VYPR

Custom 404 Pro

by WordPress

Source repositories

CVEs (10)

  • CVE-2023-2032CriJun 27, 2023
    risk 0.64cvss 9.8epss 0.01

    The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.

  • CVE-2023-51540HigFeb 1, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.

  • CVE-2022-47605MedApr 12, 2023
    risk 0.42cvss 6.4epss 0.01

    Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions.

  • CVE-2023-2023MedMay 30, 2023
    risk 0.40cvss 6.1epss 0.02

    The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

  • CVE-2019-15838MedAug 30, 2019
    risk 0.40cvss 6.1epss 0.01

    The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.

  • CVE-2019-14789MedAug 15, 2019
    risk 0.40cvss 6.1epss 0.02

    The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.

  • CVE-2023-32740MedAug 30, 2023
    risk 0.38cvss 5.8epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions.

  • CVE-2025-9947MedOct 11, 2025
    risk 0.32cvss 4.9epss 0.00

    The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2025-62880MedDec 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through <= 3.12.0.

  • CVE-2023-0385MedJan 18, 2023
    risk 0.28cvss 4.3epss 0.00

    The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to…