Boldthemes Bold Page Builder
33 CVEs affecting Boldthemes Bold Page Builder. Latest disclosed: 2026-05-14. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25451 | Medium | 6.5 | 2026-02-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Sto… |
CVE-2025-66057 | Medium | 6.5 | 2025-11-21 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM… |
CVE-2025-58194 | Medium | 6.5 | 2025-08-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Sto… |
CVE-2025-54006 | Medium | 6.5 | 2025-07-16 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Sto… |
CVE-2025-47488 | Medium | 6.5 | 2025-05-07 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM… |
CVE-2024-53801 | Medium | 6.5 | 2024-12-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Sto… |
CVE-2024-47298 | Medium | 6.5 | 2024-10-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Sto… |
CVE-2024-47391 | Medium | 6.5 | 2024-10-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Sto… |
CVE-2024-30442 | Medium | 6.5 | 2024-03-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue… |
CVE-2024-30179 | Medium | 6.5 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue… |
CVE-2023-49823 | Medium | 6.5 | 2023-12-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue… |
CVE-2026-3694 | Medium | 6.4 | 2026-05-14 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions… |
CVE-2025-12159 | Medium | 6.4 | 2026-02-07 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and… |
CVE-2025-13463 | Medium | 6.4 | 2026-02-07 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3… |
CVE-2025-12803 | Medium | 6.4 | 2026-02-07 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and includ… |
CVE-2025-15267 | Medium | 6.4 | 2026-02-07 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to… |
CVE-2025-7730 | Medium | 6.4 | 2025-10-23 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5… |
CVE-2024-5647 | Medium | 6.4 | 2025-07-03 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versio… |
CVE-2025-5286 | Medium | 6.4 | 2025-05-29 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and incl… |
CVE-2025-3715 | Medium | 6.4 | 2025-05-18 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5… |