Custom 404 Pro < 3.7.3 – Reflected Cross-Site Scripting | CVE 2023-2023

Affects Plugins

custom-404-pro

Fixed in 3.7.3

References

CVE

CVE-2023-2023

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

Chien Vuong

Submitter

Chien Vuong

Verified

Yes

WPVDB ID

8859843a-a8c2-4f7a-8372-67049d6ea317

Timeline

Publicly Published

2023-05-02 (about 2 years ago)

Added

2023-05-02 (about 2 years ago)

Last Updated

2023-05-02 (about 2 years ago)

Other

Published

Title

Published

2025-01-03

Title

WPBITS Addons For Elementor Page Builder < 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-04-05

Title

WP Google Review Slider < 13.6 - Admin+ Stored XSS

Published

2024-12-03

Title

Flower Delivery by Florist One < 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-02-14

Title

Custom Field Template < 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label

Published

2024-11-21

Title

ProfilePress < 4.15.15 - Admin+ Stored XSS