Volerion logoVolerion
Volerion logoVolerion

Borderless Elementor Addons and Templates WordPress Plugin Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Borderless - Elementor Addons and Templates plugin for WordPress, affecting all versions through 1.7.1. The vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. These scripts are executed when users access the compromised pages.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access can inject scripts through the 'title' parameter in any widget that supports this feature, such as the Circular Progress Bar, Progress Bar, or Semi-Circular Progress Bar widgets. The injected script will be executed when the page is viewed.

Remediation

Users are advised to update the Borderless - Elementor Addons and Templates plugin to version 1.7.2 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
1.7
exploitability
6.4
remediation
7.7
relevance
0.2
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.