CVE-2025-5286 – WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability

May 29, 2025

CVE ID : CVE-2025-5286

Published : May 29, 2025, 9:15 a.m. | 15 minutes ago

Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleLa rivista Linux Format conclude le pubblicazioni con il numero 329

Next Article CVE-2025-4687 – Teltonika Networks Remote Management System (RMS) Account Pre-Hijacking Vulnerability

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

JetBrains updates Junie, Gemini API adds embedding model, and more – Daily News Digest

Cyberpunk 2077 Update 2.3 is bringing more vehicle customization, photo mode options, and one amazing new feature — launching this week

The cheapest place to get my games just got even cheaper — get an extra 10% off while you can

Destiny 2: The Edge of Fate reviews open ‘Mixed’ on Steam, with a player count only a fraction of The Final Shape’s — I’m surprised it’s this low after a new expansion

A rare opportunity is here to get an HP gaming laptop for only $500 — NVIDIA RTX graphics and a 144Hz display at a bargain price

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

FOSS Weekly #25.29: End of Ubuntu 24.10, AUR Issue, Terminal Tips, Screenshot Editing and More Linux Stuff

FOSS Weekly #25.29: End of Ubuntu 24.10, AUR Issue, Terminal Tips, Screenshot Editing and More Linux Stuff

Cyberpunk 2077 Update 2.3 is bringing more vehicle customization, photo mode options, and one amazing new feature — launching this week

The cheapest place to get my games just got even cheaper — get an extra 10% off while you can

CVE-2025-5286 – WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability

CVE-2025-7712 – The Madara WordPress Core Plugin Unvalidated File Deletion Vulnerability

CVE-2025-7735 – UNIMAX Hospital Information System SQL Injection

TurboModules & Fabric: Powering the Next Generation of High-Performance Apps⚡

The First Descendant ‘bounces’ a new update as it adds jiggle physics to character models

RM Fiber Optic SC LC ST Connectors Price in India – Best Deals and Competitive Pricing

Google joins OpenAI in adopting Anthropic’s protocol for connecting AI agents – why it matters

Teaching AI to Say ‘I Don’t Know’: A New Dataset Mitigates Hallucinations from Reinforcement Finetuning

CVE-2025-32458 – Quantenna Wi-Fi Chipset Command Injection Vulnerability

Gemma Scope: helping the safety community shed light on the inner workings of language models

ASUS releases fix for AMI bug that lets hackers brick servers

CVE-2025-5286 – WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability

Related Posts