WordPress Borderless plugin <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin Borderless versions = 1.6.0...

CVE-2024-11600

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'writeconfig' function. This is due to a lack of sanitization on an imported JSON file. This makes it...

CVE-2024-11600

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.6.0 via the 'writeconfig' function. This is due to a lack of sanitization on an imported JSON file. This makes it...

CVE-2024-11583

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removezippedfont' function in all versions up to, and including, 1.5.9. This makes it possible for...

CVE-2024-11583

CVE-2024-11583 (Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg) affects Borderless versions up to and including 1.5.9. The vulnerability is a missing capability check in the remove_zipped_font function, enabling authenticated attackers with Subscriber-level access...

CVE-2024-11583 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removezippedfont' function in all versions up to, and including, 1.5.9. This makes it possible for...

CVE-2024-11583 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removezippedfont' function in all versions up to, and including, 1.5.9. This makes it possible for...

WordPress plugin Borderless 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Borderless 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1665 · WordPress · Borderless – Widgets

Name of the Vulnerable Software and Affected Versions: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description: The issue is related to Remote Code Execution due to a lack of sanitization on an imported...

PT-2025-1664 · WordPress · Borderless – Widgets

Name of the Vulnerable Software and Affected Versions: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description: The issue is related to a missing capability check on the remove zipped font function,...

CVE-2024-54211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visualmodo Borderless allows Cross-Site Scripting XSS.This issue affects Borderless: from n/a through 1.5.8...

CVE-2024-54211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visualmodo Borderless borderless allows Cross-Site Scripting XSS.This issue affects Borderless: from n/a through = 1.5.8...

CVE-2024-54211 WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visualmodo Borderless borderless allows Cross-Site Scripting XSS.This issue affects Borderless: from n/a through = 1.5.8...

CVE-2024-54211

CVE-2024-54211 is a Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Borderless (Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg) version up to 1.5.8. The issue arises from improper neutralization of input during web page generation. Public references con...

WordPress plugin Borderless 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Borderless versions = 1.5.8...

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-34757

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for...

CVE-2024-34757

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visualmodo Borderless borderless allows DOM-Based XSS.This issue affects Borderless: from n/a through = 1.7.3...