CVE-2024-35656
WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.
We have discovered 315,994 live websites that are affected by CVE-2024-35656.
Affected Software
| Product |  Elementor Pro |
| Category | Landing Page Builders |
| Vulnerable Domains | 315,994 live websites (25% of Elementor Pro install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 189 versions ( 74% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 22, 2024
- Updated - Aug 2, 2024
Credits
- Michael (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-35656 United States | 79,960 websites |
 Germany | 29,064 websites |
 Brazil | 17,438 websites |
 France | 15,108 websites |
 GB | 12,993 websites |
 Italy | 12,377 websites |
 Spain | 11,139 websites |
 Russia | 10,703 websites |
 Netherlands | 7,896 websites |
 Poland | 7,838 websites |
Website Distribution by TLD
Number of websites using CVE-2024-35656| .com | 126,420 websites |
| .com.br | 16,422 websites |
| .de | 15,586 websites |
| .org | 11,316 websites |
| .it | 8,903 websites |
| .ru | 8,359 websites |
| .co.uk | 7,168 websites |
| .nl | 7,020 websites |
| .net | 6,485 websites |
| .fr | 6,144 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-35656
Top websites that are affected by CVE-2024-35656. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.de | Germany | *** | |
| ***.***.ca |  Canada | *,*** | |
| ******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| ******************.org | United States | *,*** | |
| *********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ********.com | GB | *,*** | |
| ***************.org | United States | *,*** |
FAQ
CVE-2024-35656 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Elementor Pro
A total of 315,994 websites have been identified as vulnerable to CVE-2024-35656, based on global website indexing conducted by WebTechSurvey.
The Elementor Pro is affected by the CVE-2024-35656 vulnerability.
Elementor Pro versions up to and including 3.21.2 are vulnerable to CVE-2024-35656.