CVE-2025-52712: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability was discovered in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor, affecting versions through 1.27.8. The vulnerability was reported on May 29, 2025, and publicly disclosed on July 22, 2025. The security issue was assigned CVE-2025-52712 and received a CVSS v3.1 score of 4.2 (Medium) (Patchstack).

The vulnerability is classified as CWE-35 (Path Traversal: '.../...//') and has been assigned a CVSS v3.1 Base Score of 4.2 with the following vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N. This indicates that the vulnerability requires network access, has high attack complexity, requires low privileges, needs no user interaction, has a limited scope, and can result in low confidentiality and integrity impacts with no availability impact (NVD).

The vulnerability allows for Path Traversal attacks, which could potentially lead to unauthorized access to files outside the intended directory structure. The impact is considered moderate with potential for both information disclosure and file manipulation, as indicated by the CVSS metrics showing low confidentiality and integrity impacts (Patchstack).

The vulnerability has been fixed in version 1.27.9 of the BoldGrid Post and Page Builder plugin. Users are advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).