PT-2025-1665 · WordPress · Borderless – Widgets
Anhchangmutrang
+3
·
Published
2025-01-30
·
Updated
2025-01-31
·
CVE-2024-11600
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9
Description
The issue is related to Remote Code Execution due to a lack of sanitization on an imported JSON file. This allows authenticated attackers with Administrator-level access and above to execute code on the server via the
write config function.Recommendations
For versions up to, and including, 1.5.9, update to a version that includes a fix for this issue, as the current version allows for Remote Code Execution due to the lack of sanitization in the
write config function.
As a temporary workaround, consider disabling the write config function until a patch is available.Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Borderless – Widgets