High severity7.2NVD Advisory· Published Jan 30, 2025· Updated Apr 8, 2026
CVE-2024-11600
CVE-2024-11600
Description
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.6.0 via the 'write_config' function. This is due to a lack of sanitization on an imported JSON file. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- plugins.trac.wordpress.org/browser/borderless/tags/1.5.7/includes/icon-manager/icon-manager.phpnvdPatch
- plugins.trac.wordpress.org/browser/borderless/tags/1.5.7/includes/icon-manager/icon-manager.phpnvdPatch
- plugins.trac.wordpress.org/browser/borderless/tags/1.5.7/includes/icon-manager/icon-manager.phpnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/643b8b82-c4e1-4b81-a7e0-aee0f9270702nvdThird Party Advisory
- plugins.trac.wordpress.org/changeset/3231327/borderless/trunknvd
News mentions
0No linked articles in our index yet.