CVE-2023-4388
EventON < 2.2 - Admin+ Stored XSS
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
We have discovered 121 live websites that are affected by CVE-2023-4388.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 194 |
| Vulnerable Domains | 121 live websites (0.73% of EventOn install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-4388 and the relative popularity of websitesDetails
- Published - Oct 16, 2023
- Updated - Oct 16, 2023
Credits
- Miguel Santareno (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 30 websites |
 Italy | 15 websites |
 France | 12 websites |
 Germany | 11 websites |
 Netherlands | 7 websites |
 Spain | 6 websites |
 Chile | 5 websites |
 GB | 4 websites |
 Austria | 3 websites |
 Hungary | 3 websites |
TLDs
| .com | 48 websites |
| .de | 8 websites |
| .fr | 8 websites |
| .nl | 7 websites |
| .it | 7 websites |
| .org | 4 websites |
| .co.uk | 3 websites |
| .net | 3 websites |
| .es | 3 websites |
| .at | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-4388 through included software libraries and plugins.Websites affected by CVE-2023-4388
Top websites that are affected by CVE-2023-4388. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.************.hu | Hungary | **,*** | |
| ***.*********.cl | Chile | ***,*** | |
| *****.it | Italy | *,***,*** | |
| ****.**********.com | United States | *,***,*** | |
| ***.************.com | France | *,***,*** | |
| ***.*******.at | Austria | *,***,*** | |
| ***.***********.cl | Chile | *,***,*** | |
| ***.***********.fr | France | *,***,*** | |
| ***************.de | Germany | *,***,*** | |
| ************************.at | Austria | *,***,*** |