CVE-2024-8979
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege EscalationThe Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.
We have discovered 47,178 live websites that are affected by CVE-2024-8979.
Affected Software
| Product |  Essential Addons for Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 47,178 live websites (16% of Essential Addons for Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 105 versions ( 66% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Nov 15, 2024
- Updated - Apr 8, 2026
Credits
- wesley (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-8979 United States | 9,749 websites |
 Germany | 4,348 websites |
 France | 2,796 websites |
 Russia | 2,401 websites |
 Brazil | 2,303 websites |
 GB | 1,952 websites |
 Italy | 1,913 websites |
 Spain | 1,790 websites |
 India | 1,562 websites |
 Poland | 1,465 websites |
Website Distribution by TLD
Number of websites using CVE-2024-8979| .com | 17,577 websites |
| .de | 2,170 websites |
| .ru | 2,122 websites |
| .com.br | 2,106 websites |
| .org | 1,924 websites |
| .it | 1,389 websites |
| .fr | 1,170 websites |
| .pl | 1,092 websites |
| .co.uk | 1,053 websites |
| .net | 794 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8979
Top websites that are affected by CVE-2024-8979. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| *******.co |  Serbia | **,*** | |
| *******.com | United States | **,*** | |
| ******.com | Germany | **,*** | |
| *****************.info |  Bulgaria | **,*** | |
| *****.pt | United States | **,*** | |
| ****.com | United States | **,*** | |
| *********************.pt |  Portugal | **,*** | |
| ********.com |  China | **,*** | |
| ********.me | United States | **,*** |
FAQ
CVE-2024-8979 is Exposure of Sensitive Information to an Unauthorized Actor in Essential Addons for Elementor
A total of 47,178 websites have been identified as vulnerable to CVE-2024-8979, based on global website indexing conducted by WebTechSurvey.
The Essential Addons for Elementor is affected by the CVE-2024-8979 vulnerability.
Essential Addons for Elementor versions up to and including 6.0.9 are vulnerable to CVE-2024-8979.