CVE-2024-7064
ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site ScriptingThe ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 12,872 live websites that are affected by CVE-2024-7064.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,872 live websites (62.17% of ElementsKit Pro install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 82 versions ( 82.83% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Aug 15, 2024
- Updated - Aug 15, 2024
Credits
- Craig Smith (finder)
CWE
CVE References
CWE References
CVE-2024-7064 usage by Country
 United States | 4,747 websites |
 Germany | 1,395 websites |
 Cyprus | 809 websites |
 France | 595 websites |
 Brazil | 566 websites |
 Russia | 470 websites |
 GB | 398 websites |
 Iran | 329 websites |
 Poland | 244 websites |
 Belgium | 188 websites |
CVE-2024-7064 usage by TLD
| .com | 5,832 websites |
| .com.br | 897 websites |
| .org | 547 websites |
| .ru | 380 websites |
| .de | 344 websites |
| .co.uk | 250 websites |
| .net | 222 websites |
| .com.au | 194 websites |
| .pl | 181 websites |
| .be | 157 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-7064
Top websites that are affected by CVE-2024-7064. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.org | United States | **,*** | |
| ************.com | United States | **,*** | |
| *********.com | GB | **,*** | |
| *****.org | United States | **,*** | |
| ******.com | United States | **,*** | |
| *********.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| **************.ru | Russia | ***,*** | |
| *************.com | United States | ***,*** |
FAQ
CVE-2024-7064 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ElementsKit Pro
A total of 12,872 websites have been identified as vulnerable to CVE-2024-7064, discovered through global website indexing conducted by WebTechSurvey.
ElementsKit Pro is susceptible to CVE-2024-7064 vulnerability.
ElementsKit Pro versions before, and including, 3.6.5 are vulnerable to CVE-2024-7064.