CVE-2025-0859

Name of the Vulnerable Software and Affected Versions Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress versions up to, and including, 1.27.6

Description The issue allows authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information, via the template via url() function. This makes it possible for attackers to access sensitive information.

Recommendations For Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress versions up to, and including, 1.27.6, consider disabling the template via url() function until a patch is available to prevent exploitation. Restrict access to sensitive files on the server to minimize the risk of information disclosure.