CVE-2024-5451

The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

We have discovered 44,090 live websites that are affected by CVE-2024-5451.

Test my site



Affected Software

Product  The7
Category Wordpress Themes
Vulnerable Domains44,090 live websites (50.30% of The7 install base)
Vulnerable Versions
  • from 0 through 11.13
Vulnerable Versions Count242 versions ( 90.64% of all versions)



Details

  • Published - Jun 25, 2024
  • Updated - Aug 1, 2024

Credits

  • wesley (finder)

CVE-2024-5451 usage by Country

United States12,992 websites


Germany6,492 websites
France3,095 websites
Spain1,816 websites
GB1,662 websites
Italy1,481 websites
Netherlands1,430 websites
Russia1,345 websites
Poland972 websites
Turkey857 websites

CVE-2024-5451 usage by TLD

.com17,251 websites
.de3,525 websites
.org1,421 websites
.nl1,420 websites
.it1,407 websites
.co.uk1,352 websites
.ru1,094 websites
.fr1,023 websites
.es979 websites
.com.br944 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-5451

Top websites that are affected by CVE-2024-5451. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.com Germany**,***
**********.fr Germany**,***
*******.com United States**,***
*******.com France**,***
****.********.com Sweden**,***
****************.org United States**,***
*******.com United States**,***
*******.hu Hungary**,***
*************.com United States**,***
*********.com United States**,***
See full domain list

FAQ

A total of 44,090 websites have been identified as vulnerable to CVE-2024-5451, discovered through global website indexing conducted by WebTechSurvey.
The7 is susceptible to CVE-2024-5451 vulnerability.
The7 versions before, and including, 11.13 are vulnerable to CVE-2024-5451.