CVE-2023-47505
WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.
We have discovered 947,249 live websites that are affected by CVE-2023-47505.
Affected Software
| Product |  Elementor |
| Category | Landing Page Builders |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 353 |
| Vulnerable Domains | 947,249 live websites (37.78% of Elementor install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-47505 and the relative popularity of websitesDetails
- Published - Nov 30, 2023
- Updated - Nov 30, 2023
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
Countries
 United States | 216,084 websites |
 Germany | 74,160 websites |
 France | 54,880 websites |
 Brazil | 47,627 websites |
 Italy | 43,202 websites |
 GB | 39,711 websites |
 Spain | 34,316 websites |
 Poland | 28,225 websites |
 India | 27,714 websites |
 Netherlands | 27,047 websites |
TLDs
| .com | 383,553 websites |
| .de | 47,103 websites |
| .com.br | 41,710 websites |
| .org | 36,507 websites |
| .it | 29,108 websites |
| .fr | 22,266 websites |
| .nl | 22,190 websites |
| .co.uk | 21,897 websites |
| .pl | 21,105 websites |
| .net | 20,274 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-47505 through included software libraries and plugins.References
- https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-16-4-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/articles/arbitrary-attachment-render-to-xss-in-elementor-plugin?_s_id=cve
Websites affected by CVE-2023-47505
Top websites that are affected by CVE-2023-47505. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*******.net |  Bulgaria | *,*** | |
| ***********.com | United States | *,*** | |
| **************.********.com | United States | *,*** | |
| ***.********.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ***.**.***.br | Brazil | *,*** | |
| ***.******.com | United States | *,*** | |
| ***.*********.com | United States | *,*** | |
| ***.******************.org | United States | *,*** |