CVE-2024-31111
WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9.
We have discovered 408,407 live websites that are affected by CVE-2024-31111.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Domains | 408,407 live websites (4.43% of WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 48 versions ( 5.16% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jun 25, 2024
- Updated - Aug 2, 2024
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2024-31111 usage by Country
 United States | 150,160 websites |
 Germany | 55,889 websites |
 France | 18,904 websites |
 Japan | 15,705 websites |
 Poland | 15,635 websites |
 GB | 13,847 websites |
 Netherlands | 10,802 websites |
 Russia | 10,542 websites |
 Cyprus | 9,805 websites |
 Spain | 8,239 websites |
CVE-2024-31111 usage by TLD
| .com | 165,049 websites |
| .de | 27,721 websites |
| .org | 17,731 websites |
| .pl | 13,248 websites |
| .nl | 11,804 websites |
| .net | 11,619 websites |
| .ru | 11,023 websites |
| .co.uk | 10,063 websites |
| .com.br | 7,962 websites |
| .it | 6,823 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-31111
Top websites that are affected by CVE-2024-31111. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *** | |
| ******.com | United States | *** | |
| **********.ca |  Canada | *,*** | |
| *****.pl | Poland | *,*** | |
| ********.com | United States | *,*** | |
| ********.com |  Singapore | *,*** | |
| ************.com | United States | *,*** | |
| ************.com | United States | *,*** | |
| ****.cc |  Cocos(Keeling) Island | *,*** | |
| ****.tv | France | *,*** |
FAQ
CVE-2024-31111 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WordPress
A total of 408,407 websites have been identified as vulnerable to CVE-2024-31111, discovered through global website indexing conducted by WebTechSurvey.
WordPress is susceptible to CVE-2024-31111 vulnerability.
WordPress versions before, and including, 6.5.4 are vulnerable to CVE-2024-31111.