CVE-2024-21752


WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.


We have discovered 850 live websites that are affected by CVE-2024-21752.

Contact us to get more info



Affected Software

Product  Ajax Search Lite
Category Wordpress Plugins
Vulnerable Versions
  • from 0 through 4.11.4
Total Vulnerable Versions47
Vulnerable Domains850 live websites (98.04% of Ajax Search Lite install base)


Common Weakness Enumeration


CWE-352 Cross-Site Request Forgery (CSRF)


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2024-21752 and the relative popularity of websites


Details

  • Published - Feb 29, 2024
  • Updated - Feb 29, 2024

Credits

  • Le Ngoc Anh (Patchstack Alliance) (finder)





Countries

United States179 websites


Russia89 websites
France67 websites
Germany66 websites
Italy47 websites
GB37 websites
Spain31 websites
Poland25 websites
Netherlands20 websites
Brazil20 websites

TLDs

.com286 websites
.ru82 websites
.org48 websites
.de41 websites
.fr36 websites
.pl21 websites
.it21 websites
.co.uk16 websites
.es15 websites
.ca13 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2024-21752 through included software libraries and plugins.



References


Websites affected by CVE-2024-21752

Top websites that are affected by CVE-2024-21752. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
***.******.at Austria*,***
*********.com Netherlands**,***
**********.com United States**,***
***.***.**.ca Canada**,***
**********.com Canada**,***
***.***********.com Mexico**,***
*************.eu Germany**,***
******.ru Russia**,***
***********.com United States**,***
***.*****************.org Italy***,***
See full domain list