WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Post And Page Builder safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Post And Page Builder WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: post-and-page-builder
  • Requires PHP: 5.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.24.2 [CVE-2023-25480, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor, Post and Page Builder by BoldGrid &lt; 1.24.2 - Editor Settings Update via CSRF]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.26.3 [CVE-2024-2888, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 is vulnerable to Cross Site Scripting (XSS), Post and Page Builder by BoldGrid &ndash; Visual Drag and Drop Editor Plugin &lt; 1.26.3 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.26.3 [Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.26.5 [CVE-2024-4400, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.4 is vulnerable to Cross Site Scripting (XSS), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.26.7 [CVE-2024-6848, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload]
+ 6 more known vulnerabilities
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.27.6 [CVE-2025-22759, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.27.4 is vulnerable to Cross Site Scripting (XSS), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-2973]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.27.7 [CVE-2025-0859, Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function, EUVD-2025-1899]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.27.9 [CVE-2025-52711, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Cross-Site Request Forgery, EUVD-2025-19699]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.27.9 [CVE-2025-52713, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Server-Side Request Forgery, EUVD-2025-28453]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.27.9 [CVE-2025-52712, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Path Traversal, EUVD-2025-24782]
  • Post and Page Builder by BoldGrid &#8211; Visual Drag and Drop Editor [post-and-page-builder] < 1.27.10 [CVE-2025-69345, Post and Page Builder by BoldGrid <= 1.27.9 - Missing Authorization, EUVD-2026-0961]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.