementing Bolt-based solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-34086 | Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename — CMSCWE-94 | 8.8AI | HighAI | 2025-07-03 |
| CVE-2024-7300 | Bolt CMS Showcase Creation showcases cross site scripting — CMSCWE-79 | 3.5 | Low | 2024-07-31 |
| CVE-2024-7299 | Bolt CMS Entry Preview page cross site scripting — CMSCWE-79 | 3.5 | Low | 2024-07-31 |
This page lists every published CVE security advisory associated with bolt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.