CVE-2021-24719
Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.
We have discovered 52,928 live websites that are affected by CVE-2021-24719.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 52,928 live websites (46% of Enfold install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 97 versions ( 48% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 11, 2021
- Updated - Aug 3, 2024
Credits
- David Álvarez Robles
- Francisco Díaz-Pache Alonso
- Sergio Corral Cristo
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-24719 United States | 12,368 websites |
 Germany | 9,870 websites |
 Netherlands | 3,367 websites |
 Italy | 3,254 websites |
 France | 2,928 websites |
 GB | 2,163 websites |
 Spain | 1,770 websites |
 Canada | 1,012 websites |
 Austria | 987 websites |
 Denmark | 961 websites |
Website Distribution by TLD
Number of websites using CVE-2021-24719| .com | 19,338 websites |
| .de | 6,564 websites |
| .nl | 3,067 websites |
| .it | 2,234 websites |
| .org | 1,922 websites |
| .co.uk | 1,477 websites |
| .fr | 1,247 websites |
| .at | 1,051 websites |
| .net | 968 websites |
| .com.au | 845 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-24719
Top websites that are affected by CVE-2021-24719. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com | United States | *,*** | |
| *****************************.de | Germany | **,*** | |
| **********.net | United States | **,*** | |
| ***********.com |  Singapore | **,*** | |
| ***********.net | Singapore | **,*** | |
| *****.io | United States | **,*** | |
| *****************.com | United States | **,*** | |
| *******************.com | Italy | **,*** | |
| *********.com | United States | **,*** | |
| *********.com | Germany | **,*** |
FAQ
CVE-2021-24719 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Enfold
A total of 52,928 websites have been identified as vulnerable to CVE-2021-24719, based on global website indexing conducted by WebTechSurvey.
The Enfold is affected by the CVE-2021-24719 vulnerability.
Enfold versions up to 4.8.4 are vulnerable to CVE-2021-24719.
CVE-2021-24719 is resolved in version 4.8.4 of Enfold.