Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 10 known issues Latest disclosed Jan 05, 2026

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Vulnerabilities

Q: How many Post and Page Builder by BoldGrid – Visual Drag and Drop Editor vulnerabilities have patch guidance?

10 of 10 tracked Post and Page Builder by BoldGrid – Visual Drag and Drop Editor records include a published patch path.

Review known vulnerability records for the WordPress plugin Post and Page Builder by BoldGrid – Visual Drag and Drop Editor (`post-and-page-builder`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-69345, CVE-2025-52712 and CVE-2025-52711, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jan 14, 2026

Priority CVE Quick Links

Fast paths into Post and Page Builder by BoldGrid – Visual Drag and Drop Editor CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-0859 Medium 1.27.7

CVE-2025-0859 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Vulnerability

Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function

CVE-2025-52713 Medium 1.27.9

CVE-2025-52713 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Server-Side Request Forgery

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Server-Side Request Forgery

CVE-2025-22759 Medium 1.27.6

CVE-2025-22759 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Stored Cross-Site Scripting

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-6848 Medium 1.26.7

CVE-2024-6848 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor File Upload

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload

CVE-2024-4400 Medium 1.26.5

CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Stored Cross-Site Scripting

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting

CVE-2024-2888 Medium 1.26.3

CVE-2024-2888 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Stored Cross-Site Scripting

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-69345 Medium 1.27.10

CVE-2025-69345 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Vulnerability

Post and Page Builder by BoldGrid <= 1.27.9 - Missing Authorization

CVE-2025-52712 Medium 1.27.9

CVE-2025-52712 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Vulnerability

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Path Traversal

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

10 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 0 high severity findings.

Recent CVEs

CVE-2025-69345, CVE-2025-52712 and CVE-2025-52711

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-69345 Medium Patch path listed

CVE-2025-69345: Post and Page Builder by BoldGrid <= 1.27.9 - Missing Authorization

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions...

Published

Jan 05, 2026

Patch Status

1.27.10

Open CVE-2025-69345 Report

CVE-2025-52712 Medium Patch path listed

CVE-2025-52712: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Path Traversal

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.8. This makes it possible...

Published

Jul 22, 2025

Patch Status

1.27.9

Open CVE-2025-52712 Report

CVE-2025-52711 Medium Patch path listed

CVE-2025-52711: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Cross-Site Request Forgery

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.27.8. This is due...

Published

Jun 19, 2025

Patch Status

1.27.9

Open CVE-2025-52711 Report

Known Vulnerabilities

Reports for Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-69345

CVE-2025-69345: Post and Page Builder by BoldGrid <= 1.27.9 - Missing Authorization

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.27.9. This makes it possible for authenticated attackers, with Con...

Published

Jan 05, 2026

Patched Release

1.27.10

Affected Versions

Versions up to 1.27.9

Next Step

Update to 1.27.10 or newer if supported.

Open CVE-2025-69345 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-52712

CVE-2025-52712: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Path Traversal

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform actions o...

Published

Jul 22, 2025

Patched Release

1.27.9

Affected Versions

Versions up to 1.27.8

Next Step

Update to 1.27.9 or newer if supported.

Open CVE-2025-52712 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-52711

CVE-2025-52711: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Cross-Site Request Forgery

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.27.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauth...

Published

Jun 19, 2025

Patched Release

1.27.9

Affected Versions

Versions up to 1.27.8

Next Step

Update to 1.27.9 or newer if supported.

Open CVE-2025-52711 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-52713

CVE-2025-52713: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Server-Side Request Forgery

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.27.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to make...

Published

Jun 19, 2025

Patched Release

1.27.9

Affected Versions

Versions up to 1.27.8

Next Step

Update to 1.27.9 or newer if supported.

Open CVE-2025-52713 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-0859

CVE-2025-0859: Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level ac...

Published

Feb 05, 2025

Patched Release

1.27.7

Affected Versions

Versions up to 1.27.6

Next Step

Update to 1.27.7 or newer if supported.

Open CVE-2025-0859 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-22759

CVE-2025-22759: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.27.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...

Published

Jan 14, 2025

Patched Release

1.27.6

Affected Versions

Versions up to 1.27.5

Next Step

Update to 1.27.6 or newer if supported.

Open CVE-2025-22759 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-6848

CVE-2024-6848: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_ca...

Published

Jul 19, 2024

Patched Release

1.26.7

Affected Versions

Versions up to 1.26.6

Next Step

Update to 1.26.7 or newer if supported.

Open CVE-2024-6848 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4400

CVE-2024-4400: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possib...

Published

May 15, 2024

Patched Release

1.26.5

Affected Versions

Versions up to 1.26.4

Next Step

Update to 1.26.5 or newer if supported.

Open CVE-2024-4400 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-2888

CVE-2024-2888: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Block HTML in all versions up to, and including, 1.26.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Published

Mar 25, 2024

Patched Release

1.26.3

Affected Versions

Versions up to 1.26.2

Next Step

Update to 1.26.3 or newer if supported.

Open CVE-2024-2888 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-25480

CVE-2023-25480: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.24.1. This is due to missing or incorrect nonce validation on the submitDefaultEditor function. This makes it p...

Published

Aug 22, 2023

Patched Release

1.24.2

Affected Versions

Versions up to 1.24.1

Next Step

Update to 1.24.2 or newer if supported.

Open CVE-2023-25480 Report Open CVE Reference