CVE-2025-52713
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-20

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52713
EUVD
EUVD-2025-28453
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Server-Side Request Forgery (SSRF) in the BoldGrid Post and Page Builder – Visual Drag and Drop Editor plugin for WordPress, affecting versions up to 1.27.8. It allows an attacker with contributor-level privileges to make the affected website send HTTP requests to arbitrary domains controlled by the attacker. This can lead to unauthorized access to sensitive information from other services running on the same system. [1]


How can this vulnerability impact me? :

Exploitation of this vulnerability could allow attackers to access sensitive information from other services on the same system as the affected website. This could lead to information disclosure and potential further attacks. However, the vulnerability has a low severity score (6.4) and limited impact, requiring contributor-level privileges to exploit. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this SSRF vulnerability involves monitoring for unusual outbound HTTP requests originating from the affected WordPress plugin (Post and Page Builder by BoldGrid – Visual Drag and Drop Editor) versions up to 1.27.8. Network administrators can look for HTTP requests to unexpected or attacker-controlled domains from the web server hosting the plugin. Specific commands are not provided in the resources, but general approaches include using network monitoring tools like tcpdump or Wireshark to capture outbound traffic, or inspecting web server logs for suspicious request patterns. Additionally, scanning the WordPress installation to identify the plugin version can help determine if the system is vulnerable. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin to version 1.27.9 or later, where the vulnerability is fixed. If updating immediately is not possible, applying virtual patching (vPatching) offered by Patchstack can provide interim protection by automatically mitigating the vulnerability before official patches are applied. Limiting contributor-level privileges and monitoring for suspicious activity can also help reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart