CVE-2023-2032 Custom 404 Pro < 3.8.1 - Multiple SQL Injection

2023-06-2713:17:14

WPScan

www.cve.org

cve-2023-2032

custom 404 pro

wordpress

sql injection

vulnerabilities

AI Score

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Custom 404 Pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.8.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe