CVE-2023-2796
EventON < 2.1.2 - Unauthenticated Event Access
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
We have discovered 61 live websites that are affected by CVE-2023-2796.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 194 |
| Vulnerable Domains | 61 live websites (0.37% of EventOn install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-2796 and the relative popularity of websitesDetails
- Published - Jul 10, 2023
- Updated - Jul 10, 2023
Credits
- Miguel Santareno (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 16 websites |
 France | 11 websites |
 Germany | 7 websites |
 Spain | 5 websites |
 Italy | 4 websites |
 Austria | 3 websites |
 Netherlands | 3 websites |
 Bulgaria | 1 websites |
 Switzerland | 1 websites |
 Chile | 1 websites |
TLDs
| .com | 24 websites |
| .fr | 8 websites |
| .de | 6 websites |
| .es | 3 websites |
| .nl | 3 websites |
| .at | 2 websites |
| .it | 2 websites |
| .net | 2 websites |
| .cz | 1 websites |
| .eu | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-2796 through included software libraries and plugins.References
- https://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d
- http://packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html
Websites affected by CVE-2023-2796
Top websites that are affected by CVE-2023-2796. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.************.hu |  Hungary | **,*** | |
| ****.**********.com | United States | *,***,*** | |
| ***.*******.at | Austria | *,***,*** | |
| ***.***********.cl | Chile | *,***,*** | |
| ***.***********.fr | France | *,***,*** | |
| ***************.de | Germany | *,***,*** | |
| ************************.at | Austria | *,***,*** | |
| ***.*****************.it | Italy | *,***,*** | |
| ***.*************.fr | France | *,***,*** | |
| *****.fr | France | *,***,*** |