CVE-2023-2023

MEDIUM NUCLEI

Kunalnagar Custom 404 Pro < 3.7.3 - XSS

Title source: rule

Description

The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

Exploits (2)

nomisec WRITEUP 5 stars

by thatformat · poc

https://github.com/thatformat/Hvv2023

View Code ZIP pw:eip

nomisec WORKING POC

by druxter-x · poc

https://github.com/druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation

View Code ZIP pw:eip

Nuclei Templates (1)

Custom 404 Pro < 3.7.3 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (1)

[Exploit] https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317

Scores

CVSS v3 6.1

EPSS 0.8086

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

kunalnagar/custom_404_pro < 3.7.3

Published May 30, 2023

Tracked Since Feb 18, 2026