CVE-2023-2023 PoC — Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting

Source

https://github.com/druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation

Associated Vulnerability

Title:Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting (CVE-2023-2023)
Description:The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

Readme

**I am not responsible if you use the code improperly or illegally. The purpose of the script is purely educational and nothing more.**


# PHP-CVE-2023-2023-2640-POC-Escalation
<br />
<br />

in this script in **PHP** I tried to create exploit of 

--cve-2023-2640--privilege-escalation CVE-2023-32629 & CVE-2023-2640


<br />
<br />

| ^^^^^^^^^^^^^^^^^^^^^^^  | ^^^^^^^^^^^^^^^^^^^^^^^ |
  | ------------------------ | ------------- |
  | ^^^^^^^^^^^^^^^^^^^^^^^  | ^^^^^^^^^^^^^^^^^^^^^^^  |
  | ^^^^^^^^^^^^^^^^^^^^^^^  | ^^^^^^^^^^^^^^^^^^^^^^^  |
<br />
<br />

>  **USE >>>>>>**


Do not use wget to download the PHP file because the code is downloaded in a messy way. 
It's better to couple the script and create a .php file, then paste the code into it.

 php poc.php


<br />
<br />

> **NOTE**

**the original CVE poc in bash is from**

https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation?tab=readme-ov-file#cve-2023-32629 

[orignal cve rep]([https://pages.github.com/](https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation)https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation).


<br />
<br />

**IMPORTANT**
I am not responsible if you use the code improperly or illegally. The purpose of the script is purely educational and nothing more.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →