CVE-2023-47505


WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.



We have discovered 900,181 live websites that are affected by CVE-2023-47505.

Contact us to get more info




Affected Software

Product  Elementor
Category Landing Page Builders
Vulnerable Versions
  • from 0 through 3.16.4
Total Vulnerable Versions377
Vulnerable Domains900,181 live websites (33.17% of Elementor install base)


Common Weakness Enumeration


CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Nov 30, 2023
  • Updated - Nov 30, 2023

Credits

  • Rafie Muhammad (Patchstack) (finder)





Countries

United States278,042 websites



Germany90,020 websites
France59,850 websites
Italy36,143 websites
Brazil30,981 websites
GB28,111 websites
Poland25,879 websites
Russia25,625 websites
Spain23,113 websites
Cyprus21,967 websites

TLDs

.com362,184 websites
.de43,673 websites
.com.br38,403 websites
.org33,808 websites
.it27,714 websites
.fr20,968 websites
.pl20,810 websites
.ru20,574 websites
.co.uk19,997 websites
.nl19,924 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Websites affected by CVE-2023-47505

Top websites that are affected by CVE-2023-47505. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.net Germany*,***
***********.com United States*,***
**************.********.com United States*,***
********.com United States*,***
******.com United States*,***
**********.com United States*,***
**.***.br Brazil*,***
******.com United States*,***
*********.com United States*,***
**********.com Czech Republic*,***
See full domain list