CVE-2023-47504
WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerabilityImproper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
We have discovered 434,453 live websites that are affected by CVE-2023-47504.
Affected Software
| Product |  Elementor |
| Category | Landing Page Builders |
| Vulnerable Domains | 434,453 live websites (16% of Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 207 versions ( 67% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - Apr 24, 2024
- Updated - Aug 2, 2024
Credits
- Rafie Muhammad (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-47504 United States | 85,930 websites |
 Germany | 45,971 websites |
 France | 27,127 websites |
 Italy | 21,279 websites |
 Russia | 17,785 websites |
 GB | 16,969 websites |
 Brazil | 15,656 websites |
 Spain | 15,461 websites |
 Poland | 14,214 websites |
 Netherlands | 11,754 websites |
Website Distribution by TLD
Number of websites using CVE-2023-47504| .com | 161,131 websites |
| .de | 25,147 websites |
| .it | 15,048 websites |
| .com.br | 14,440 websites |
| .org | 13,989 websites |
| .ru | 13,975 websites |
| .fr | 11,218 websites |
| .pl | 10,791 websites |
| .nl | 10,471 websites |
| .co.uk | 9,686 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-47504
Top websites that are affected by CVE-2023-47504. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| **.***.br | Brazil | *,*** | |
| *********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ********.com | GB | *,*** | |
| ***************.org | United States | *,*** | |
| ***********.*******.org | Brazil | **,*** |
FAQ
CVE-2023-47504 is Improper Authentication in Elementor
A total of 434,453 websites have been identified as vulnerable to CVE-2023-47504, based on global website indexing conducted by WebTechSurvey.
The Elementor is affected by the CVE-2023-47504 vulnerability.
Elementor versions up to and including 3.16.4 are vulnerable to CVE-2023-47504.