CVE-2023-6744
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 589,572 live websites that are affected by CVE-2023-6744.
Affected Software
| Product |  Divi |
| Category | Landing Page Builders |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 864 |
| Vulnerable Domains | 589,572 live websites (59.77% of Divi install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-6744 and the relative popularity of websitesDetails
- Published - Dec 23, 2023
- Updated - Dec 23, 2023
Credits
- Francesco Carlucci (finder)
CVE References
CWE References
Countries
 United States | 192,942 websites |
 Germany | 51,972 websites |
 France | 41,292 websites |
 GB | 39,251 websites |
 Spain | 26,652 websites |
 Netherlands | 25,874 websites |
 Italy | 23,015 websites |
 Canada | 19,614 websites |
 Australia | 18,225 websites |
 Poland | 14,187 websites |
TLDs
| .com | 260,008 websites |
| .de | 36,234 websites |
| .org | 28,073 websites |
| .co.uk | 24,923 websites |
| .nl | 21,846 websites |
| .fr | 18,714 websites |
| .it | 15,409 websites |
| .com.au | 14,307 websites |
| .net | 11,737 websites |
| .pl | 10,673 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-6744 through included software libraries and plugins.References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4?source=cve
- https://www.elegantthemes.com/api/changelog/divi.txt
Websites affected by CVE-2023-6744
Top websites that are affected by CVE-2023-6744. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.******.com | United States | *,*** | |
| ****.ro |  Romania | *,*** | |
| ************.org | France | *,*** | |
| ***.***************.com | United States | *,*** | |
| ***.*********.com | United States | *,*** | |
| ***.************.com | United States | *,*** | |
| ****************.com | United States | *,*** | |
| ***.******.com | France | *,*** | |
| ***.****.com | Spain | *,*** | |
| ******.com | United States | *,*** |