CVE-2023-6244
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 226 live websites that are affected by CVE-2023-6244.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 194 |
| Vulnerable Domains | 226 live websites (1.36% of EventOn install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-6244 and the relative popularity of websitesDetails
- Published - Jan 11, 2024
- Updated - Jan 11, 2024
Credits
- Francesco Carlucci (finder)
CVE References
CWE References
Countries
 United States | 52 websites |
 France | 27 websites |
 Italy | 23 websites |
 Germany | 19 websites |
 Spain | 12 websites |
 Netherlands | 11 websites |
 GB | 8 websites |
 Chile | 7 websites |
 Austria | 6 websites |
 Poland | 6 websites |
TLDs
| .com | 92 websites |
| .fr | 13 websites |
| .de | 13 websites |
| .it | 11 websites |
| .nl | 11 websites |
| .org | 10 websites |
| .es | 6 websites |
| .ru | 5 websites |
| .co.uk | 4 websites |
| .net | 4 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-6244 through included software libraries and plugins.References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=
- https://docs.myeventon.com/documentations/eventon-changelog/
Websites affected by CVE-2023-6244
Top websites that are affected by CVE-2023-6244. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.************.hu |  Hungary | **,*** | |
| ***.*********.cl | Chile | ***,*** | |
| *******.com | United States | ***,*** | |
| ***************************.es | Spain | *,***,*** | |
| *****.it | Italy | *,***,*** | |
| ************.com | United States | *,***,*** | |
| ***.*************.org | United States | *,***,*** | |
| ***.********.com | France | *,***,*** | |
| ****.**********.com | United States | *,***,*** | |
| ***.************.com | France | *,***,*** |