{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3715", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-16T07:51:37.859Z", "datePublished": "2025-05-18T05:22:39.619Z", "dateUpdated": "2026-04-08T17:12:36.413Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:36.413Z"}, "affected": [{"vendor": "boldthemes", "product": "Bold Page Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2452dd7-2bb9-4a0c-81db-6699a9b049ae?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.3.5/content_elements_misc/js/content_elements.js"}, {"url": "https://plugins.trac.wordpress.org/changeset/3292512/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "timeline": [{"time": "2025-04-11T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-05-17T16:21:31.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T14:24:44.261949Z", "id": "CVE-2025-3715", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:24:56.083Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3715", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-19T14:24:44.261949Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:24:51.358Z"}}], "cna": {"title": "Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "boldthemes", "product": "Bold Page Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.3.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-11T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-05-17T16:21:31.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2452dd7-2bb9-4a0c-81db-6699a9b049ae?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.3.5/content_elements_misc/js/content_elements.js"}, {"url": "https://plugins.trac.wordpress.org/changeset/3292512/"}], "descriptions": [{"lang": "en", "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:36.413Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3715", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:12:36.413Z", "dateReserved": "2025-04-16T07:51:37.859Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-18T05:22:39.619Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Bold Page Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro data-text en todas las versiones hasta la 5.3.5 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-3715", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-18T06:15:17.717", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.3.5/content_elements_misc/js/content_elements.js"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3292512/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2452dd7-2bb9-4a0c-81db-6699a9b049ae?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:49:01.717424+00:00", "value": {"mitigation_remediation": ["Upgrade Bold Page Builder to the latest available version (5.3.6 or newer).", "If an upgrade is not immediately possible, restrict Contributor+ users from editing or creating page elements that use the data\u2011text parameter or enforce stricter role limits on content authors.", "Apply a Web Application Firewall or a security plugin that can filter out or sanitize user\u2011supplied JavaScript, and regularly review user roles and plugin settings to prevent future XSS exposures."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Bold Page Builder plugin from the vendor Boldthemes. All versions up to and including 5.3.5 are affected; newer releases after 5.3.5 have addressed the issue.", "description_and_impact": "The Bold Page Builder plugin contains an insufficiently sanitized data\u2011text parameter that allows a malicious user to store arbitrary web scripts. An authenticated contributor or higher can embed JavaScript into page content; the script executes whenever a visitor loads the affected page, enabling cookie theft, session hijacking, defacement or other malicious actions. The weakness is a classic input\u2011validation failure identified as CWE\u201179.", "risk_and_exploitability": "The CVSS score of 6.4 categorises the flaw as moderate severity. The EPSS score of less than 1\u202f% indicates a low probability of widespread exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalogue. Attackers need only authenticated Contributor\u2011level access and the ability to edit page elements; no remote code execution is required. The attack vector is likely through the front\u2011end editing interface where the data\u2011text parameter is submitted, so the risk is modest but remains significant for any user who can create or modify pages."}}}}, "created": "2026-04-20T23:00:14.145465+00:00", "updated": "2026-04-20T23:00:14.145478+00:00", "vendors": []}