CVE-2024-11733
WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode ExecutionThe The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
We have discovered 54,943 live websites that are affected by CVE-2024-11733.
Affected Software
| Product |  WordPress Popular Posts |
| Category | Wordpress Plugins |
| Vulnerable Domains | 54,943 live websites (61.05% of WordPress Popular Posts install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 109 versions ( 85.16% of all versions) |
Common Weakness Enumeration
CWE-94 Improper Control of Generation of Code ('Code Injection')Details
- Published - Jan 3, 2025
- Updated - Jan 6, 2025
Credits
- Michael Mazzolini (finder)
CWE
CVE References
CWE References
CVE-2024-11733 usage by Country
 United States | 12,758 websites |
 Japan | 24,323 websites |
 Germany | 2,736 websites |
 Russia | 1,705 websites |
 France | 1,696 websites |
 Poland | 1,098 websites |
 GB | 704 websites |
 Brazil | 558 websites |
 Vietnam | 549 websites |
CVE-2024-11733 usage by TLD
| .com | 28,501 websites |
| .net | 4,033 websites |
| .jp | 3,884 websites |
| .ru | 1,738 websites |
| .org | 1,614 websites |
| .co.jp | 1,176 websites |
| .de | 1,105 websites |
| .info | 986 websites |
| .pl | 851 websites |
| .com.br | 745 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-11733
Top websites that are affected by CVE-2024-11733. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.net | United States | *** | |
| ************.com | United States | *,*** | |
| **************.de | Germany | *,*** | |
| *************.uk | United States | *,*** | |
| *******.***.in |  India | *,*** | |
| *********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| **********.com | United States | **,*** | |
| ***************.com | United States | **,*** | |
| *******************.com | Japan | **,*** |
FAQ
CVE-2024-11733 is Improper Control of Generation of Code ('Code Injection') in WordPress Popular Posts
A total of 54,943 websites have been identified as vulnerable to CVE-2024-11733, discovered through global website indexing conducted by WebTechSurvey.
WordPress Popular Posts is susceptible to CVE-2024-11733 vulnerability.
WordPress Popular Posts versions before, and including, 7.1 are vulnerable to CVE-2024-11733.