CVE-2022-2089

CVE-2022-2089: Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Bold Page Builder

Weakness CWE-79 · XSS

Published July 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Key dates

02Disclosure timeline

July 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2089 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-26324 Possible XSS in iManager URL for access Component CVE-2025-26559 WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-1757 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq CVE-2025-6924 Reflected XSS in Talent Software's e-BAP CVE-2025-22661 WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability