CVE-2024-8979
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege EscalationThe Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.
We have discovered 60,461 live websites that are affected by CVE-2024-8979.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 60,461 live websites (19% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 103 versions ( 73% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Nov 15, 2024
- Updated - Nov 15, 2024
Credits
- wesley (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-8979 United States | 13,146 websites |
 Germany | 5,691 websites |
 France | 3,623 websites |
 Brazil | 2,977 websites |
 GB | 2,646 websites |
 Italy | 2,420 websites |
 Spain | 2,373 websites |
 India | 2,218 websites |
 Poland | 1,771 websites |
 Russia | 1,410 websites |
Website Distribution by TLD
Number of websites using CVE-2024-8979| .com | 23,633 websites |
| .de | 2,756 websites |
| .com.br | 2,722 websites |
| .org | 2,514 websites |
| .it | 1,744 websites |
| .fr | 1,534 websites |
| .co.uk | 1,433 websites |
| .pl | 1,331 websites |
| .ru | 1,120 websites |
| .net | 1,062 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8979
Top websites that are affected by CVE-2024-8979. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| *******.co |  Serbia | **,*** | |
| *******.com | United States | **,*** | |
| ********.net | United States | **,*** | |
| ******.com | Germany | **,*** | |
| *****************.info |  Bulgaria | **,*** | |
| *****.pt | United States | **,*** | |
| ****.com | United States | **,*** | |
| *********************.pt |  Portugal | **,*** | |
| ********.com |  China | **,*** |
FAQ
CVE-2024-8979 is Exposure of Sensitive Information to an Unauthorized Actor in Essential Addons for Elementor
A total of 60,461 websites have been identified as vulnerable to CVE-2024-8979, based on global website indexing conducted by WebTechSurvey.
The Essential Addons for Elementor is affected by the CVE-2024-8979 vulnerability.
Essential Addons for Elementor versions up to and including 6.0.9 are vulnerable to CVE-2024-8979.