CVE-2025-52713 MEDIUM

CVE-2025-52713: WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability

Vendor Boldgrid
Product Post and Page Builder by BoldGrid
Weakness CWE-918 · SSRF
Published June 20, 2025
Last update April 28, 2026

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.

Explanation of Vulnerability in Simple Terms

02Summary

The Post and Page Builder by BoldGrid contains a server-side request forgery vulnerability that allows authenticated users to make the site send HTTP requests to internal or external systems on the attacker's behalf. An attacker with low-level site access can exploit this to access internal services, retrieve sensitive data, or interact with external systems. The vulnerability affects versions up to 1.27.8.

What an attacker can do

03Attacker Capabilities

Make the site send HTTP requests to internal or external systems to access data or services.

Potential impact on your site

04Site Impact

Attackers with contributor or editor access can probe internal networks, access cloud metadata, or interact with external APIs on behalf of your site.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege authenticated account on the site.

Key dates

06Disclosure timeline

June 20, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

08Related CVE