CVE-2024-1242
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 56,114 live websites that are affected by CVE-2024-1242.
Affected Software
| Product |  Premium Addons for Elementor |
| Category | Widgets |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 375 |
| Vulnerable Domains | 56,114 live websites (56.93% of Premium Addons for Elementor install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2024-1242 and the relative popularity of websitesDetails
- Published - Feb 20, 2024
- Updated - Feb 20, 2024
Credits
- Mdr001 (finder)
CVE References
CWE References
Countries
 United States | 14,235 websites |
 Germany | 3,966 websites |
 France | 3,408 websites |
 GB | 2,781 websites |
 Brazil | 2,702 websites |
 India | 2,455 websites |
 Italy | 2,325 websites |
 Spain | 1,894 websites |
 Poland | 1,674 websites |
 Netherlands | 1,365 websites |
TLDs
| .com | 23,743 websites |
| .de | 2,586 websites |
| .com.br | 2,375 websites |
| .org | 2,349 websites |
| .fr | 1,606 websites |
| .co.uk | 1,550 websites |
| .it | 1,547 websites |
| .pl | 1,273 websites |
| .nl | 1,170 websites |
| .ru | 986 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2024-1242 through included software libraries and plugins.References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1026b753-e82b-4fa3-9023-c36ab9863b29?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035504%40premium-addons-for-elementor%2Ftrunk&old=3025571%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=
Websites affected by CVE-2024-1242
Top websites that are affected by CVE-2024-1242. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| ***.******************.org | United States | *,*** | |
| *************.com | United States | **,*** | |
| ****************.com | United States | **,*** | |
| *************.**.uk | GB | **,*** | |
| ***.******.com | Germany | **,*** | |
| *******************.nl | Netherlands | **,*** | |
| ****************.***.ar |  Argentina | **,*** | |
| ********.ai | United States | **,*** | |
| ***.***********.com | United States | **,*** |