CVE-2024-0251




The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.


We have discovered 1,021 live websites that are affected by CVE-2024-0251.

Contact us to get more info



Affected Software

Product  Advanced Woo Search
Category Wordpress Plugins
Vulnerable Versions
  • from 0 through 2.96
Total Vulnerable Versions169
Vulnerable Domains1,021 live websites (32.44% of Advanced Woo Search install base)



Details

  • Published - Jan 13, 2024
  • Updated - Jan 13, 2024

Credits

  • Artem Guzhva (finder)




Countries

United States242 websites


Germany79 websites
GB74 websites
Russia60 websites
Italy51 websites
France48 websites
Spain45 websites
Australia39 websites
Netherlands39 websites
Poland30 websites

TLDs

.com407 websites
.ru52 websites
.de46 websites
.co.uk41 websites
.com.au37 websites
.org32 websites
.it32 websites
.pl27 websites
.nl27 websites
.net21 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2024-0251

Top websites that are affected by CVE-2024-0251. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.**********.com United States*,***
****************.com United States**,***
***********.hu Hungary**,***
***.*******************.com United States**,***
***.**************.com Spain***,***
***.**************.com United States***,***
*************.com Australia***,***
*******.****.***.ni Nicaragua***,***
***********.shop Spain***,***
************.ir Iran***,***
See full domain list