Lucene search
HistoryMay 30, 2023 - 8:15 a.m.
CVE-2023-2023
wordpress
plugin
version 3.7.3
reflected cross-site scripting
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.005 Low
EPSS
Percentile
76.5%
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
Affected configurations
Node
kunalnagarcustom_404_proRange<3.7.3wordpress
Related
githubexploit
githubexploit
Exploit for Cross-site Scripting in Kunalnagar Custom 404 Pro
2021-11-22 12:57:22
Exploit for Cross-site Scripting in Kunalnagar Custom 404 Pro
2023-08-13 05:54:17
Exploit for Cross-site Scripting in Kunalnagar Custom 404 Pro
2024-02-15 16:35:59
prion
prion
Cross site scripting
2023-05-30 08:15:00
cve
cve
CVE-2023-2023
2023-05-30 08:15:09
nuclei
nuclei
Custom 404 Pro < 3.7.3 - Cross-Site Scripting
2023-07-07 09:38:49
cvelist
cvelist
CVE-2023-2023 Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting
2023-05-30 07:49:21
nessus
nessus
wordfence
wordfence
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.005 Low
EPSS
Percentile
76.5%
Related for NVD:CVE-2023-2023