CVE-2024-37199
WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9.
We have discovered 96,570 live websites that are affected by CVE-2024-37199.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Domains | 96,570 live websites (81% of Enfold install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 146 versions ( 78% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 22, 2024
- Updated - Aug 2, 2024
Credits
- tom (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-37199 United States | 22,081 websites |
 Germany | 19,420 websites |
 Netherlands | 6,460 websites |
 Italy | 5,406 websites |
 France | 4,799 websites |
 GB | 4,027 websites |
 Spain | 3,340 websites |
 Denmark | 2,065 websites |
 Austria | 1,933 websites |
 Switzerland | 1,860 websites |
Website Distribution by TLD
Number of websites using CVE-2024-37199| .com | 34,000 websites |
| .de | 13,444 websites |
| .nl | 5,968 websites |
| .it | 3,877 websites |
| .org | 3,458 websites |
| .co.uk | 2,793 websites |
| .at | 2,055 websites |
| .fr | 1,998 websites |
| .net | 1,741 websites |
| .ch | 1,583 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-37199
Top websites that are affected by CVE-2024-37199. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com | United States | *,*** | |
| ********.net | United States | **,*** | |
| ************.com | United States | **,*** | |
| *****************************.de | Germany | **,*** | |
| *******.com | Germany | **,*** | |
| ********************.***.uk | GB | **,*** | |
| **************.org | United States | **,*** | |
| **************.fr | France | **,*** | |
| *****.org | United States | **,*** | |
| *********.se | United States | **,*** |
FAQ
CVE-2024-37199 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Enfold
A total of 96,570 websites have been identified as vulnerable to CVE-2024-37199, based on global website indexing conducted by WebTechSurvey.
The Enfold is affected by the CVE-2024-37199 vulnerability.
Enfold versions up to and including 5.6.9 are vulnerable to CVE-2024-37199.