CVE-2024-2344

The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

We have discovered 99,751 live websites that are affected by CVE-2024-2344.

Run a Free Instant Scan



Affected Software

Product  Avada
Category Wordpress Themes
Vulnerable Domains99,751 live websites (60% of Avada install base)
Vulnerable Versions
  • from 0 through 7.11.6
Vulnerable Versions Count118 versions ( 89% of all versions)



Details

  • Published - Apr 9, 2024
  • Updated - Aug 8, 2024

Credits

  • Muhammad Zeeshan (finder)

Website Distribution by Country

Number of websites using CVE-2024-2344
United States29,612 websites


Germany12,717 websites
Italy6,126 websites
France5,379 websites
GB5,374 websites
Spain4,038 websites
Netherlands4,012 websites
Canada2,433 websites
Australia1,991 websites
Poland1,604 websites

Website Distribution by TLD

Number of websites using CVE-2024-2344
.com40,797 websites
.de8,000 websites
.org4,398 websites
.it4,223 websites
.nl3,646 websites
.co.uk3,585 websites
.fr2,176 websites
.com.au1,934 websites
.net1,838 websites
.es1,712 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-2344

Top websites that are affected by CVE-2024-2344. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.**.za South Africa*,***
************.com Germany**,***
************.com United States**,***
***********.com United States**,***
******************.org United States**,***
***********.***.de Germany**,***
***********.com United States**,***
**************.org United States**,***
**********.com United States**,***
****.com United States**,***
See full domain list

FAQ

A total of 99,751 websites have been identified as vulnerable to CVE-2024-2344, based on global website indexing conducted by WebTechSurvey.
The Avada is affected by the CVE-2024-2344 vulnerability.
Avada versions up to and including 7.11.6 are vulnerable to CVE-2024-2344.