CVE-2024-8721
Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingThe Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 15,326 live websites that are affected by CVE-2024-8721.
Affected Software
| Product |  Tracking Code Manager |
| Category | Wordpress Plugins |
| Vulnerable Domains | 15,326 live websites (49.27% of Tracking Code Manager install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 5 versions ( 83.33% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Dec 24, 2024
- Updated - Dec 24, 2024
Credits
- TANG Cheuk Hei (finder)
CWE
CVE References
CWE References
CVE-2024-8721 usage by Country
 United States | 7,655 websites |
 Germany | 1,134 websites |
 France | 568 websites |
 Australia | 545 websites |
 Brazil | 499 websites |
 Poland | 457 websites |
 GB | 420 websites |
 Spain | 397 websites |
 Israel | 361 websites |
 Italy | 312 websites |
CVE-2024-8721 usage by TLD
| .com | 7,495 websites |
| .com.au | 873 websites |
| .com.br | 771 websites |
| .de | 414 websites |
| .pl | 394 websites |
| .co.uk | 380 websites |
| .org | 359 websites |
| .it | 314 websites |
| .ca | 260 websites |
| .net | 259 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8721
Top websites that are affected by CVE-2024-8721. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.*********.com | United States | *,*** | |
| ***********.com | Germany | **,*** | |
| **********.com | United States | **,*** | |
| *********.***.uk | United States | **,*** | |
| *********.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| *****.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ********.com | United States | **,*** |
FAQ
CVE-2024-8721 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Tracking Code Manager
A total of 15,326 websites have been identified as vulnerable to CVE-2024-8721, discovered through global website indexing conducted by WebTechSurvey.
Tracking Code Manager is susceptible to CVE-2024-8721 vulnerability.
Tracking Code Manager versions before, and including, 2.3 are vulnerable to CVE-2024-8721.