Bold Page Builder
boldthemes
Developer
5.7.1
Latest version
50,000
Installations
No date
Last updated
Vulnerability history
4 present
30 patched
3 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 5.4.806/02/2026
- Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability<= 5.5.306/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode vulnerability<= 5.5.706/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode vulnerability<= 5.5.106/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute vulnerability<= 4.8.802/02/2026
- Cross Site Scripting (XSS) vulnerability<= 5.6.920/01/2026
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability<= 5.1.231/12/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter vulnerability<= 5.3.531/12/2025
- Cross Site Scripting (XSS) vulnerability<= 5.5.227/11/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter vulnerability<= 5.4.523/10/2025
- Cross Site Scripting (XSS) Vulnerability<= 5.4.327/08/2025
- Cross Site Scripting (XSS) Vulnerability<= 5.4.116/07/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter vulnerability<= 5.3.628/05/2025
- Cross Site Scripting (XSS) Vulnerability<= 5.3.007/05/2025
- Cross Site Scripting (XSS) Vulnerability<= 5.3.207/05/2025
- Path Traversal vulnerability<= 5.1.511/12/2024
- Cross Site Scripting (XSS) vulnerability<= 5.2.102/12/2024
- Broken Access Control vulnerability<= 5.1.324/10/2024
- Cross Site Scripting (XSS) vulnerability< 5.1.130/09/2024
- Cross Site Scripting (XSS) vulnerability<= 5.1.124/09/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode vulnerability<= 5.0.230/07/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 4.8.811/04/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 4.8.811/04/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 4.8.811/04/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 4.8.811/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode vulnerability<= 4.8.808/04/2024
- Cross Site Scripting (XSS) vulnerability<= 4.8.028/03/2024
- Cross Site Scripting (XSS) vulnerability<= 4.7.625/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content vulnerability<= 4.8.014/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link vulnerability<= 4.8.013/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL vulnerability<= 4.8.013/02/2024
- Cross Site Scripting (XSS) vulnerability<= 4.6.105/12/2023
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.3.220/06/2022
- PHP Object Injection vulnerability<= 3.1.502/08/2021