Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2023-0385

Published: 18/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Kunalnagar

Vulnerability Summary

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated malicious users to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kunalnagar custom 404 pro

References

https://plugins.trac.wordpress.org/browser/custom-404-pro/tags/3.7.1/admin/AdminClass.php#L114https://www.wordfence.com/threat-intel/vulnerabilities/id/968920b9-febf-4d76-a16b-f27954cd72e5https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook