WordPress Plugin Vulnerabilities

Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS

Description

The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
custom-404-pro
Fixed in 3.2.9

References

CVE
CVE-2019-14789
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2112485%40custom-404-pro&old=2087395%40custom-404-pro

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
81ee1df5-12dc-49d8-8d49-ca28d6f5b7fd

Timeline

Publicly Published
2019-06-24 (about 6 years ago)
Added
2019-06-24 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-08-02
Title
Social Slider Feed < 2.0.6 - Admin+ Stored XSS via API Key
Published
2014-08-01
Title
Flashlight - Unspecified XSS
Published
2025-12-02
Title
CSSIgniter Shortcodes < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute
Published
2024-03-28
Title
Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-28
Title
Creative Image Slider – Responsive Slider Plugin < 2.5.0 - Reflected Cross-Site Scripting