CVE-2024-5188
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site ScriptingThe Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 61,573 live websites that are affected by CVE-2024-5188.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 61,573 live websites (21.63% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 175 versions ( 84.95% of all versions) |
Details
- Published - Jun 6, 2024
- Updated - Aug 1, 2024
Credits
- Ngô Thiên An (finder)
CVE References
CVE-2024-5188 usage by Country
 United States | 19,557 websites |
 Germany | 7,685 websites |
 France | 4,094 websites |
 Cyprus | 2,724 websites |
 GB | 2,208 websites |
 Brazil | 2,152 websites |
 Spain | 1,728 websites |
 Poland | 1,675 websites |
 Italy | 1,253 websites |
 Russia | 1,236 websites |
CVE-2024-5188 usage by TLD
| .com | 24,920 websites |
| .com.br | 3,094 websites |
| .de | 2,665 websites |
| .org | 2,615 websites |
| .ru | 1,656 websites |
| .co.uk | 1,437 websites |
| .fr | 1,426 websites |
| .pl | 1,301 websites |
| .net | 1,159 websites |
| .it | 1,097 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5188
Top websites that are affected by CVE-2024-5188. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.cz |  Czech Republic | *,*** | |
| **********.com | United States | **,*** | |
| *******.co | Germany | **,*** | |
| *******.com | United States | **,*** | |
| ********.net | United States | **,*** | |
| ****.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| *******.******.************.edu | **,*** | ||
| *****************.info |  Bulgaria | **,*** | |
| *****.pt |  Portugal | **,*** |
FAQ
A total of 61,573 websites have been identified as vulnerable to CVE-2024-5188, discovered through global website indexing conducted by WebTechSurvey.
Essential Addons for Elementor is susceptible to CVE-2024-5188 vulnerability.
Essential Addons for Elementor versions before, and including, 5.9.22 are vulnerable to CVE-2024-5188.