CVE-2024-1393
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 8,552 live websites that are affected by CVE-2024-1393.
Affected Software
| Product |  Addon Elements For Elementor Page Builder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,552 live websites (31.14% of Addon Elements For Elementor Page Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 22 versions ( 57.89% of all versions) |
Details
- Published - Mar 13, 2024
- Updated - Aug 1, 2024
Credits
- Mdr001 (finder)
CVE References
CVE-2024-1393 usage by Country
 United States | 2,311 websites |
 Germany | 1,141 websites |
 France | 594 websites |
 Russia | 520 websites |
 Poland | 393 websites |
 GB | 254 websites |
 Cyprus | 222 websites |
 Brazil | 185 websites |
 Italy | 156 websites |
 Japan | 142 websites |
CVE-2024-1393 usage by TLD
| .com | 3,175 websites |
| .de | 490 websites |
| .ru | 403 websites |
| .org | 323 websites |
| .pl | 308 websites |
| .com.br | 258 websites |
| .fr | 197 websites |
| .co.uk | 173 websites |
| .net | 143 websites |
| .nl | 123 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1393
Top websites that are affected by CVE-2024-1393. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| ***********.net | United States | **,*** | |
| *****.com | United States | **,*** | |
| ******.social | United States | **,*** | |
| *************.org | United States | **,*** | |
| *************.com | United States | **,*** | |
| ****.***.pl | Poland | ***,*** | |
| ************.********.ru | Russia | ***,*** | |
| *****************.com | United States | ***,*** |
FAQ
A total of 8,552 websites have been identified as vulnerable to CVE-2024-1393, discovered through global website indexing conducted by WebTechSurvey.
Addon Elements For Elementor Page Builder is susceptible to CVE-2024-1393 vulnerability.
Addon Elements For Elementor Page Builder versions before, and including, 1.12.12 are vulnerable to CVE-2024-1393.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=cve
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/content-switcher/skins/skin-3.php#L39
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/content-switcher/skins/skin-3.php#L39