← Back

Kunalnagar

kunalnagar

9 CVEs • 1 product

Products (1)

Click to collapse
Toggle

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Aug 1, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Custom 404 Pro custom-404-pro.This issue affects Custom 404 Pro: from n/a through <= 3.11.1.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Feb 1, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Aug 30, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Jun 27, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
May 30, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Apr 12, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Jan 18, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function....Show more
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Aug 30, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Aug 15, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.