CVE-2024-2666
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content.
We have discovered 24,207 live websites that are affected by CVE-2024-2666.
Affected Software
| Product |  Premium Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 24,207 live websites (20.57% of Premium Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 371 versions ( 85.48% of all versions) |
Details
- Published - Apr 10, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-2666 usage by Country
 United States | 7,280 websites |
 Germany | 2,986 websites |
 France | 1,603 websites |
 Russia | 971 websites |
 GB | 867 websites |
 Brazil | 850 websites |
 Cyprus | 839 websites |
 Poland | 829 websites |
 Spain | 615 websites |
 Italy | 534 websites |
CVE-2024-2666 usage by TLD
| .com | 9,661 websites |
| .com.br | 1,234 websites |
| .de | 1,066 websites |
| .org | 873 websites |
| .ru | 757 websites |
| .pl | 666 websites |
| .co.uk | 575 websites |
| .fr | 559 websites |
| .nl | 476 websites |
| .it | 466 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2666
Top websites that are affected by CVE-2024-2666. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| *********.com | United States | **,*** | |
| *******************.es | Spain | **,*** | |
| ***********.com | United States | **,*** | |
| *******.org | United States | **,*** | |
| *********.com |  United Arab Emirates | **,*** | |
| **************.com | United States | **,*** | |
| ********.**.il |  Israel | **,*** | |
| *********.**.th | United States | **,*** | |
| *******.com | United States | ***,*** |
FAQ
A total of 24,207 websites have been identified as vulnerable to CVE-2024-2666, discovered through global website indexing conducted by WebTechSurvey.
Premium Addons for Elementor is susceptible to CVE-2024-2666 vulnerability.
Premium Addons for Elementor versions before, and including, 4.10.24 are vulnerable to CVE-2024-2666.