CVE-2024-4342
Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site ScriptingThe Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 11,085 live websites that are affected by CVE-2024-4342.
Affected Software
| Product |  Royal Elementor Addons |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,085 live websites (21.41% of Royal Elementor Addons install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 89 versions ( 74.17% of all versions) |
Details
- Published - Jun 1, 2024
- Updated - Aug 1, 2024
Credits
- Matthew Rollings (finder)
CVE References
CVE-2024-4342 usage by Country
 United States | 2,891 websites |
 Germany | 1,549 websites |
 France | 912 websites |
 Cyprus | 661 websites |
 Brazil | 601 websites |
 Russia | 403 websites |
 Italy | 332 websites |
 GB | 319 websites |
 Poland | 282 websites |
 Spain | 274 websites |
CVE-2024-4342 usage by TLD
| .com | 4,296 websites |
| .com.br | 927 websites |
| .de | 508 websites |
| .org | 407 websites |
| .fr | 370 websites |
| .ru | 344 websites |
| .it | 295 websites |
| .pl | 217 websites |
| .net | 205 websites |
| .co.uk | 162 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4342
Top websites that are affected by CVE-2024-4342. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ***********.net | United States | **,*** | |
| *****.clinic |  Israel | **,*** | |
| ************.com | United States | ***,*** | |
| ******.org | GB | ***,*** | |
| ***********.com | United States | ***,*** | |
| ******.me | United States | ***,*** |
FAQ
A total of 11,085 websites have been identified as vulnerable to CVE-2024-4342, discovered through global website indexing conducted by WebTechSurvey.
Royal Elementor Addons is susceptible to CVE-2024-4342 vulnerability.
Royal Elementor Addons versions before, and including, 1.3.975 are vulnerable to CVE-2024-4342.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d565196-592d-415c-b37c-e54456aa9ed8?source=cve
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/image-hotspots/widgets/wpr-image-hotspots.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-hotspots%2Fwidgets%2Fwpr-image-hotspots.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/image-accordion/widgets/wpr-image-accordion.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-accordion%2Fwidgets%2Fwpr-image-accordion.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/offcanvas/widgets/wpr-offcanvas.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Foffcanvas%2Fwidgets%2Fwpr-offcanvas.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/woo-grid/widgets/wpr-woo-grid.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/theme-builder/woocommerce/product-mini-cart/widgets/wpr-product-mini-cart.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Ftheme-builder%2Fwoocommerce%2Fproduct-mini-cart%2Fwidgets%2Fwpr-product-mini-cart.php