CVE-2024-5757
Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title WidgetThe Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 89,812 live websites that are affected by CVE-2024-5757.
Affected Software
| Product |  Header Footer and Blocks for Elementor |
| Category | Widgets |
| Vulnerable Domains | 89,812 live websites (35.36% of Header Footer and Blocks for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 71 versions ( 76.34% of all versions) |
Details
- Published - Jun 13, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-5757 usage by Country
 United States | 25,675 websites |
 Germany | 10,810 websites |
 France | 5,910 websites |
 Cyprus | 3,922 websites |
 GB | 3,344 websites |
 Russia | 3,198 websites |
 Poland | 2,809 websites |
 Brazil | 2,680 websites |
 Spain | 2,469 websites |
 Netherlands | 1,886 websites |
CVE-2024-5757 usage by TLD
| .com | 37,082 websites |
| .com.br | 3,646 websites |
| .org | 3,535 websites |
| .de | 3,451 websites |
| .ru | 2,536 websites |
| .pl | 2,301 websites |
| .co.uk | 2,150 websites |
| .fr | 2,054 websites |
| .nl | 1,882 websites |
| .net | 1,781 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5757
Top websites that are affected by CVE-2024-5757. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********************.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *******.co | Germany | **,*** | |
| ***.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| *****.es | Germany | **,*** | |
| *******.com | United States | **,*** | |
| ***********.org | United States | **,*** | |
| ****.com | United States | **,*** |
FAQ
A total of 89,812 websites have been identified as vulnerable to CVE-2024-5757, discovered through global website indexing conducted by WebTechSurvey.
Header Footer and Blocks for Elementor is susceptible to CVE-2024-5757 vulnerability.
Header Footer and Blocks for Elementor versions before, and including, 1.6.35 are vulnerable to CVE-2024-5757.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b5ab022c-c16c-488b-b004-a7351f8fa3d3?source=cve
- https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.35/inc/widgets-manager/widgets/class-site-title.php#L461
- https://wordpress.org/plugins/header-footer-elementor/#developers
- https://plugins.trac.wordpress.org/changeset/3101672/#file3