boldthemes — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting boldthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by boldthemes:Bold Page Builder Bold Timeline Lite Bello - Directory & Listing ReConstruction Avantage Medicare Amwerk Goldenblatt Addison DentiCare Codiqa Ippsum Nestin Travelicious Celeste

CVE ID	Title	CVSS	Severity	Published
CVE-2026-27369	WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability — CelesteCWE-502	9.8	-	2026-03-05
CVE-2025-68541	WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability — IppsumCWE-502	8.8^AI	High^AI	2026-02-20
CVE-2025-67997	WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability — TraveliciousCWE-502	9.8^AI	Critical^AI	2026-02-20
CVE-2025-67996	WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability — NestinCWE-502	9.8^AI	Critical^AI	2026-02-20
CVE-2026-25451	WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79	5.4^AI	Medium^AI	2026-02-19
CVE-2025-12159	Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Bold Page BuilderCWE-79	6.4	Medium	2026-02-07
CVE-2025-13463	Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid — Bold Page BuilderCWE-79	6.4	Medium	2026-02-07
CVE-2025-12803	Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode — Bold Page BuilderCWE-80	6.4	Medium	2026-02-07
CVE-2025-15267	Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode — Bold Page BuilderCWE-79	6.4	Medium	2026-02-07
CVE-2025-68513	WordPress Bold Timeline Lite plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — Bold Timeline LiteCWE-79	6.5	Medium	2025-12-24
CVE-2025-64233	WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability — CodiqaCWE-502	9.8^AI	Critical^AI	2025-12-18
CVE-2025-54723	WordPress DentiCare Theme < 1.4.3 - PHP Object Injection Vulnerability — DentiCareCWE-502	9.8^AI	Critical^AI	2025-12-18
CVE-2025-14032	Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode — Bold Timeline LiteCWE-79	6.4	Medium	2025-12-12
CVE-2025-66057	WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79	6.5	Medium	2025-11-21
CVE-2025-7730	Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter — Bold Page BuilderCWE-79	6.4	Medium	2025-10-23
CVE-2025-60216	WordPress Addison theme < 1.4.8 - PHP Object Injection vulnerability — AddisonCWE-502	9.8^AI	Critical^AI	2025-10-22
CVE-2025-60214	WordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerability — GoldenblattCWE-502	9.8^AI	Critical^AI	2025-10-22
CVE-2025-58194	WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79	6.5	Medium	2025-08-27
CVE-2025-54006	WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79	6.5	Medium	2025-07-16
CVE-2025-52724	WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability — AmwerkCWE-502	9.8	Critical	2025-06-27
CVE-2025-5286	Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter — Bold Page BuilderCWE-79	6.4	Medium	2025-05-29
CVE-2025-39495	WordPress Avantage Theme <= 2.4.9 - PHP Object Injection vulnerability — AvantageCWE-502	9.8	Critical	2025-05-23
CVE-2025-39499	WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability — MedicareCWE-502	9.8	Critical	2025-05-23
CVE-2025-3715	Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter — Bold Page BuilderCWE-79	6.4	Medium	2025-05-18
CVE-2025-47525	WordPress Bold Page Builder plugin <= 5.3.0 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79	5.9	Medium	2025-05-07
CVE-2025-47488	WordPress Bold Page Builder plugin <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability — Bold Page BuilderCWE-79	6.5	Medium	2025-05-07
CVE-2023-45110	WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability — Bold Timeline LiteCWE-862	8.1	-	2025-01-02
CVE-2024-54382	WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability — Bold Page BuilderCWE-22	4.9	Medium	2024-12-16
CVE-2024-53801	WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability — Bold Page BuilderCWE-79	6.5	Medium	2024-12-06
CVE-2024-50417	WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability — Bold Page BuilderCWE-862	4.3	Medium	2024-11-19

This page lists every published CVE security advisory associated with boldthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

boldthemes — Vulnerabilities & Security Advisories 50