CVE-2024-2792
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 8,996 live websites that are affected by CVE-2024-2792.
Affected Software
| Product |  Addon Elements For Elementor Page Builder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,996 live websites (32.75% of Addon Elements For Elementor Page Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 25 versions ( 65.79% of all versions) |
Details
- Published - Apr 9, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-2792 usage by Country
 United States | 2,475 websites |
 Germany | 1,193 websites |
 France | 624 websites |
 Russia | 534 websites |
 Poland | 412 websites |
 GB | 268 websites |
 Cyprus | 233 websites |
 Brazil | 191 websites |
 Italy | 164 websites |
 Japan | 148 websites |
CVE-2024-2792 usage by TLD
| .com | 3,348 websites |
| .de | 507 websites |
| .ru | 416 websites |
| .org | 343 websites |
| .pl | 323 websites |
| .com.br | 272 websites |
| .fr | 208 websites |
| .co.uk | 185 websites |
| .net | 157 websites |
| .nl | 129 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2792
Top websites that are affected by CVE-2024-2792. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| ***********.net | United States | **,*** | |
| *****.com | United States | **,*** | |
| ******.social | United States | **,*** | |
| *************.org | United States | **,*** | |
| *************.com | United States | **,*** | |
| ****.***.pl | Poland | ***,*** | |
| ************.********.ru | Russia | ***,*** | |
| *****************.com | United States | ***,*** |
FAQ
A total of 8,996 websites have been identified as vulnerable to CVE-2024-2792, discovered through global website indexing conducted by WebTechSurvey.
Addon Elements For Elementor Page Builder is susceptible to CVE-2024-2792 vulnerability.
Addon Elements For Elementor Page Builder versions before, and including, 1.13.2 are vulnerable to CVE-2024-2792.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dcc5a611-23bf-499e-8141-684458d9ce3b?source=cve
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13#modules/image-compare/widgets
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/image-compare/widgets/image-compare.php#L508
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/image-compare/widgets/image-compare.php#L521
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058768%40addon-elements-for-elementor-page-builder&new=3058768%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=