CVE-2023-6005
EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 13,983 live websites that are affected by CVE-2023-6005.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 194 |
| Vulnerable Domains | 13,983 live websites (84.34% of EventOn install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-6005 and the relative popularity of websitesDetails
- Published - Jan 16, 2024
- Updated - Feb 5, 2024
Credits
- Miguel Santareno (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 4,470 websites |
 Germany | 1,382 websites |
 France | 1,107 websites |
 Spain | 709 websites |
 Italy | 691 websites |
 GB | 681 websites |
 Netherlands | 524 websites |
 Canada | 462 websites |
 Brazil | 298 websites |
 Australia | 288 websites |
TLDs
| .com | 4,887 websites |
| .org | 1,849 websites |
| .de | 964 websites |
| .fr | 468 websites |
| .it | 464 websites |
| .nl | 444 websites |
| .co.uk | 343 websites |
| .net | 276 websites |
| .es | 275 websites |
| .ch | 222 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-6005 through included software libraries and plugins.Websites affected by CVE-2023-6005
Top websites that are affected by CVE-2023-6005. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.pl |  Poland | **,*** | |
| *********************.org | United States | **,*** | |
| *****************.hr |  Croatia | **,*** | |
| ****.hr | Croatia | **,*** | |
| ***.*******.org | United States | **,*** | |
| ***.org | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *****.gov | United States | **,*** | |
| *******.com | United States | **,*** | |
| ***.************.org | United States | **,*** |