CVE-2023-2032

The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
kunalnagarcustom_404_pro
𝑥
< 3.8.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe
https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe