CVE-2025-52711: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor, affecting versions through 1.27.8. The vulnerability was disclosed on June 19, 2025, and has been assigned CVE-2025-52711. This security issue affects the WordPress plugin's functionality and has been given a CVSS score of 4.3 (Medium) (Wiz, NVD).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue (CWE-352), which falls under the OWASP Top 10 category of Broken Access Control. The CVSS v3.1 score of 4.3 is based on the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered low severity, though it could potentially affect website functionality if exploited (Wiz).

The vulnerability has been patched in version 1.27.9 of the BoldGrid Post and Page Builder plugin. Users are advised to update to version 1.27.9 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Wiz).