CVE-2024-2974
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts.
We have discovered 33,921 live websites that are affected by CVE-2024-2974.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 33,921 live websites (11% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 79 versions ( 56% of all versions) |
Details
- Published - Apr 9, 2024
- Updated - Aug 1, 2024
Credits
- Ankit Patel (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2024-2974 United States | 7,078 websites |
 Germany | 3,237 websites |
 France | 2,136 websites |
 Brazil | 1,664 websites |
 GB | 1,524 websites |
 Italy | 1,405 websites |
 India | 1,297 websites |
 Spain | 1,254 websites |
 Poland | 1,031 websites |
 Russia | 883 websites |
Website Distribution by TLD
Number of websites using CVE-2024-2974| .com | 13,088 websites |
| .de | 1,600 websites |
| .com.br | 1,527 websites |
| .org | 1,325 websites |
| .it | 996 websites |
| .fr | 898 websites |
| .co.uk | 824 websites |
| .pl | 760 websites |
| .ru | 682 websites |
| .net | 608 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2974
Top websites that are affected by CVE-2024-2974. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | **,*** | |
| *****************.info |  Bulgaria | **,*** | |
| *****.pt | United States | **,*** | |
| *********************.pt |  Portugal | **,*** | |
| ********.me | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ******************.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| *********.com | United States | **,*** |
FAQ
A total of 33,921 websites have been identified as vulnerable to CVE-2024-2974, based on global website indexing conducted by WebTechSurvey.
The Essential Addons for Elementor is affected by the CVE-2024-2974 vulnerability.
Essential Addons for Elementor versions up to and including 5.9.13 are vulnerable to CVE-2024-2974.