Custom 404 Pro < 3.8.1 - Multiple SQL Injection
CVE-2023-2032

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Custom 404 Pro
Vendor: CVE Published:; 27 June 2023

Summary

The Custom 404 Pro plugin for WordPress prior to version 3.8.1 contains vulnerabilities due to insufficient sanitization of database inputs. This flaw allows attackers to execute SQL injection attacks, potentially compromising the security of the WordPress site. Proper measures should be taken to upgrade to the latest version of the plugin to mitigate these security risks.

Affected Version(s)

Custom 404 Pro 0 < 3.8.1

References

https://wpscan.com/vulnerability/17acde5d-44ea-4e77-8670-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2023
Vulnerability Reserved
Apr 13, 2023

Credit

Alex Sanford

WPScan