CVE-2024-4376
Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text WidgetThe Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. While 4.10.32 is patched, it is recommended to update to 4.10.33 because 4.10.32 caused a fatal error.
We have discovered 28,765 live websites that are affected by CVE-2024-4376.
Affected Software
| Product |  Premium Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 28,765 live websites (24.45% of Premium Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 378 versions ( 87.10% of all versions) |
Details
- Published - May 31, 2024
- Updated - Aug 1, 2024
Credits
- Craig Smith (finder)
CVE References
CVE-2024-4376 usage by Country
 United States | 8,971 websites |
 Germany | 3,528 websites |
 France | 1,869 websites |
 Cyprus | 1,106 websites |
 Russia | 1,042 websites |
 GB | 1,005 websites |
 Brazil | 1,004 websites |
 Poland | 971 websites |
 Spain | 740 websites |
 Italy | 632 websites |
CVE-2024-4376 usage by TLD
| .com | 11,748 websites |
| .com.br | 1,473 websites |
| .de | 1,285 websites |
| .org | 1,038 websites |
| .ru | 812 websites |
| .pl | 782 websites |
| .co.uk | 672 websites |
| .fr | 664 websites |
| .it | 554 websites |
| .nl | 532 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4376
Top websites that are affected by CVE-2024-4376. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| *********.com | United States | **,*** | |
| *******************.es | Spain | **,*** | |
| ***********.com | United States | **,*** | |
| *******.org | United States | **,*** | |
| *********.com |  United Arab Emirates | **,*** | |
| **************.com | United States | **,*** | |
| ********.**.il |  Israel | **,*** | |
| *********.**.th | United States | **,*** | |
| ******.org | United States | **,*** |
FAQ
A total of 28,765 websites have been identified as vulnerable to CVE-2024-4376, discovered through global website indexing conducted by WebTechSurvey.
Premium Addons for Elementor is susceptible to CVE-2024-4376 vulnerability.
Premium Addons for Elementor versions before, and including, 4.10.31 are vulnerable to CVE-2024-4376.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b49d166f-4df0-4997-a078-0be8fcd92576?source=cve
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-fancytext.php#L924
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/assets/frontend/js/typed.js
- https://plugins.trac.wordpress.org/changeset/3090037/premium-addons-for-elementor/trunk/widgets/premium-fancytext.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3090609%40premium-addons-for-elementor&new=3090609%40premium-addons-for-elementor&sfp_email=&sfph_mail=