Filtered by vendor Boldgrid
Subscriptions
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9282 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-07-14 | 7.5 High |
| The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires enabling manual minify mode and supplying a manual-format minify filename so that the hash is empty and the f_array[] entries are not overwritten before reaching setupSources(). | ||||
| CVE-2026-57418 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.13. | ||||
| CVE-2026-57623 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-07-02 | 9 Critical |
| Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions. | ||||
| CVE-2026-39595 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-06-17 | 4.7 Medium |
| Author Broken Access Control in W3 Total Cache <= 2.9.1 versions. | ||||
| CVE-2026-3143 | 2 Boldgrid, Wordpress | 2 Total Upkeep – Wordpress Backup Plugin Plus Restore & Migrate By Boldgrid, Wordpress | 2026-05-04 | 5.3 Medium |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes it possible for unauthenticated attackers to cancel a pending rollback, potentially preventing a WordPress installation from automatically reverting a failed update. | ||||
| CVE-2026-32484 | 2 Boldgrid, Wordpress | 2 Weforms, Wordpress | 2026-04-29 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. | ||||
| CVE-2024-2888 | 1 Boldgrid | 1 Post And Page Builder | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. | ||||
| CVE-2025-69345 | 2 Boldgrid, Wordpress | 2 Post And Page Builder, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9. | ||||
| CVE-2026-39562 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10. | ||||
| CVE-2025-52713 | 1 Boldgrid | 1 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor | 2026-04-23 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8. | ||||
| CVE-2025-52712 | 2 Boldgrid, Wordpress | 2 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor, Wordpress | 2026-04-23 | 4.2 Medium |
| Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8. | ||||
| CVE-2025-52711 | 1 Boldgrid | 1 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8. | ||||
| CVE-2025-22759 | 1 Boldgrid | 1 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Stored XSS.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.5. | ||||
| CVE-2026-32424 | 2 Boldgrid, Wordpress | 2 Sprout Clients, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2. | ||||
| CVE-2026-32401 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-22 | 7.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9. | ||||
| CVE-2026-27384 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-04-22 | 9 Critical |
| Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1. | ||||
| CVE-2025-2257 | 1 Boldgrid | 1 Total Upkeep | 2026-04-22 | 7.2 High |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. | ||||
| CVE-2026-25364 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8. | ||||
| CVE-2025-64229 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. | ||||
| CVE-2025-64227 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. | ||||