CVE-2024-5818
Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider WidgetThe Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 13,256 live websites that are affected by CVE-2024-5818.
Affected Software
| Product |  Royal Elementor Addons |
| Category | Wordpress Plugins |
| Vulnerable Domains | 13,256 live websites (25.60% of Royal Elementor Addons install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 94 versions ( 78.33% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 24, 2024
- Updated - Aug 1, 2024
Credits
- Craig Smith (finder)
CWE
CVE References
CWE References
CVE-2024-5818 usage by Country
 United States | 3,473 websites |
 Germany | 1,849 websites |
 France | 1,087 websites |
 Cyprus | 818 websites |
 Brazil | 719 websites |
 Russia | 443 websites |
 Italy | 410 websites |
 GB | 373 websites |
 Poland | 345 websites |
 Spain | 332 websites |
CVE-2024-5818 usage by TLD
| .com | 5,165 websites |
| .com.br | 1,103 websites |
| .de | 618 websites |
| .org | 493 websites |
| .fr | 438 websites |
| .ru | 376 websites |
| .it | 371 websites |
| .pl | 265 websites |
| .net | 247 websites |
| .co.uk | 199 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5818
Top websites that are affected by CVE-2024-5818. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ***********.net | United States | **,*** | |
| *****.clinic |  Israel | **,*** | |
| ************.com | United States | ***,*** | |
| ******.org | GB | ***,*** | |
| ***********.com | United States | ***,*** | |
| ******.me | United States | ***,*** |
FAQ
CVE-2024-5818 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Royal Elementor Addons
A total of 13,256 websites have been identified as vulnerable to CVE-2024-5818, discovered through global website indexing conducted by WebTechSurvey.
Royal Elementor Addons is susceptible to CVE-2024-5818 vulnerability.
Royal Elementor Addons versions before, and including, 1.3.980 are vulnerable to CVE-2024-5818.