Lucene search
HistoryMay 30, 2023 - 8:15 a.m.
CVE-2023-2023
cve-2023-2023
custom 404 pro
wordpress plugin
reflected cross-site scripting
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.5%
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
Affected configurations
Node
kunalnagarcustom_404_proRange<3.7.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kunalnagar | custom_404_pro | * | cpe:2.3:a:kunalnagar:custom_404_pro:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Custom 404 Pro",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "3.7.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2023-05-30 08:15:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Kunalnagar Custom 404 Pro
2023-08-13 05:54:17
Exploit for Cross-site Scripting in Kunalnagar Custom 404 Pro
2024-02-15 16:35:59
Exploit for Cross-site Scripting in Kunalnagar Custom 404 Pro
2021-11-22 12:57:22
nvd
nvd
CVE-2023-2023
2023-05-30 08:15:09
nuclei
nuclei
Custom 404 Pro < 3.7.3 - Cross-Site Scripting
2023-07-07 09:38:49
cvelist
cvelist
CVE-2023-2023 Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting
2023-05-30 07:49:21
nessus
nessus
wordfence
wordfence
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.5%
Related for CVE-2023-2023