CVE-2024-6434
Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of ServiceThe Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.
We have discovered 12,940 live websites that are affected by CVE-2024-6434.
Affected Software
| Product |  Premium Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,940 live websites (17% of Premium Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 293 versions ( 70% of all versions) |
Common Weakness Enumeration
CWE-400 Uncontrolled Resource ConsumptionDetails
- Published - Jul 4, 2024
- Updated - Apr 8, 2026
Credits
- Muhammad Umer Adeem (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-6434 United States | 2,572 websites |
 Germany | 1,204 websites |
 France | 794 websites |
 Russia | 628 websites |
 Brazil | 627 websites |
 Italy | 609 websites |
 GB | 574 websites |
 Poland | 500 websites |
 India | 434 websites |
 Spain | 418 websites |
Website Distribution by TLD
Number of websites using CVE-2024-6434| .com | 4,932 websites |
| .de | 599 websites |
| .com.br | 565 websites |
| .ru | 491 websites |
| .it | 446 websites |
| .org | 442 websites |
| .pl | 380 websites |
| .fr | 321 websites |
| .co.uk | 288 websites |
| .nl | 262 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-6434
Top websites that are affected by CVE-2024-6434. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.**.il |  Israel | **,*** | |
| *********.com | United States | **,*** | |
| ********.es | Spain | **,*** | |
| **************.com | United States | **,*** | |
| **************.com | France | ***,*** | |
| ***************.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ********.net | United States | ***,*** | |
| ****.**.in | India | ***,*** |
FAQ
CVE-2024-6434 is Uncontrolled Resource Consumption in Premium Addons for Elementor
A total of 12,940 websites have been identified as vulnerable to CVE-2024-6434, based on global website indexing conducted by WebTechSurvey.
The Premium Addons for Elementor is affected by the CVE-2024-6434 vulnerability.
Premium Addons for Elementor versions up to and including 4.10.35 are vulnerable to CVE-2024-6434.