cleantalk
Vulnerabilities and Security Researches

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg, CVE-2024-11583

CVE, Research URL

CVE-2024-11583

Home page URL

Security reports for Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Application

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Published on
Jan 30, 2025
Research Description
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded.
Affected versions
Min -, max 1.6.0.
Status
vulnerable
Previous vulnerability researches
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2025-5290) , Jun 14, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-11583) , Feb 01, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-11600) , Feb 01, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-10867) , Feb 01, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-54211) , Dec 09, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025