The custom-404-pro plugin prior to 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
kunalnagar custom 404 pro