VulnerAlert



WORDPRESS
27-10-2025 10:41

CVE-2025-7730 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#cross
#web
#cross-site
#cross-site scripting
#attackers
#authenticated
#arbitrary
#vulnerable
#scripting
#inject
#execute
#attack
#access
Descripción
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, with Contributor-level access above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.
https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.4.2/content_elements/bt_bb_progress_bar/bt_bb_progress_bar.php#L90
https://wordpress.org/plugins/bold-page-builder/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd5d1c7-4be2-457b-bd28-0cb76e9800e5?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-7730
Resultados similares
Coincidentes en almenos en 50% de los tags
28-10-2025 CVE-2025-11735
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable t...
Ver información
28-10-2025 CVE-2025-10145
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por