{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0859", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-29T21:10:39.430Z", "datePublished": "2025-02-06T09:21:17.984Z", "dateUpdated": "2026-04-08T16:36:12.200Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:12.200Z"}, "affected": [{"vendor": "boldgrid", "product": "Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.27.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/111a1e7f-bc87-4130-a0b2-422d0f98afb6?source=cve"}, {"url": "https://wordpress.org/plugins/post-and-page-builder/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/post-and-page-builder/trunk/includes/class-boldgrid-editor-preview.php#L178"}, {"url": "https://plugins.trac.wordpress.org/changeset?old=3234175&old_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php&new=3234175&new_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php"}, {"url": "https://github.com/BoldGrid/post-and-page-builder/pull/638/commits/10e4d1d96fd2735379049259d15896fa6dd35471"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2025-02-05T20:32:49.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0859", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-06T13:59:28.218248Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:51:10.464Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:boldgrid:post_and_page_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "469FDBFB-A9C4-4C1E-85DA-7235C7415863", "versionEndExcluding": "1.27.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Post and Page Builder de BoldGrid \u2013 Visual Drag and Drop Editor para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 1.27.6 incluida a trav\u00e9s de la funci\u00f3n template_via_url(). Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-0859", "lastModified": "2025-03-19T20:35:32.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-02-06T10:15:08.340", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://github.com/BoldGrid/post-and-page-builder/pull/638/commits/10e4d1d96fd2735379049259d15896fa6dd35471"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/post-and-page-builder/trunk/includes/class-boldgrid-editor-preview.php#L178"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?old=3234175&old_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php&new=3234175&new_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/post-and-page-builder/#developers"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/111a1e7f-bc87-4130-a0b2-422d0f98afb6?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T12:04:44.864212+00:00", "value": {"mitigation_remediation": ["Update the Post and Page Builder plugin to version 1.27.7 or later, which resolves the path traversal issue.", "Restrict Contributor\u2011level access to trusted users and review roles to reduce the risk of an attacker gaining the necessary permissions.", "Enable or review file\u2011access audit logs on the web server to detect unauthorized reads of sensitive files."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read of Server Files"}, "threat_synthesis": {"affected_systems": "WordPress sites running the BoldGrid Post and Page Builder plugin, specifically version 1.27.6 or any earlier release. The vulnerability impacts users who have contributed privileges or higher within WordPress, and the affected product is listed under the BoldGrid vendor on the WordPress plugin repository.", "description_and_impact": "The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress contains a Path Traversal flaw in all versions up to and including 1.27.6. The flaw is triggered by the template_via_url() function, allowing an authenticated attacker with at least Contributor-level access to read the contents of arbitrary files located on the server. The vulnerability is a classic directory traversal issue (CWE\u201122) and can expose sensitive configuration, credentials or other critical files if the file paths are not properly validated.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate risk, while the EPSS score indicates a very low probability of exploitation (<1\u202f%). The vulnerability is not listed in the CISA KEV catalog. An attacker would need valid contributor credentials and would exploit the path traversal via the template_via_url function to read unintended files. The attack vector is therefore authenticated, and the user must have at least Contributor privileges to exploit the flaw."}}}}, "created": "2026-04-28T12:15:30.889019+00:00", "updated": "2026-04-28T12:15:30.889030+00:00", "vendors": []}