PLUGIN SECURITY
Is Post And Page Builder safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Post And Page Builder WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
post-and-page-builder - Requires PHP: 5.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.24.2 [CVE-2023-25480, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor, Post and Page Builder by BoldGrid < 1.24.2 - Editor Settings Update via CSRF]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.26.3 [CVE-2024-2888, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 is vulnerable to Cross Site Scripting (XSS), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin < 1.26.3 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.26.3 [Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.26.5 [CVE-2024-4400, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.4 is vulnerable to Cross Site Scripting (XSS), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.26.7 [CVE-2024-6848, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload]
+ 6 more known vulnerabilities
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.27.6 [CVE-2025-22759, WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.27.4 is vulnerable to Cross Site Scripting (XSS), Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-2973]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.27.7 [CVE-2025-0859, Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function, EUVD-2025-1899]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.27.9 [CVE-2025-52711, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Cross-Site Request Forgery, EUVD-2025-19699]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.27.9 [CVE-2025-52713, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Server-Side Request Forgery, EUVD-2025-28453]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.27.9 [CVE-2025-52712, Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Authenticated (Contributor+) Path Traversal, EUVD-2025-24782]
- Post and Page Builder by BoldGrid – Visual Drag and Drop Editor [post-and-page-builder] < 1.27.10 [CVE-2025-69345, Post and Page Builder by BoldGrid <= 1.27.9 - Missing Authorization, EUVD-2026-0961]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Kirki – Freeform Page Builder, Website Builder & Customizer — 500000+ active installs — max PHP <8.0
- Page Builder by SiteOrigin — 400000+ active installs — max PHP 8.4
- Page Builder: Pagelayer – Drag and Drop website builder — 400000+ active installs
- Colibri Page Builder — 90000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.