CVE-2023-6744

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

We have discovered 345,473 live websites that are affected by CVE-2023-6744.

Test my site



Affected Software

Product  Divi
Category Wordpress Themes
Vulnerable Domains345,473 live websites (36.85% of Divi install base)
Vulnerable Versions
  • from 0 through 4.23.1
Vulnerable Versions Count566 versions ( 92.79% of all versions)



Details

  • Published - Dec 23, 2023
  • Updated - Aug 2, 2024

Credits

  • Francesco Carlucci (finder)

CVE-2023-6744 usage by Country

United States136,685 websites


Germany40,323 websites
France26,955 websites
GB16,576 websites
Netherlands12,712 websites
Spain11,908 websites
Poland9,164 websites
Switzerland7,761 websites
Italy7,133 websites
Australia6,959 websites

CVE-2023-6744 usage by TLD

.com152,929 websites
.de21,599 websites
.org15,139 websites
.co.uk13,880 websites
.nl12,739 websites
.fr11,017 websites
.com.au8,758 websites
.pl7,299 websites
.net6,793 websites
.es6,536 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2023-6744

Top websites that are affected by CVE-2023-6744. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
******.com United States*,***
*******.com United States*,***
****.ro Romania*,***
************.org France*,***
****************.com United States*,***
******.com United States*,***
******.com United States*,***
***************.com Bulgaria**,***
**************.de Germany**,***
***************.pl Poland**,***
See full domain list

FAQ

A total of 345,473 websites have been identified as vulnerable to CVE-2023-6744, discovered through global website indexing conducted by WebTechSurvey.
Divi is susceptible to CVE-2023-6744 vulnerability.
Divi versions before, and including, 4.23.1 are vulnerable to CVE-2023-6744.