CVE-2024-6334
Easy Table of Contents < 2.0.67 - Editor+ Stored XSSThe Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
We have discovered 29,818 live websites that are affected by CVE-2024-6334.
Affected Software
| Product |  Easy Table of Contents |
| Category | Wordpress Plugins |
| Vulnerable Domains | 29,818 live websites (28.55% of Easy Table of Contents install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 98 versions ( 91.59% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 9, 2024
- Updated - Nov 21, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-6334 usage by Country
 United States | 11,275 websites |
 Japan | 3,414 websites |
 Vietnam | 2,330 websites |
 Germany | 1,994 websites |
 France | 1,738 websites |
 Russia | 1,663 websites |
 Poland | 906 websites |
 Cyprus | 762 websites |
 Spain | 629 websites |
 GB | 421 websites |
CVE-2024-6334 usage by TLD
| .com | 14,444 websites |
| .ru | 1,759 websites |
| .net | 1,437 websites |
| .org | 1,131 websites |
| .pl | 945 websites |
| .de | 820 websites |
| .fr | 661 websites |
| .jp | 585 websites |
| .es | 423 websites |
| .info | 389 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-6334
Top websites that are affected by CVE-2024-6334. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *****.com | Spain | *,*** | |
| *********.com | United States | *,*** | |
| *********.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| **********.info | United States | **,*** | |
| ******.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| *********.net | United States | **,*** |
FAQ
CVE-2024-6334 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Easy Table of Contents
A total of 29,818 websites have been identified as vulnerable to CVE-2024-6334, discovered through global website indexing conducted by WebTechSurvey.
Easy Table of Contents is susceptible to CVE-2024-6334 vulnerability.
Easy Table of Contents versions before 2.0.67.1 are vulnerable to CVE-2024-6334.
Version 2.0.67.1 of Easy Table of Contents addresses the CVE-2024-6334 security vulnerability.