CVE-2023-3219
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
We have discovered 61 live websites that are affected by CVE-2023-3219.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 194 |
| Vulnerable Domains | 61 live websites (0.37% of EventOn install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-3219 and the relative popularity of websitesDetails
- Published - Jul 10, 2023
- Updated - Jul 10, 2023
Credits
- Miguel Santareno (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 16 websites |
 France | 11 websites |
 Germany | 7 websites |
 Spain | 5 websites |
 Italy | 4 websites |
 Austria | 3 websites |
 Netherlands | 3 websites |
 Bulgaria | 1 websites |
 Switzerland | 1 websites |
 Chile | 1 websites |
TLDs
| .com | 24 websites |
| .fr | 8 websites |
| .de | 6 websites |
| .es | 3 websites |
| .nl | 3 websites |
| .at | 2 websites |
| .it | 2 websites |
| .net | 2 websites |
| .cz | 1 websites |
| .eu | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-3219 through included software libraries and plugins.References
- https://wpscan.com/vulnerability/72d80887-0270-4987-9739-95b1a178c1fd
- http://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html
Websites affected by CVE-2023-3219
Top websites that are affected by CVE-2023-3219. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.************.hu |  Hungary | **,*** | |
| ****.**********.com | United States | *,***,*** | |
| ***.*******.at | Austria | *,***,*** | |
| ***.***********.cl | Chile | *,***,*** | |
| ***.***********.fr | France | *,***,*** | |
| ***************.de | Germany | *,***,*** | |
| ************************.at | Austria | *,***,*** | |
| ***.*****************.it | Italy | *,***,*** | |
| ***.*************.fr | France | *,***,*** | |
| *****.fr | France | *,***,*** |