CVE-2024-1157




The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


We have discovered 500 live websites that are affected by CVE-2024-1157.

Contact us to get more info



Affected Software

Product  Bold Page Builder
Category Wordpress Plugins
Vulnerable Versions
  • from 0 through 4.8
Total Vulnerable Versions63
Vulnerable Domains500 live websites (54.17% of Bold Page Builder install base)



Details

  • Published - Feb 13, 2024
  • Updated - Feb 13, 2024

Credits

  • Mdr001 (finder)




Countries

United States123 websites


France43 websites
Italy36 websites
Germany34 websites
GB26 websites
Spain22 websites
Poland22 websites
Canada17 websites
Netherlands17 websites
Australia13 websites

TLDs

.com230 websites
.de26 websites
.org22 websites
.it20 websites
.pl16 websites
.net12 websites
.nl12 websites
.co.uk12 websites
.fr12 websites
.com.br11 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2024-1157

Top websites that are affected by CVE-2024-1157. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.***********.nl Netherlands***,***
***.********.gr Greece***,***
***.***************.com India***,***
**********.be Belgium***,***
**********.com United States***,***
***.**********.com United States***,***
***.*****.com Spain***,***
***.digital France***,***
***.***********.com India***,***
********.com United States***,***
See full domain list