CVE-2024-1236
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 28,124 live websites that are affected by CVE-2024-1236.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 28,124 live websites (8.75% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 74 versions ( 51% of all versions) |
Details
- Published - Feb 20, 2024
- Updated - Aug 1, 2024
Credits
- Craig Smith (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2024-1236 United States | 5,756 websites |
 Germany | 2,711 websites |
 France | 1,782 websites |
 Brazil | 1,414 websites |
 GB | 1,257 websites |
 Italy | 1,168 websites |
 Spain | 1,053 websites |
 India | 1,041 websites |
 Poland | 827 websites |
 Russia | 733 websites |
Website Distribution by TLD
Number of websites using CVE-2024-1236| .com | 10,771 websites |
| .de | 1,353 websites |
| .com.br | 1,293 websites |
| .org | 1,097 websites |
| .it | 844 websites |
| .fr | 743 websites |
| .co.uk | 668 websites |
| .pl | 608 websites |
| .ru | 547 websites |
| .nl | 526 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1236
Top websites that are affected by CVE-2024-1236. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | **,*** | |
| *****.pt | United States | **,*** | |
| *********************.pt |  Portugal | **,*** | |
| ***********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ******************.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| **************.com | United States | **,*** |
FAQ
A total of 28,124 websites have been identified as vulnerable to CVE-2024-1236, based on global website indexing conducted by WebTechSurvey.
The Essential Addons for Elementor is affected by the CVE-2024-1236 vulnerability.
Essential Addons for Elementor versions up to and including 5.9.8 are vulnerable to CVE-2024-1236.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3259
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3261
- https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php