CVE-2024-21752

WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

We have discovered 850 live websites that are affected by CVE-2024-21752.

Affected Software


Product	Ajax Search Lite
Category	Wordpress Plugins
Vulnerable Versions	from 0 through 4.11.4
Total Vulnerable Versions	47
Vulnerable Domains	850 live websites (98.04% of Ajax Search Lite install base)

Common Weakness Enumeration

CWE-352 Cross-Site Request Forgery (CSRF)

Available Reports

Website List

Details

Published - Feb 29, 2024
Updated - Feb 29, 2024

Credits

Le Ngoc Anh (Patchstack Alliance) (finder)

CWE

CWE-352

CVE References

CWE References

cwe.mitre.org

Countries

United States	179 websites

Russia	89 websites
France	67 websites
Germany	66 websites
Italy	47 websites
GB	37 websites
Spain	31 websites
Poland	25 websites
Netherlands	20 websites
Brazil	20 websites

TLDs

.com	286 websites
.ru	82 websites
.org	48 websites
.de	41 websites
.fr	36 websites
.pl	21 websites
.it	21 websites
.co.uk	16 websites
.es	15 websites
.ca	13 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Websites affected by CVE-2024-21752

Top websites that are affected by CVE-2024-21752. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*.****.at	Austria	,**
*********.com	Netherlands	,*
**********.com	United States	,*
*..*.ca	Canada	,*
**********.com	Canada	,*
*.*********.com	Mexico	,*
*************.eu	Germany	,*
******.ru	Russia	,*
***********.com	United States	,*
*.***************.org	Italy	*,*

See full domain list