CVE-2024-1049
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 277,582 live websites that are affected by CVE-2024-1049.
Affected Software
| Product |  GoDaddy CoBlocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 277,582 live websites (81.03% of GoDaddy CoBlocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 119 versions ( 92.97% of all versions) |
Details
- Published - Mar 23, 2024
- Updated - Aug 1, 2024
Credits
- Craig Smith (finder)
CVE References
CVE-2024-1049 usage by Country
 United States | 269,521 websites |
 Germany | 1,733 websites |
 GB | 1,287 websites |
 France | 445 websites |
 Netherlands | 421 websites |
 Japan | 403 websites |
 Switzerland | 302 websites |
 Canada | 265 websites |
 Italy | 253 websites |
 Australia | 236 websites |
CVE-2024-1049 usage by TLD
| .com | 203,679 websites |
| .org | 20,821 websites |
| .net | 9,636 websites |
| .co.uk | 4,194 websites |
| .ca | 3,061 websites |
| .fr | 1,710 websites |
| .de | 1,468 websites |
| .nl | 1,242 websites |
| .com.au | 1,170 websites |
| .ch | 847 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1049
Top websites that are affected by CVE-2024-1049. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | ** | |
| ********.*********.com | United States | ** | |
| **********.com | United States | *** | |
| ********.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ********.org | United States | *,*** | |
| ****************.com | United States | *,*** |
FAQ
A total of 277,582 websites have been identified as vulnerable to CVE-2024-1049, discovered through global website indexing conducted by WebTechSurvey.
GoDaddy CoBlocks is susceptible to CVE-2024-1049 vulnerability.
GoDaddy CoBlocks versions before, and including, 3.1.6 are vulnerable to CVE-2024-1049.