What is CVE-2023-2023?

CVE-2023-2023 is a vulnerability in Custom 404 Pro, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2023-05-30.

Is CVE-2023-2023 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Custom 404 Pro

CVE-2023-2023

The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

EPSS: 0.776 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Custom 404 Pro — versions 0

Public proof-of-concept exploits

thatformat/Hvv2023
druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation
CVEDB/awesome-cve-repo
CVEDB/top
GREENHAT7/Hvv2023
GREENHAT7/pxplan
20142995/nuclei-templates
hktalent/TOP
nomi-sec/PoC-in-GitHub
sampsonv/github-trending

References

wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-2023?: CVE-2023-2023 is a vulnerability in Custom 404 Pro, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2023-05-30.
Is CVE-2023-2023 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.