Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg < 1.6.0 – Missing Authorization to Icon Font Deletion | CVE 2024-11583 | Plugin Vulnerabilities

Description

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded.

Affects Plugins

Fixed in 1.6.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0968fe3b-2256-41e8-8cc9-e800dd7f8c27

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Trương Hữu Phúc (truonghuuphuc)

Verified

No

WPVDB ID

05ec1ebe-cb5e-4306-ba9c-195053f1ce16

Timeline

Publicly Published

2025-01-30 (about 1 year ago)

Added

2025-01-30 (about 1 year ago)

Last Updated

2025-03-21 (about 1 year ago)

Other

Published

Title

Published

2026-01-25

Title

Fluent Forms < 6.1.15 - Subscriber+ Missing Authorization

Published

2026-01-23

Title

Sunshine Photo Cart < 3.5.7.3 - Missing Authorization

Published

2025-01-24

Title

Build Private Store For Woocommerce < 1.1 - Missing Authorization

Published

2026-01-25

Title

TOP Table Of Contents < 1.4.0 - Missing Authorization

Published

2026-02-20

Title

Image Optimizer by Elementor < 1.7.2 - Missing Authorization