CVE-2024-5263
ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table WidgetsThe ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 11,815 live websites that are affected by CVE-2024-5263.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,815 live websites (57.07% of ElementsKit Pro install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 79 versions ( 79.80% of all versions) |
Details
- Published - Jun 15, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-5263 usage by Country
 United States | 4,364 websites |
 Germany | 1,287 websites |
 Cyprus | 731 websites |
 France | 548 websites |
 Brazil | 530 websites |
 Russia | 447 websites |
 GB | 371 websites |
 Iran | 309 websites |
 Poland | 227 websites |
 Turkey | 174 websites |
CVE-2024-5263 usage by TLD
| .com | 5,390 websites |
| .com.br | 840 websites |
| .org | 501 websites |
| .ru | 365 websites |
| .de | 317 websites |
| .co.uk | 227 websites |
| .net | 208 websites |
| .com.au | 187 websites |
| .pl | 167 websites |
| .fr | 137 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5263
Top websites that are affected by CVE-2024-5263. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.org | United States | **,*** | |
| ************.com | United States | **,*** | |
| *********.com | GB | **,*** | |
| *****.org | United States | **,*** | |
| ******.com | United States | **,*** | |
| *********.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| **************.ru | Russia | ***,*** | |
| *************.com | United States | ***,*** |
FAQ
A total of 11,815 websites have been identified as vulnerable to CVE-2024-5263, discovered through global website indexing conducted by WebTechSurvey.
ElementsKit Pro is susceptible to CVE-2024-5263 vulnerability.
ElementsKit Pro versions before, and including, 3.6.2 are vulnerable to CVE-2024-5263.