Description
Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9.
Published: 2026-01-06
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows users to perform actions in the Post and Page Builder plugin beyond what their role should permit. An attacker with compromised or misconfigured credentials could create, edit, or delete WordPress pages and posts, potentially compromising site content and integrity.

Affected Systems

WordPress installations running BoldGrid Post and Page Builder by BoldGrid, versions n/a through 1.27.9.

Risk and Exploitability

The CVSS score of 4.3 indicates low exploitability. EPSS is under 1%, so widespread exploitation is currently unlikely and the vulnerability is not listed in the CISA KEV catalog. Attackers would likely need access to the WordPress administrative interface; the failure of proper access checks is inferred from the description, implying that users with low‑level roles could execute privileged plugin actions.

Generated by OpenCVE AI on April 28, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update BoldGrid Post and Page Builder to a version newer than 1.27.9.
  • If an immediate update is not feasible, disable or remove the plugin from the site and block its usage via role restrictions.
  • Verify that all WordPress role‑based permissions are correctly configured so that only authorized users can access the plugin’s administrative interface.

Generated by OpenCVE AI on April 28, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Wed, 07 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Boldgrid
Boldgrid post And Page Builder
Wordpress
Wordpress wordpress
Vendors & Products Boldgrid
Boldgrid post And Page Builder
Wordpress
Wordpress wordpress

Tue, 06 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 06 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Tue, 06 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9.
Title WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Boldgrid Post And Page Builder
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:37.951Z

Reserved: 2025-12-31T20:12:28.143Z

Link: CVE-2025-69345

cve-icon Vulnrichment

Updated: 2026-01-06T19:46:11.424Z

cve-icon NVD

Status : Deferred

Published: 2026-01-06T17:15:46.987

Modified: 2026-04-27T21:16:24.547

Link: CVE-2025-69345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T18:30:37Z

Weaknesses