CVE-2024-4637

Name: Websites susceptible to CVE-2024-4637
Creator: WebTechSurvey

CVE-2024-4637

Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

We have discovered 1,349,826 live websites that are affected by CVE-2024-4637.

Test my site

Affected Software


Product	Revslider
Category	UI Frameworks
Vulnerable Domains	1,349,826 live websites (81.35% of Revslider install base)
Vulnerable Versions	from 0 through 6.7.10
Vulnerable Versions Count	461 versions ( 92.38% of all versions)

Available Reports

Website List

Details

Published - Jun 4, 2024
Updated - Aug 1, 2024

Credits

Matthew Rollings (finder)

CVE References

CVE-2024-4637 usage by Country

United States	434,200 websites

Germany	167,430 websites
France	91,007 websites
GB	51,834 websites
Italy	49,705 websites
Spain	41,407 websites
Netherlands	35,214 websites
Poland	33,463 websites
Turkey	30,738 websites
Russia	27,024 websites

CVE-2024-4637 usage by TLD

.com	570,098 websites
.de	72,831 websites
.org	47,788 websites
.it	43,711 websites
.co.uk	38,026 websites
.nl	33,417 websites
.com.br	32,274 websites
.fr	30,862 websites
.pl	26,637 websites
.com.au	26,234 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-4637

Top websites that are affected by CVE-2024-4637. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
***********.company	Denmark	,**
*******.com	Netherlands	,**
****.eu	United States	,**
******.com	United States	,**
***********.eu	Germany	,**
************.com	Singapore	,**
******************.org	United States	,**
****.int	Canada	,**
************.ie	United States	,**
**********.org	United States	,**

See full domain list

FAQ

A total of 1,349,826 websites have been identified as vulnerable to CVE-2024-4637, discovered through global website indexing conducted by WebTechSurvey.

Revslider is susceptible to CVE-2024-4637 vulnerability.

Revslider versions before, and including, 6.7.10 are vulnerable to CVE-2024-4637.

CVE-2024-4637

Affected Software

Available Reports

Details

Credits

CVE References

CVE-2024-4637 usage by Country

CVE-2024-4637 usage by TLD

Vulnerable Versions

Websites affected by CVE-2024-4637

How many websites are susceptible to the vulnerability identified as CVE-2024-4637?

What technological component facilitates the exploitation of the CVE-2024-4637 vulnerability?

What versions of Revslider are affected by CVE-2024-4637?

References