WordPress Plugin Vulnerabilities

Bold Page Builder < 5.1.4 - Missing Authorization

Description

The Bold Page Builder plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 5.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function.

Affects Plugins

Plugin icon
bold-page-builder
Fixed in 5.1.4

References

CVE
CVE-2024-50417
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/12b808a9-93d8-4fd4-b194-044f3a5376b8

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
3e33eed1-c381-4f47-87ef-c402400bcd67

Timeline

Publicly Published
2024-10-24 (about 1 year ago)
Added
2024-10-30 (about 1 year ago)
Last Updated
2024-10-30 (about 1 year ago)

Other

Published
Title
Published
2025-12-25
Title
Simple File List <= 6.1.16 - Missing Authorization
Published
2025-02-26
Title
Events Manager – Calendar, Bookings, Tickets, and more! < 6.6.4.2 - Missing Authorization
Published
2024-08-16
Title
UsersWP < 1.2.16 - Missing Authorization
Published
2023-11-28
Title
LadiApp <= 4.4 - Missing Authorization
Published
2025-07-16
Title
DB Backup <= 6.0 - Missing Authorization