CVE-2024-43309
WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27.
We have discovered 34 live websites that are affected by CVE-2024-43309.
Affected Software
| Product |  Wptelegram Widget |
| Category | Wordpress Plugins |
| Vulnerable Domains | 34 live websites (100% of Wptelegram Widget install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Aug 18, 2024
- Updated - Aug 19, 2024
Credits
- Muhammad Daffa (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-43309 United States | 5 websites |
 Russia | 7 websites |
 Italy | 5 websites |
 Ukraine | 4 websites |
 Brazil | 2 websites |
 Iran | 2 websites |
 Poland | 2 websites |
 Canada | 1 websites |
 Czech Republic | 1 websites |
 France | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2024-43309| .com | 7 websites |
| .ru | 7 websites |
| .it | 4 websites |
| .com.br | 1 websites |
| .cz | 1 websites |
| .info | 1 websites |
| .io | 1 websites |
| .org | 1 websites |
| .pl | 1 websites |
Websites affected by CVE-2024-43309
Top websites that are affected by CVE-2024-43309. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.ru | Russia | *,***,*** | |
| **********.com | Canada | *,***,*** | |
| *********.***.br | Brazil | *,***,*** | |
| ********.***.ua | Ukraine | **,***,*** | |
| ****.***.ir | Iran | **,***,*** | |
| **************.***.ua | Ukraine | **,***,*** | |
| ************.hu |  Hungary | **,***,*** | |
| **********.cz | Czech Republic | **,***,*** | |
| ***************.pl | Poland | **,***,*** | |
| ***********.it | Italy | **,***,*** |
FAQ
CVE-2024-43309 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Wptelegram Widget
A total of 34 websites have been identified as vulnerable to CVE-2024-43309, based on global website indexing conducted by WebTechSurvey.
The Wptelegram Widget is affected by the CVE-2024-43309 vulnerability.
Wptelegram Widget versions up to and including 2.1.27 are vulnerable to CVE-2024-43309.