CVE-2024-31289
WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityCross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0.
We have discovered 108,969 live websites that are affected by CVE-2024-31289.
Affected Software
| Product |  Hello Elementor |
| Category | Wordpress Themes |
| Vulnerable Domains | 108,969 live websites (17% of Hello Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 28 versions ( 61% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Apr 12, 2024
- Updated - Aug 8, 2024
Credits
- Dhabaleshwar Das (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-31289 United States | 28,107 websites |
 Germany | 11,410 websites |
 Brazil | 7,543 websites |
 France | 5,415 websites |
 Italy | 5,134 websites |
 GB | 4,842 websites |
 Israel | 3,482 websites |
 Netherlands | 3,302 websites |
 Spain | 3,250 websites |
 Poland | 2,536 websites |
Website Distribution by TLD
Number of websites using CVE-2024-31289| .com | 40,880 websites |
| .com.br | 7,150 websites |
| .de | 6,829 websites |
| .org | 3,740 websites |
| .it | 3,675 websites |
| .co.uk | 3,026 websites |
| .nl | 2,991 websites |
| .fr | 2,404 websites |
| .net | 2,054 websites |
| .ru | 1,940 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-31289
Top websites that are affected by CVE-2024-31289. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.ca |  Canada | *,*** | |
| ****.com | United States | **,*** | |
| **********************.de | Germany | **,*** | |
| *********************.es | Spain | **,*** | |
| *****.io | United States | **,*** | |
| ******.com | United States | **,*** | |
| ********.org | United States | **,*** | |
| ****.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ***************.com | United States | **,*** |
FAQ
CVE-2024-31289 is Cross-Site Request Forgery (CSRF) in Hello Elementor
A total of 108,969 websites have been identified as vulnerable to CVE-2024-31289, based on global website indexing conducted by WebTechSurvey.
The Hello Elementor is affected by the CVE-2024-31289 vulnerability.
Hello Elementor versions up to and including 3 are vulnerable to CVE-2024-31289.