CVE-2024-10050
Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via ShortcodeThe Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.
We have discovered 57,273 live websites that are affected by CVE-2024-10050.
Affected Software
| Product |  Header Footer and Blocks for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 57,273 live websites (22% of Header Footer and Blocks for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 78 versions ( 63% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Oct 24, 2024
- Updated - Apr 8, 2026
Credits
- Francesco Carlucci (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-10050 United States | 11,418 websites |
 Germany | 5,302 websites |
 France | 3,522 websites |
 GB | 2,549 websites |
 Brazil | 2,305 websites |
 Russia | 2,285 websites |
 Italy | 2,207 websites |
 India | 2,113 websites |
 Spain | 2,043 websites |
 Poland | 2,015 websites |
Website Distribution by TLD
Number of websites using CVE-2024-10050| .com | 22,132 websites |
| .de | 2,449 websites |
| .com.br | 2,125 websites |
| .org | 2,085 websites |
| .ru | 1,800 websites |
| .it | 1,554 websites |
| .pl | 1,549 websites |
| .fr | 1,454 websites |
| .co.uk | 1,345 websites |
| .nl | 1,204 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-10050
Top websites that are affected by CVE-2024-10050. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *******.co |  Serbia | **,*** | |
| *******.com | United States | **,*** | |
| ***********.org | United States | **,*** | |
| ****.com | United States | **,*** | |
| ********.me | United States | **,*** | |
| *******.com | United States | **,*** | |
| ***.sucks | United States | **,*** | |
| *********************.com | United States | **,*** |
FAQ
CVE-2024-10050 is Exposure of Sensitive Information to an Unauthorized Actor in Header Footer and Blocks for Elementor
A total of 57,273 websites have been identified as vulnerable to CVE-2024-10050, based on global website indexing conducted by WebTechSurvey.
The Header Footer and Blocks for Elementor is affected by the CVE-2024-10050 vulnerability.
Header Footer and Blocks for Elementor versions up to and including 1.6.43 are vulnerable to CVE-2024-10050.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve
- https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.43/inc/class-header-footer-elementor.php#L634
- https://plugins.trac.wordpress.org/changeset/3173344/header-footer-elementor/trunk/inc/class-header-footer-elementor.php?contextall=1