CVE-2023-6005
EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site ScriptingThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 13,983 live websites that are affected by CVE-2023-6005.
Contact us to get more info
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-6005 and the relative popularity of websites