Description
Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.
Published: 2025-08-14
Score: 4.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a path traversal flaw in the visual drag‑and‑drop editor of the BoldGrid Post and Page Builder plugin. By manipulating the file path parameter in a request to the plugin, an attacker can read any file on the server’s file system, potentially exposing configuration files, passwords, or other sensitive data, thereby compromising confidentiality.

Affected Systems

BoldGrid:Post and Page Builder by BoldGrid, a WordPress plugin. All releases from the initial version through v1.27.8 are affected. Sites running any version of the plugin that is ≤ 1.27.8 are at risk.

Risk and Exploitability

The CVSS score of 4.2 indicates low‑to‑medium severity, and the EPSS score is below 1%, suggesting that real‑world exploitation is unlikely at this time. This vulnerability is not listed in the CISA KEV catalog. The flaw is triggered by an HTTP request to the plugin’s endpoint, so the likely attack vector is remote exploitation by any visitor who can send crafted requests to the WordPress site.

Generated by OpenCVE AI on April 30, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the BoldGrid Post and Page Builder plugin to a version newer than 1.27.8, if an update is available from the vendor.
  • If no update is available, restrict access to the plugin’s file‑handling endpoints by configuring web‑server rules or firewall rules to block or validate incoming requests.
  • Ensure that any path parameters used by the plugin are properly sanitized and canonicalized; consider disabling any endpoints that expose local files if not required for site functionality.

Generated by OpenCVE AI on April 30, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24782 Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Thu, 14 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Boldgrid
Boldgrid post And Page Builder By Boldgrid - Visual Drag And Drop Editor
Wordpress
Wordpress wordpress
Vendors & Products Boldgrid
Boldgrid post And Page Builder By Boldgrid - Visual Drag And Drop Editor
Wordpress
Wordpress wordpress

Thu, 14 Aug 2025 10:45:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Title WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Boldgrid Post And Page Builder By Boldgrid - Visual Drag And Drop Editor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:17.196Z

Reserved: 2025-06-19T10:02:14.559Z

Link: CVE-2025-52712

cve-icon Vulnrichment

Updated: 2025-08-14T15:54:51.593Z

cve-icon NVD

Status : Deferred

Published: 2025-08-14T11:15:41.613

Modified: 2026-04-23T15:32:03.983

Link: CVE-2025-52712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T16:30:16Z

Weaknesses