VYPR

Vendor CVEs

Boldgrid

All CVEs

41 total · sorted by risk
  • CVE-2025-64227CriDec 18, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.

  • CVE-2026-27384CriMar 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.

  • CVE-2025-9501CriNov 17, 2025
    risk 0.59cvss 9.0epss 0.19

    The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

  • CVE-2026-32484HigMar 25, 2026
    risk 0.50cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26.

  • CVE-2026-32401HigMar 13, 2026
    risk 0.47cvss 7.2epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a…

  • CVE-2026-5032HigApr 2, 2026
    risk 0.42cvss 7.5epss 0.01

    The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache",…

  • CVE-2025-52713MedJun 20, 2025
    risk 0.42cvss 6.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.

  • CVE-2025-24606MedJan 27, 2025
    risk 0.42cvss 6.4epss 0.00

    Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.

  • CVE-2025-22759MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Stored XSS.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.5.

  • CVE-2024-2888MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop…

  • CVE-2026-2707MedMar 11, 2026
    risk 0.35cvss 6.4epss 0.00

    The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When…

  • CVE-2024-4400MedMay 16, 2024
    risk 0.35cvss 6.4epss 0.00

    The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2026-39562MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.

  • CVE-2026-25364MedFeb 19, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8.

  • CVE-2025-69028MedDec 30, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.

  • CVE-2024-53819MedDec 9, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.0.

  • CVE-2024-2950MedApr 6, 2024
    risk 0.34cvss 5.3epss 0.01

    The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters…

  • CVE-2025-69345MedJan 6, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9.

  • CVE-2025-64229MedOct 29, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.

  • CVE-2025-52711MedJun 20, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.

  • CVE-2022-4932MedMar 7, 2023
    risk 0.28cvss 4.3epss 0.01

    The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated…

  • CVE-2026-3143MedMay 1, 2026
    risk 0.27cvss 5.3epss 0.00

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes…

  • CVE-2025-52712MedAug 14, 2025
    risk 0.27cvss 4.2epss 0.00

    Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.

  • CVE-2024-12008Jan 14, 2025
    risk 0.03cvss epss 0.02

    The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed…

  • CVE-2020-36848Jul 12, 2025
    risk 0.02cvss epss 0.01

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for…

  • CVE-2024-12365Jan 14, 2025
    risk 0.02cvss epss 0.02

    The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access…

  • CVE-2024-9461Nov 26, 2024
    risk 0.01cvss epss 0.01

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization.…

  • CVE-2025-2257Mar 26, 2025
    risk 0.00cvss epss 0.01

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level…

  • CVE-2024-13907Feb 27, 2025
    risk 0.00cvss epss 0.00

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with…

  • CVE-2025-0859Feb 6, 2025
    risk 0.00cvss epss 0.01

    The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level…

  • CVE-2024-12006Jan 14, 2025
    risk 0.00cvss epss 0.00

    The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as…

  • CVE-2023-5359Sep 24, 2024
    risk 0.00cvss epss 0.01

    The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3…

  • CVE-2024-6848Jul 20, 2024
    risk 0.00cvss epss 0.00

    The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the…

  • CVE-2024-24869May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a through 1.15.8.

  • CVE-2023-25480Oct 6, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.

  • CVE-2021-24787Nov 17, 2021
    risk 0.00cvss epss 0.01

    The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

  • CVE-2021-24452Jul 19, 2021
    risk 0.00cvss epss 0.02

    The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is…

  • CVE-2021-24436Jul 19, 2021
    risk 0.00cvss epss 0.02

    The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an…

  • CVE-2021-24427Jul 12, 2021
    risk 0.00cvss epss 0.01

    The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue

  • CVE-2014-9414Dec 24, 2014
    risk 0.00cvss epss 0.01

    The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI…

  • CVE-2014-8724Dec 19, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the…