CVE-2025-52713 (GCVE-0-2025-52713)

Vulnerability from cvelistv5 – Published: 2025-06-20 15:03 – Updated: 2025-06-23 16:23
VLAI?
Title
WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
Vendor Product Version
BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Affected: n/a , ≤ 1.27.8 (custom)
Create a notification for this product.
Credits
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T16:14:32.794414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T16:23:08.597Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "post-and-page-builder",
          "product": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor",
          "vendor": "BoldGrid",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.27.9",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.27.8",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eServer-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor allows Server Side Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor: from n/a through 1.27.8.\u003c/p\u003e"
            }
          ],
          "value": "Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor: from n/a through 1.27.8."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-664",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-664 Server Side Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-20T15:03:36.364Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin to the latest available version (at least 1.27.9)."
            }
          ],
          "value": "Update the WordPress Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin to the latest available version (at least 1.27.9)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin \u003c= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-52713",
    "datePublished": "2025-06-20T15:03:36.364Z",
    "dateReserved": "2025-06-19T10:02:14.559Z",
    "dateUpdated": "2025-06-23T16:23:08.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52713\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2025-06-20T15:15:32.497\",\"lastModified\":\"2025-06-23T20:16:40.143\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor: from n/a through 1.27.8.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de server-side request forgery (SSRF) en BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor permite server-side request forgery. Este problema afecta a Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor: desde n/d hasta la versi\u00f3n 1.27.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://patchstack.com/database/wordpress/plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2025-06-20T15:03:36.364Z\"}, \"title\": \"WordPress Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor plugin \u003c= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-664\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-664 Server Side Request Forgery\"}]}], \"affected\": [{\"vendor\": \"BoldGrid\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\", \"packageName\": \"post-and-page-builder\", \"product\": \"Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor\", \"versions\": [{\"lessThanOrEqual\": \"1.27.8\", \"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"changes\": [{\"at\": \"1.27.9\", \"status\": \"unaffected\"}]}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor: from n/a through 1.27.8.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003cp\u003eServer-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor allows Server Side Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor: from n/a through 1.27.8.\u003c/p\u003e\"}]}], \"references\": [{\"tags\": [\"vdb-entry\"], \"url\": \"https://patchstack.com/database/wordpress/plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"baseScore\": 6.4, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"baseSeverity\": \"MEDIUM\", \"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"version\": \"3.1\"}}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Update the WordPress Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor plugin to the latest available version (at least 1.27.9).\"}], \"value\": \"Update the WordPress Post and Page Builder by BoldGrid \\u2013 Visual Drag and Drop Editor plugin to the latest available version (at least 1.27.9).\"}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tr\\u01b0\\u01a1ng H\\u1eefu Ph\\u00fac (truonghuuphuc) (Patchstack Alliance)\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52713\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-23T16:14:32.794414Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-23T16:14:34.330Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52713\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Patchstack\", \"dateReserved\": \"2025-06-19T10:02:14.559Z\", \"datePublished\": \"2025-06-20T15:03:36.364Z\", \"dateUpdated\": \"2025-06-23T16:23:08.597Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.