CVE-2023-50370

WordPress Livemesh Addons for WPBakery Page Builder Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.


We have discovered 3,248 live websites that are affected by CVE-2023-50370.

Contact us to get more info




Affected Software

Product  Addons For Visual Composer
Category Wordpress Plugins
Vulnerable Domains3,248 live websites (47.12% of Addons For Visual Composer install base)
Vulnerable Versions
  • from 0 through 3.5
Vulnerable Versions Count38 versions ( 82.61% of all versions)


Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Dec 14, 2023
  • Updated - Aug 2, 2024

Credits

  • Abu Hurayra (Patchstack Alliance) (finder)

CVE-2023-50370 usage by Country

United States924 websites



Germany337 websites
Italy248 websites
France243 websites
Russia148 websites
GB105 websites
Spain97 websites
Poland73 websites
Netherlands64 websites
Brazil63 websites

CVE-2023-50370 usage by TLD

.com1,307 websites
.it188 websites
.org151 websites
.ru122 websites
.de119 websites
.com.br77 websites
.fr72 websites
.net70 websites
.pl55 websites
.co.uk51 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2023-50370

Top websites that are affected by CVE-2023-50370. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.com United States***,***
*******.org United States***,***
******************.de Germany***,***
*****************.com India***,***
*************.org United States***,***
*******.com United States***,***
*****************.org United States***,***
***********.org France***,***
*****.pt United States***,***
*****.ca United States***,***
See full domain list

FAQ

CVE-2023-50370 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Addons For Visual Composer
A total of 3,248 websites have been identified as vulnerable to CVE-2023-50370, discovered through global website indexing conducted by WebTechSurvey.
Addons For Visual Composer is susceptible to CVE-2023-50370 vulnerability.
Addons For Visual Composer versions before, and including, 3.5 are vulnerable to CVE-2023-50370.