CVE-2024-24934
WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerabilityImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
We have discovered 449,984 live websites that are affected by CVE-2024-24934.
Affected Software
| Product |  Elementor |
| Category | Landing Page Builders |
| Vulnerable Domains | 449,984 live websites (17% of Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 220 versions ( 67% of all versions) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Details
- Published - May 17, 2024
- Updated - Aug 1, 2024
Credits
- Rhynorater (Justin Gardner) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-24934 United States | 88,450 websites |
 Germany | 48,852 websites |
 France | 28,701 websites |
 Italy | 22,410 websites |
 Russia | 18,167 websites |
 GB | 17,492 websites |
 Brazil | 16,260 websites |
 Spain | 15,935 websites |
 Poland | 15,498 websites |
 Netherlands | 12,361 websites |
Website Distribution by TLD
Number of websites using CVE-2024-24934| .com | 165,243 websites |
| .de | 27,182 websites |
| .it | 15,843 websites |
| .com.br | 15,022 websites |
| .org | 14,938 websites |
| .ru | 14,386 websites |
| .fr | 11,933 websites |
| .pl | 11,753 websites |
| .nl | 11,039 websites |
| .co.uk | 9,537 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-24934
Top websites that are affected by CVE-2024-24934. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.ca |  Canada | *,*** | |
| ********.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| **********.org | United States | *,*** | |
| **********.com | United States | *,*** | |
| ****.bg |  Bulgaria | *,*** | |
| ********.com | GB | *,*** | |
| ***************.org | United States | *,*** |
FAQ
CVE-2024-24934 is Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Elementor
A total of 449,984 websites have been identified as vulnerable to CVE-2024-24934, based on global website indexing conducted by WebTechSurvey.
The Elementor is affected by the CVE-2024-24934 vulnerability.
Elementor versions up to and including 3.19 are vulnerable to CVE-2024-24934.