CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49823 – WordPress Bold Page Builder Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49823
05 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en BoldThemes Bold Page Builder permite almacenar XSS. Este problema afecta a Bold Page Builder: desde n/a hasta 4.6.1. The Bold Page Builder plugin for WordPress is vulnerable t... • https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2089 – Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2089
20 Jun 2022 — The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin Bold Page Builder de WordPress versiones anteriores a 4.3.3 no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a los usuarios con altos privilegios, como los administradores, llevar a cabo ataques de Cross-Site Scripting incluso cuando unfi... • https://wpscan.com/vulnerability/9fe7e9d5-7bdf-4ade-9a3c-b4af863fa4e8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24579 – Bold Page Builder < 3.1.6 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2021-24579
02 Aug 2021 — The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases. La acción bt_bb_get_grid AJAX del plugin de WordPress Bold Page Builder versiones anteriores a 3.1.6,... • https://wpscan.com/vulnerability/08edce3f-2746-4886-8439-76e44ec76fa8 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15821 – Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update
https://notcve.org/view.php?id=CVE-2019-15821
23 Aug 2019 — The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. El plugin bold-page-builder anterior de la versión 2.3.2 para WordPress no tiene protección contra la modificación de configuraciones e importación de datos. • https://blog.nintechnet.com/critical-vulnerability-in-wordpress-bold-page-builder-plugin-currently-being-exploited • CWE-862: Missing Authorization •