CVE-2024-4452
ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site ScriptingThe ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 11,435 live websites that are affected by CVE-2024-4452.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,435 live websites (55.23% of ElementsKit Pro install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 78 versions ( 78.79% of all versions) |
Details
- Published - May 21, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-4452 usage by Country
 United States | 4,202 websites |
 Germany | 1,255 websites |
 Cyprus | 711 websites |
 France | 525 websites |
 Brazil | 514 websites |
 Russia | 444 websites |
 GB | 357 websites |
 Iran | 297 websites |
 Poland | 219 websites |
 Turkey | 165 websites |
CVE-2024-4452 usage by TLD
| .com | 5,213 websites |
| .com.br | 814 websites |
| .org | 476 websites |
| .ru | 362 websites |
| .de | 304 websites |
| .co.uk | 219 websites |
| .net | 204 websites |
| .com.au | 181 websites |
| .pl | 161 websites |
| .fr | 133 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4452
Top websites that are affected by CVE-2024-4452. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | **,*** | |
| *********.com | GB | **,*** | |
| *****.org | United States | **,*** | |
| ******.com | United States | **,*** | |
| *********.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| **************.ru | Russia | ***,*** | |
| *************.com | United States | ***,*** | |
| **************.mc |  Monaco | ***,*** |
FAQ
A total of 11,435 websites have been identified as vulnerable to CVE-2024-4452, discovered through global website indexing conducted by WebTechSurvey.
ElementsKit Pro is susceptible to CVE-2024-4452 vulnerability.
ElementsKit Pro versions before, and including, 3.6.1 are vulnerable to CVE-2024-4452.