Kunalnagar Custom 404 Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Kunalnagar Custom 404 Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-2032 — CVSS 9.8 (critical): The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection…
CVE-2023-51540 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows…
CVE-2024-39646 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Custom 404 Pro…
CVE-2023-2023 — CVSS 6.1 (medium): The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected…
CVE-2019-15838 — CVSS 6.1 (medium): The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
CVE-2019-14789 — CVSS 6.1 (medium): The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.
CVE-2023-0385 — CVSS 4.3 (medium): The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to…