CVE-2023-4690
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 7,506 live websites that are affected by CVE-2023-4690.
Affected Software
| Product |  Addon Elements For Elementor Page Builder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,506 live websites (27.33% of Addon Elements For Elementor Page Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 17 versions ( 44.74% of all versions) |
Details
- Published - Nov 15, 2023
- Updated - Jan 7, 2025
Credits
- Marco Wotschka (finder)
- Paolo Tresso (finder)
CVE References
CVE-2023-4690 usage by Country
 United States | 1,975 websites |
 Germany | 1,012 websites |
 France | 518 websites |
 Russia | 469 websites |
 Poland | 353 websites |
 GB | 221 websites |
 Cyprus | 187 websites |
 Brazil | 165 websites |
 Italy | 146 websites |
 Japan | 129 websites |
CVE-2023-4690 usage by TLD
| .com | 2,740 websites |
| .de | 445 websites |
| .ru | 361 websites |
| .pl | 275 websites |
| .org | 265 websites |
| .com.br | 227 websites |
| .fr | 171 websites |
| .co.uk | 149 websites |
| .net | 126 websites |
| .it | 109 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-4690
Top websites that are affected by CVE-2023-4690. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| ***********.net | United States | **,*** | |
| ******.social | United States | **,*** | |
| *************.org | United States | **,*** | |
| *************.com | United States | **,*** | |
| ************.********.ru | Russia | ***,*** | |
| *****************.com | United States | ***,*** | |
| ******.com | France | ***,*** | |
| **************.org | United States | ***,*** |
FAQ
A total of 7,506 websites have been identified as vulnerable to CVE-2023-4690, discovered through global website indexing conducted by WebTechSurvey.
Addon Elements For Elementor Page Builder is susceptible to CVE-2023-4690 vulnerability.
Addon Elements For Elementor Page Builder versions before, and including, 1.12.7 are vulnerable to CVE-2023-4690.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fd53b4e1-c6b7-4111-911a-04b14c7a9c4e?source=cve
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/inc/admin/admin-ui.php#L75
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15