CVE-2025-22759

CVE Database · CVE-2025-22759

CVE-2025-22759

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.30%

Published

Jan 15, 2025

Modified

Apr 23, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Stored XSS.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.5.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-79

Affected Products (1)

boldgrid · post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor (up to 1.27.6)vulnerable

References (1)

https://patchstack.com/database/Wordpress/Plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-4-cross-site-scripting-xss-vulnerability?_s_id=cve

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs