CVE-2023-6005
EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site ScriptingThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 10,791 live websites that are affected by CVE-2023-6005.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Domains | 10,791 live websites (60.38% of EventOn install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 171 versions ( 87.69% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 16, 2024
- Updated - Aug 2, 2024
Credits
- Miguel Santareno (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-6005 usage by Country
 United States | 4,128 websites |
 Germany | 1,423 websites |
 France | 915 websites |
 Spain | 415 websites |
 GB | 399 websites |
 Netherlands | 357 websites |
 Italy | 288 websites |
 Switzerland | 226 websites |
 Brazil | 178 websites |
 Canada | 178 websites |
CVE-2023-6005 usage by TLD
| .com | 3,798 websites |
| .org | 1,265 websites |
| .de | 774 websites |
| .nl | 370 websites |
| .fr | 349 websites |
| .it | 260 websites |
| .co.uk | 247 websites |
| .es | 226 websites |
| .net | 213 websites |
| .ch | 193 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6005
Top websites that are affected by CVE-2023-6005. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********************.org | United States | **,*** | |
| *****************.hr |  Croatia | **,*** | |
| ****.hr | Croatia | **,*** | |
| ***********.com | United States | **,*** | |
| ***.cat | Germany | **,*** | |
| ****.com | United States | **,*** | |
| *****************.fr | France | ***,*** | |
| *********************.org | Germany | ***,*** | |
| *******.**.ke |  Kenya | ***,*** | |
| **********.org | France | ***,*** |
FAQ
CVE-2023-6005 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in EventOn
A total of 10,791 websites have been identified as vulnerable to CVE-2023-6005, discovered through global website indexing conducted by WebTechSurvey.
EventOn is susceptible to CVE-2023-6005 vulnerability.
EventOn versions before 4.5.5 are vulnerable to CVE-2023-6005.
Version 4.5.5 of EventOn addresses the CVE-2023-6005 security vulnerability.