CVE-2023-6005
EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site ScriptingThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 6,330 live websites that are affected by CVE-2023-6005.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Domains | 6,330 live websites (48% of Eventon Premium install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 114 versions ( 73% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 16, 2024
- Updated - Jun 20, 2025
Credits
- Miguel Santareno (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-6005 United States | 1,997 websites |
 Germany | 784 websites |
 France | 496 websites |
 Spain | 309 websites |
 GB | 299 websites |
 Italy | 262 websites |
 Netherlands | 240 websites |
 Canada | 167 websites |
 Switzerland | 150 websites |
 Brazil | 119 websites |
Website Distribution by TLD
Number of websites using CVE-2023-6005| .com | 2,120 websites |
| .org | 780 websites |
| .de | 519 websites |
| .nl | 218 websites |
| .fr | 213 websites |
| .it | 189 websites |
| .es | 143 websites |
| .net | 133 websites |
| .co.uk | 133 websites |
| .ch | 124 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6005
Top websites that are affected by CVE-2023-6005. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.pl |  Poland | **,*** | |
| *******.org | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ***.org | France | **,*** | |
| *******.org | United States | **,*** | |
| ****.com | GB | **,*** | |
| *****.**.il |  Israel | **,*** | |
| *******.**.ke |  Kenya | ***,*** | |
| *****.org | United States | ***,*** | |
| **********.org | France | ***,*** |
FAQ
CVE-2023-6005 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Eventon Premium
A total of 6,330 websites have been identified as vulnerable to CVE-2023-6005, based on global website indexing conducted by WebTechSurvey.
The Eventon Premium is affected by the CVE-2023-6005 vulnerability.
Eventon Premium versions up to 4.5.5 are vulnerable to CVE-2023-6005.
CVE-2023-6005 is resolved in version 4.5.5 of Eventon Premium.