{"id":"CVE-2024-6848","summary":"Post and Page Builder by BoldGrid – Visual Drag and Drop Editor \u003c= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload","details":"The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","modified":"2026-07-15T01:49:10.962852565Z","published":"2024-07-20T11:18:27.812Z","database_specific":{"cna_assigner":"Wordfence","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6848.json"},"references":[{"type":"WEB","url":"https://github.com/BoldGrid/post-and-page-builder/pull/613/commits/64c33a6d0c9dbb0151d3af5fee9e026df6c5a2f6"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/post-and-page-builder/tags/1.26.6/includes/class-boldgrid-editor-ajax.php#L372"},{"type":"WEB","url":"https://wordpress.org/plugins/post-and-page-builder/#developers"},{"type":"WEB","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d5dcec8-fa36-43ab-9a35-0b391fe1d88e?source=cve"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6848.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6848"},{"type":"REPORT","url":"https://github.com/BoldGrid/post-and-page-builder/issues/612"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/boldgrid/post-and-page-builder","events":[{"introduced":"0"},{"fixed":"0092cecb1aeafd41708a3b39bf722e6965b067f6"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.26.6"},{"fixed":"1.26.7"}],"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:boldgrid:post_and_page_builder:*:*:*:*:*:wordpress:*:*"}}],"versions":["1.26.6","1.26.5","1.26.4","1.26.3","1.26.2","1.26.1","1.26.0","1.25.1","1.25.0","1.24.2","1.24.0","1.23.2","1.23.1","1.23.0","1.22.2","1.22.1","1.22.1-rc1","1.21.3","1.21.2","1.18.0","1.17.0","1.16.0","1.15.2","1.15.1","1.15.0","1.14.2","1.14.1","1.14.0","1.13.6","1.13.5","1.13.5-rc.1","1.13.4","1.13.3","1.13.3-rc.1","1.13.2","1.13.1","1.13.0","1.12.2","1.12.0","1.12.1","1.11.2","1.11.1","1.11.0","1.11.0-rc.1","1.10.6","1.10.5","1.10.4","1.10.3","1.10.2","1.10.1","1.10.0","1.10.0-rc.1","1.9.0","1.9.0-rc.3","1.9.0-rc.2","1.9.0-rc.1","1.8.0","1.8.0-rc.5","1.8.0-rc.4","1.8.0-rc.3","1.8.0-rc.2","1.8.0-rc.1","1.8.0-alpha.3","1.8.0-alpha.1","1.7.1","1.7.0","1.7.0-rc.5","1.7.0-rc.4","1.7.0-rc.3","1.7.0-rc.2","1.7.0-rc.1","1.7.0-alpha.2","1.7.0-alpha.1","1.6.1","1.6","1.5.2","1.5.1","1.4.8","1.4.7","1.4.6","1.4.4","1.4","1.4.3","1.4.2","1.4.1","1.3.5","1.3.4","1.3.3","1.3.2","1.3.1","1.2.13","1.2.9","1.2.8","1.2.7","1.2.6","uability-testing","1.1.3","1.1.2","1.1.1.2","1.1","1.1.1.1","1.1.1","1.0.9","1.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6848.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}