CVE-2024-1171
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 42,267 live websites that are affected by CVE-2024-1171.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 42,267 live websites (14.85% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 161 versions ( 78.16% of all versions) |
Details
- Published - Feb 20, 2024
- Updated - Aug 1, 2024
Credits
- Mdr001 (finder)
CVE References
CVE-2024-1171 usage by Country
 United States | 12,945 websites |
 Germany | 5,317 websites |
 France | 2,882 websites |
 Cyprus | 1,699 websites |
 GB | 1,552 websites |
 Brazil | 1,515 websites |
 Spain | 1,182 websites |
 Poland | 1,175 websites |
 Russia | 945 websites |
 Italy | 871 websites |
CVE-2024-1171 usage by TLD
| .com | 17,036 websites |
| .com.br | 2,169 websites |
| .de | 1,856 websites |
| .org | 1,732 websites |
| .fr | 1,020 websites |
| .ru | 988 websites |
| .co.uk | 980 websites |
| .pl | 913 websites |
| .net | 794 websites |
| .nl | 749 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1171
Top websites that are affected by CVE-2024-1171. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.cz |  Czech Republic | *,*** | |
| *******.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| *****.pt |  Portugal | **,*** | |
| *********************.pt | Portugal | **,*** | |
| ***********.com | United States | **,*** | |
| ****.org | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ************.com | United States | **,*** |
FAQ
A total of 42,267 websites have been identified as vulnerable to CVE-2024-1171, discovered through global website indexing conducted by WebTechSurvey.
Essential Addons for Elementor is susceptible to CVE-2024-1171 vulnerability.
Essential Addons for Elementor versions before, and including, 5.9.8 are vulnerable to CVE-2024-1171.