9 matches found
CVE-2019-15838
The CVE-2019-15838 entry concerns the WordPress plugin custom-404-pro prior to version 3.2.8, where reflected XSS affects user input, per multiple sources (NVD, Red Hat, CNVD/PRION references). Remediation shown in related documents is to update to version 3.2.8 or later. The vulnerability is spe...
CVE-2023-2023
The CVE-2023-2023 entry concerns the Custom 404 Pro WordPress plugin (versions before 3.7.3). The underlying issue is insufficient escaping of URLs output in attributes, causing reflected XSS via parameters (e.g., search). The Nuclei template and Patchstack data confirm this class of vulnerabilit...
CVE-2019-14789
The CVE-2019-14789 entry concerns the Custom 404 Pro WordPress plugin prior to 3.2.8, with a cross-site scripting vulnerability reported via the wp-admin/admin.php?page=c4p-main parameter. Nuclei templates describe an XSS via the title parameter in Custom 404 Pro
CVE-2023-51540
CVE-2023-51540 is a stored Cross-Site Scripting vulnerability in WordPress plugin Custom 404 Pro (
CVE-2024-39646
CVE-2024-39646 affects WordPress plugin Custom 404 Pro (versions
CVE-2023-0385
The CVE-2023-0385 entry concerns the WordPress Custom 404 Pro plugin, vulnerable through CSRF due to missing/incorrect nonce validation in the custom_404_pro_admin_init function. Affected software: Custom 404 Pro plugin for WordPress, versions up to and including 3.7.1. Impact: unauthenticated at...
CVE-2023-2032
CVE-2023-2032 affects the Custom 404 Pro WordPress plugin (pre-3.8.1). Root cause: improper sanitization of database inputs leading to multiple SQL Injection vulnerabilities. Impact: high (CVE base score 9.8). Remediation: upgrade to version 3.8.1 or later; patches/projects indicate the issue is ...
CVE-2023-32740
CVE-2023-32740 is an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability in WordPress plugin Custom 404 Pro, affected
CVE-2022-47605
CVE-2022-47605 concerns the WordPress plugin Custom 404 Pro by Kunal Nagar. A SQL Injection vulnerability affects versions