CVE-2024-3929
The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 5,950 live websites that are affected by CVE-2024-3929.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,950 live websites (14% of Content Views install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 72 versions ( 88% of all versions) |
Details
- Published - Apr 25, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2024-3929 United States | 1,367 websites |
 Russia | 613 websites |
 Germany | 406 websites |
 Italy | 326 websites |
 France | 287 websites |
 Japan | 284 websites |
 Netherlands | 228 websites |
 GB | 195 websites |
 Canada | 169 websites |
 Spain | 152 websites |
Website Distribution by TLD
Number of websites using CVE-2024-3929| .com | 2,120 websites |
| .ru | 499 websites |
| .org | 404 websites |
| .it | 221 websites |
| .nl | 208 websites |
| .de | 193 websites |
| .net | 170 websites |
| .co.uk | 109 websites |
| .pl | 92 websites |
| .fr | 89 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-3929
Top websites that are affected by CVE-2024-3929. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.app |  Bulgaria | **,*** | |
| *********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ******.org | United States | ***,*** | |
| ****.***.gr |  Greece | ***,*** | |
| **********.com | United States | ***,*** | |
| *******.***.za |  South Africa | ***,*** | |
| *******.******.ru | Russia | ***,*** | |
| ***********.com | United States | ***,*** | |
| **************.com | United States | ***,*** |
FAQ
A total of 5,950 websites have been identified as vulnerable to CVE-2024-3929, based on global website indexing conducted by WebTechSurvey.
The Content Views is affected by the CVE-2024-3929 vulnerability.
Content Views versions up to and including 3.7 are vulnerable to CVE-2024-3929.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5666da4a-ffb6-47ed-8b48-a80f09dd2501?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074758%40content-views-query-and-display-post-page&new=3074758%40content-views-query-and-display-post-page&sfp_email=&sfph_mail=