WordPress Plugin Vulnerabilities

Bold Page Builder < 2.3.2 - Missing Access Controls

Description

The vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do (e.g., modifying settings and importing data).

Affects Plugins

Plugin icon
bold-page-builder
Fixed in 2.3.2

References

CVE
CVE-2019-15821
URL
https://blog.nintechnet.com/critical-vulnerability-in-wordpress-bold-page-builder-plugin-currently-being-exploited/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
7.5 (high)

Miscellaneous

Verified
No
WPVDB ID
4d62fefc-abec-4061-a3b2-d0f0a33643c0

Timeline

Publicly Published
2019-08-23 (about 6 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-20
Title
WordPress RealHomes Theme < 4.3.7 - Privilege Escalation
Published
2025-07-11
Title
The E-Commerce ERP <= 2.1.1.3 - Unauthenticated Privilege Escalation
Published
2018-09-04
Title
Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
Published
2026-02-18
Title
Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation
Published
2025-03-18
Title
BoomBox Theme Extensions < 1.8.1 - Subscriber+ Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password