CVE-2025-0859

by Fred · 06/02/2025

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

More information : https://github.com/BoldGrid/post-and-page-builder/pull/638/commits/10e4d1d96fd2735379049259d15896fa6dd35471

CVE-2025-0859

Similar

Recent Posts

Categories

CVE-2025-0859

Share this:

Similar

Recent Posts

Categories

Tags