CVE-2024-10050
Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via ShortcodeThe Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.
We have discovered 121,614 live websites that are affected by CVE-2024-10050.
Affected Software
| Product |  Header Footer and Blocks for Elementor |
| Category | Widgets |
| Vulnerable Domains | 121,614 live websites (47.88% of Header Footer and Blocks for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 79 versions ( 84.95% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Oct 24, 2024
- Updated - Oct 24, 2024
Credits
- Francesco Carlucci (finder)
CWE
CVE References
CWE References
CVE-2024-10050 usage by Country
 United States | 36,488 websites |
 Germany | 14,664 websites |
 France | 7,820 websites |
 Cyprus | 5,754 websites |
 GB | 4,535 websites |
 Russia | 3,689 websites |
 Poland | 3,633 websites |
 Brazil | 3,506 websites |
 Spain | 3,254 websites |
 Netherlands | 2,408 websites |
CVE-2024-10050 usage by TLD
| .com | 51,193 websites |
| .org | 4,912 websites |
| .com.br | 4,892 websites |
| .de | 4,613 websites |
| .co.uk | 3,002 websites |
| .pl | 2,954 websites |
| .ru | 2,934 websites |
| .fr | 2,710 websites |
| .nl | 2,412 websites |
| .net | 2,411 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-10050
Top websites that are affected by CVE-2024-10050. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| **********.com | France | **,*** | |
| *******.co | Germany | **,*** | |
| *******************.com | Germany | **,*** | |
| *************.org | United States | **,*** | |
| ********.org | GB | **,*** | |
| *******.org | Cyprus | **,*** |
FAQ
CVE-2024-10050 is Exposure of Sensitive Information to an Unauthorized Actor in Header Footer and Blocks for Elementor
A total of 121,614 websites have been identified as vulnerable to CVE-2024-10050, discovered through global website indexing conducted by WebTechSurvey.
Header Footer and Blocks for Elementor is susceptible to CVE-2024-10050 vulnerability.
Header Footer and Blocks for Elementor versions before, and including, 1.6.43 are vulnerable to CVE-2024-10050.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve
- https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.43/inc/class-header-footer-elementor.php#L634
- https://plugins.trac.wordpress.org/changeset/3173344/header-footer-elementor/trunk/inc/class-header-footer-elementor.php?contextall=1