CVE-2024-43320

WordPress WPBakery Page Builder Addons plugin <= 3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9.


We have discovered 4,696 live websites that are affected by CVE-2024-43320.

Contact us to get more info




Affected Software

Product  Addons For Visual Composer
Category Wordpress Plugins
Vulnerable Domains4,696 live websites (68.13% of Addons For Visual Composer install base)
Vulnerable Versions
  • from 0 through 3.9
Vulnerable Versions Count44 versions ( 95.65% of all versions)


Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Aug 18, 2024
  • Updated - Aug 19, 2024

Credits

  • LVT-tholv2k (Patchstack Alliance) (finder)

CVE-2024-43320 usage by Country

United States1,400 websites



Germany554 websites
Italy356 websites
France338 websites
Russia173 websites
GB142 websites
Spain133 websites
Poland104 websites
Netherlands89 websites
Brazil88 websites

CVE-2024-43320 usage by TLD

.com1,895 websites
.it267 websites
.org224 websites
.de222 websites
.ru143 websites
.com.br115 websites
.fr104 websites
.net98 websites
.pl82 websites
.nl79 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-43320

Top websites that are affected by CVE-2024-43320. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.org United States**,***
******.com United States**,***
******.org United States***,***
*****.com United States***,***
*************.com United States***,***
*******.org United States***,***
******************.de Germany***,***
*****************.com India***,***
*********.***.br Brazil***,***
*************.org United States***,***
See full domain list

FAQ

CVE-2024-43320 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Addons For Visual Composer
A total of 4,696 websites have been identified as vulnerable to CVE-2024-43320, discovered through global website indexing conducted by WebTechSurvey.
Addons For Visual Composer is susceptible to CVE-2024-43320 vulnerability.
Addons For Visual Composer versions before, and including, 3.9 are vulnerable to CVE-2024-43320.