CVE-2025-0859

Summary

CVE-2025-0859 is a critical vulnerability affecting the Post and Page Builder plugin for WordPress by BoldGrid. This visual drag-and-drop editor is vulnerable to path traversal, exposing all versions up to and including 1.27.6. This issue allows authenticated attackers with Contributor-level access and above to read arbitrary files on the server, potentially gaining access to sensitive information stored on the affected system. The vulnerability arises due to the misuse of the template_via_url() function, which fails to properly sanitize user input. This can enable attackers to bypass intended file access restrictions and access files outside of the intended directory. Immediate updates to the plugin are recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.