CVE-2024-24934
WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerabilityImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
We have discovered 758,304 live websites that are affected by CVE-2024-24934.
Affected Software
| Product |  Elementor |
| Category | Landing Page Builders |
| Vulnerable Domains | 758,304 live websites (29.06% of Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 382 versions ( 81.97% of all versions) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Details
- Published - May 17, 2024
- Updated - Aug 1, 2024
Credits
- Rhynorater (Justin Gardner) (finder)
CWE
CVE References
CWE References
CVE-2024-24934 usage by Country
 United States | 211,731 websites |
 Germany | 97,136 websites |
 France | 54,126 websites |
 GB | 25,787 websites |
 Russia | 25,223 websites |
 Poland | 24,026 websites |
 Spain | 21,375 websites |
 Brazil | 21,239 websites |
 Cyprus | 20,255 websites |
 Italy | 18,908 websites |
CVE-2024-24934 usage by TLD
| .com | 294,590 websites |
| .de | 41,787 websites |
| .com.br | 28,914 websites |
| .org | 26,078 websites |
| .ru | 21,039 websites |
| .pl | 19,561 websites |
| .fr | 19,344 websites |
| .nl | 18,256 websites |
| .co.uk | 16,837 websites |
| .it | 16,647 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-24934
Top websites that are affected by CVE-2024-24934. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| **************.com | United States | *,*** | |
| ***.***.ca |  Canada | *,*** | |
| ***********.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| **.***.br | Brazil | *,*** | |
| *****.com | United States | *,*** | |
| *********.me | United States | *,*** |
FAQ
CVE-2024-24934 is Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Elementor
A total of 758,304 websites have been identified as vulnerable to CVE-2024-24934, discovered through global website indexing conducted by WebTechSurvey.
Elementor is susceptible to CVE-2024-24934 vulnerability.
Elementor versions before, and including, 3.19 are vulnerable to CVE-2024-24934.