CVE-2024-27991
WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.
We have discovered 428 live websites that are affected by CVE-2024-27991.
Affected Software
| Product |  Supportcandy |
| Category | Wordpress Plugins |
| Vulnerable Domains | 428 live websites (21% of Supportcandy install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 32 versions ( 62% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Mar 21, 2024
- Updated - Aug 2, 2024
Credits
- Mochamad Sofyan (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-27991 United States | 96 websites |
 Italy | 47 websites |
 Germany | 36 websites |
 Iran | 28 websites |
 Russia | 23 websites |
 France | 21 websites |
 GB | 20 websites |
 Brazil | 19 websites |
 Spain | 13 websites |
 Australia | 11 websites |
Website Distribution by TLD
Number of websites using CVE-2024-27991| .com | 155 websites |
| .it | 35 websites |
| .ru | 21 websites |
| .com.br | 19 websites |
| .net | 12 websites |
| .org | 12 websites |
| .de | 12 websites |
| .pl | 7 websites |
| .eu | 6 websites |
| .es | 6 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-27991
Top websites that are affected by CVE-2024-27991. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.app |  Bulgaria | **,*** | |
| ****************.com | GB | **,*** | |
| ********.pt | United States | **,*** | |
| *****.sv |  El Salvador | ***,*** | |
| *****************.com | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| *********.de | Germany | ***,*** | |
| ************.***.au | Australia | ***,*** | |
| ************.com | United States | ***,*** |
FAQ
CVE-2024-27991 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Supportcandy
A total of 428 websites have been identified as vulnerable to CVE-2024-27991, based on global website indexing conducted by WebTechSurvey.
The Supportcandy is affected by the CVE-2024-27991 vulnerability.
Supportcandy versions up to and including 3.2.3 are vulnerable to CVE-2024-27991.