CVE-2023-28994
WordPress Flatsome Theme <= 3.16.8 is vulnerable to Cross Site Scripting (XSS)Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <= 3.16.8 versions.
We have discovered 73,687 live websites that are affected by CVE-2023-28994.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 73,687 live websites (47.57% of Flatsome install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 185 versions ( 83.33% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Aug 23, 2023
- Updated - Sep 25, 2024
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2023-28994 usage by Country
 United States | 21,725 websites |
 Vietnam | 16,833 websites |
 Germany | 5,523 websites |
 France | 2,235 websites |
 GB | 2,030 websites |
 Netherlands | 1,857 websites |
 Cyprus | 1,342 websites |
 Canada | 1,164 websites |
 Spain | 1,152 websites |
 Italy | 1,050 websites |
CVE-2023-28994 usage by TLD
| .com | 33,183 websites |
| .net | 2,395 websites |
| .de | 2,265 websites |
| .nl | 1,886 websites |
| .co.uk | 1,724 websites |
| .com.br | 1,443 websites |
| .org | 1,418 websites |
| .com.au | 1,177 websites |
| .it | 1,024 websites |
| .ru | 820 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-28994
Top websites that are affected by CVE-2023-28994. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.net | United States | **,*** | |
| **********.com |  Singapore | **,*** | |
| ********.net | United States | **,*** | |
| *********.net | United States | **,*** | |
| ************.com | Vietnam | **,*** | |
| ***************.com | United States | **,*** | |
| ****************.com | United States | **,*** | |
| ********.se |  Sweden | **,*** | |
| ************.com | Vietnam | **,*** | |
| ***********.com | United States | **,*** |
FAQ
CVE-2023-28994 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Flatsome
A total of 73,687 websites have been identified as vulnerable to CVE-2023-28994, discovered through global website indexing conducted by WebTechSurvey.
Flatsome is susceptible to CVE-2023-28994 vulnerability.
Flatsome versions before, and including, 3.16.8 are vulnerable to CVE-2023-28994.