CVE-2025-22759: 
WordPress vulnerability analysis and mitigation

The Post and Page Builder by BoldGrid plugin versions below 1.27.6 contains a Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-22759. This security flaw was discovered on January 14, 2025, and affects WordPress installations with the vulnerable plugin versions. The vulnerability allows authenticated users with contributor-level access or higher to inject malicious web scripts into pages (WPScan, Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS score of 5.9 (medium) to 6.5 (low). The security flaw stems from insufficient input sanitization and output escaping in the plugin's functionality. It falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) and is identified with CWE-79 (WPScan, Patchstack).

When exploited, this vulnerability allows authenticated attackers with contributor-level privileges to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page, potentially leading to unauthorized actions, data theft, or other malicious activities (WPScan).

The vulnerability has been patched in version 1.27.6 of the Post and Page Builder by BoldGrid plugin. Site administrators are strongly advised to update to this version or later to resolve the security issue (Patchstack).