CVE-2023-2023

MEDIUM NUCLEI

Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting via URL Attribute

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-2023. PoCs published by thatformat, druxter-x. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains only a README.md file with minimal content, stating that all POCs come from the internet. No actual exploit code or technical details are provided.

Description

The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

Exploits (2)

nomisec WRITEUP 5 stars

by thatformat · poc

https://github.com/thatformat/Hvv2023

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content, stating that all POCs come from the internet. No actual exploit code or technical details are provided.

Classification

Writeup 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unspecified

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by druxter-x · poc

https://github.com/druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation

View Code ZIP pw:eip

This PoC exploits CVE-2023-2640 and CVE-2023-32629 for local privilege escalation by manipulating file capabilities and overlayfs to gain root access via a Python script.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux systems with vulnerable overlayfs and capability handling

Auth required

Prerequisites: Local access · Presence of vulnerable Python binary · Overlayfs support

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Custom 404 Pro < 3.7.3 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (1)

Core 1

Core References

Exploit exploit vdb-entry technical-description

https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317

Scores

CVSS v3 6.1

EPSS 0.0171

EPSS Percentile 74.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

kunalnagar/custom_404_pro < 3.7.3

Published May 30, 2023

Tracked Since Feb 18, 2026