CVE-2024-35679
WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0.
We have discovered 10,841 live websites that are affected by CVE-2024-35679.
Affected Software
| Product |  GiveWP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,841 live websites (29.73% of GiveWP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 205 versions ( 86.50% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jun 8, 2024
- Updated - Aug 2, 2024
Credits
- Dimas Maulana (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2024-35679 usage by Country
 United States | 5,017 websites |
 Germany | 1,165 websites |
 France | 663 websites |
 GB | 561 websites |
 Cyprus | 304 websites |
 Italy | 295 websites |
 Canada | 231 websites |
 Australia | 191 websites |
 Spain | 173 websites |
 South Africa | 146 websites |
CVE-2024-35679 usage by TLD
| .org | 4,250 websites |
| .com | 2,748 websites |
| .de | 299 websites |
| .it | 243 websites |
| .fr | 192 websites |
| .net | 188 websites |
| .ca | 183 websites |
| .org.uk | 176 websites |
| .co.uk | 155 websites |
| .nl | 96 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-35679
Top websites that are affected by CVE-2024-35679. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.sk | United States | **,*** | |
| ********.org | United States | **,*** | |
| *********.org | United States | **,*** | |
| ************.org | United States | **,*** | |
| ****************.org | Germany | **,*** | |
| *******.org | United States | **,*** | |
| **************.com | Australia | **,*** | |
| ****.org | United States | **,*** | |
| **********.net | United States | ***,*** | |
| ***.***.uk | United States | ***,*** |
FAQ
CVE-2024-35679 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GiveWP
A total of 10,841 websites have been identified as vulnerable to CVE-2024-35679, discovered through global website indexing conducted by WebTechSurvey.
GiveWP is susceptible to CVE-2024-35679 vulnerability.
GiveWP versions before, and including, 3.12 are vulnerable to CVE-2024-35679.