cleantalk
Vulnerabilities and Security Researches

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg, CVE-2024-11600

CVE, Research URL

CVE-2024-11600

Home page URL

Security reports for Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Application

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Published on
Jan 30, 2025
Research Description
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'write_config' function. This is due to a lack of sanitization on an imported JSON file. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
Affected versions
Min -, max 1.6.1.
Status
vulnerable
Previous vulnerability researches
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2025-5290) , Jun 14, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-11583) , Feb 01, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-11600) , Feb 01, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-10867) , Feb 01, 2025
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (CVE-2024-54211) , Dec 09, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025