CVE-2024-4490

Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

We have discovered 4,667 live websites that are affected by CVE-2024-4490.

Run a Free Instant Scan



Affected Software

Product  Extra
Category Wordpress Themes
Vulnerable Domains4,667 live websites (100% of Extra install base)
Vulnerable Versions
  • from 0 through 4.25
Vulnerable Versions Count0 versions ( less than 0.1% of all versions)



Details

  • Published - May 10, 2024
  • Updated - Aug 1, 2024

Credits

  • Craig Smith (finder)

Website Distribution by Country

Number of websites using CVE-2024-4490
United States1,614 websites


France444 websites
Germany438 websites
Poland235 websites
GB210 websites
Spain159 websites
Italy156 websites
Netherlands128 websites
Brazil101 websites
Canada80 websites

Website Distribution by TLD

Number of websites using CVE-2024-4490
.com1,993 websites
.org323 websites
.fr210 websites
.pl187 websites
.de176 websites
.net145 websites
.it118 websites
.nl116 websites
.co.uk111 websites
.com.br105 websites

Websites affected by CVE-2024-4490

Top websites that are affected by CVE-2024-4490. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.org United States**,***
************.com United States**,***
***************.net France**,***
****************.com United States**,***
*******.com Singapore**,***
********.com France***,***
***********.org United States***,***
********.********.com United States***,***
*********.***.tr Turkey***,***
**************.it Netherlands***,***
See full domain list

FAQ

A total of 4,667 websites have been identified as vulnerable to CVE-2024-4490, based on global website indexing conducted by WebTechSurvey.
The Extra is affected by the CVE-2024-4490 vulnerability.
Extra versions up to and including 4.25 are vulnerable to CVE-2024-4490.