Vulnerabilities > Nerdpress > Smart Custom 404 Error Page > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-04 CVE-2024-9204 Cross-site Scripting vulnerability in Nerdpress Smart Custom 404 Error Page
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
nerdpress CWE-79
6.1