CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51540 – WordPress Custom 404 Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51540
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('cross-site Scripting') en Kunal Nagar Custom 404 Pro permite XSS almacenado. Este problema afecta a Custom 404 Pro: desde n/a hasta 3.10.0. The Custom 404 Pro plugin for WordPress is vulnerable to Stored C... • https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32740 – WordPress Custom 404 Pro Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32740
15 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions. The Custom 404 Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as click... • https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-8-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-2023 – Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-2023
02 May 2023 — The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. The Custom 404 Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user i... • https://github.com/druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2032 – Custom 404 Pro < 3.8.1 - Multiple SQL Injection
https://notcve.org/view.php?id=CVE-2023-2032
25 Apr 2023 — The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities. The Custom 404 Pro plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in versions up to, and including, 3.8.0 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing quer... • https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0385 – Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-0385
18 Jan 2023 — The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Custom 404 Pro para WordPress es vulnerable a Cross Site Request Forgery en versiones hast... • https://plugins.trac.wordpress.org/browser/custom-404-pro/tags/3.7.1/admin/AdminClass.php#L114 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47605 – WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2022-47605
13 Jan 2023 — Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions. The Custom 404 Pro plugin for WordPress is vulnerable to blind SQL Injection via the ‘path’ parameter in versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that c... • https://patchstack.com/database/vulnerability/custom-404-pro/wordpress-custom-404-pro-plugin-3-7-0-admin-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14789 – Custom 404 Pro <= 3.2.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14789
25 Jun 2019 — The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. El plugin Custom 404 Pro versión 3.2.8 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro page del archivo wpadmin/admin.php?Page=c4p-main . • https://wordpress.org/plugins/custom-404-pro/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15838 – Custom 404 Pro <= 3.2.7 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15838
24 Jun 2019 — The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. El plugin custom-404-pro anterior a la versión 3.2.8 para WordPress ha reflejado XSS, una vulnerabilidad diferente a CVE-2019-14789. • https://wordpress.org/plugins/custom-404-pro/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •