CVE-2024-54444

WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.

We have discovered 687,127 live websites that are affected by CVE-2024-54444.

Run a Free Instant Scan



Affected Software

Product  Elementor
Category Landing Page Builders
Vulnerable Domains687,127 live websites (27% of Elementor install base)
Vulnerable Versions
  • from 0 through 3.25.10
Vulnerable Versions Count266 versions ( 81% of all versions)



Details

  • Published - Feb 25, 2025
  • Updated - Apr 1, 2026

Credits

  • stealthcopter | Patchstack Bug Bounty Program (finder)

Website Distribution by Country

Number of websites using CVE-2024-54444
United States147,017 websites


Germany71,997 websites
France41,001 websites
Italy32,973 websites
GB26,589 websites
Brazil26,075 websites
Spain24,275 websites
Russia23,865 websites
Poland22,589 websites
Netherlands18,470 websites

Website Distribution by TLD

Number of websites using CVE-2024-54444
.com262,986 websites
.de39,297 websites
.org24,568 websites
.com.br24,339 websites
.it23,618 websites
.ru19,035 websites
.pl17,176 websites
.fr16,849 websites
.nl16,473 websites
.co.uk14,585 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-54444

Top websites that are affected by CVE-2024-54444. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
************.com United States*,***
***.***.ca Canada*,***
********.com United States*,***
******.com United States*,***
**********.com United States*,***
*****.com United States*,***
*****.com United States*,***
*********.com United States*,***
**********.org United States*,***
**********.com United States*,***
See full domain list

FAQ

A total of 687,127 websites have been identified as vulnerable to CVE-2024-54444, based on global website indexing conducted by WebTechSurvey.
The Elementor is affected by the CVE-2024-54444 vulnerability.
Elementor versions up to and including 3.25.10 are vulnerable to CVE-2024-54444.