CVE-2023-2032

EUVD-2023-33559
The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
kunalnagarcustom_404_pro
𝑥
< 3.8.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe
https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-260d22e28ffe