Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a.
Published: 2025-06-06
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improperly neutralized input during page generation that allows attackers to store malicious JavaScript. Once the victim views the resulting 404 page, the injected code executes in the visitor’s browser, providing a vector for session hijacking, defacement, or data theft. This flaw is classified as a stored cross‑site scripting weakness (CWE‑79).

Affected Systems

WordPress sites that have installed the SeedProd 404 Page by SeedProd plugin in any release prior to version 1.0.2 are vulnerable; the problem exists across all such versions regardless of the host WordPress core version.

Risk and Exploitability

The CVSS score of 5.9 places the vulnerability in the moderate severity range, while the EPSS score of less than 1% indicates a low probability of immediate exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack path involves an adversary inserting a harmful script into a field that generates the 404 page or leveraging an administrative interface that persists the payload. Because the exploit triggers when users access an unhandled URL, it requires sufficient traffic or targeted exposure.

Generated by OpenCVE AI on April 30, 2026 at 11:53 UTC.

Remediation

Vendor Solution

Update the WordPress 404 Page by SeedProd plugin to the latest available version (at least 1.0.2).

OpenCVE Recommended Actions

  • Update the SeedProd 404 Page by SeedProd plugin to version 1.0.2 or later.
  • If an upgrade cannot be performed immediately, uninstall or disable the plugin so that the untrusted 404 page is no longer served.
  • Consider implementing a content‑security policy that restricts inline scripts and limits script sources to mitigate the impact of any residual stored XSS content.

Generated by OpenCVE AI on April 30, 2026 at 11:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17250 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd 404-page allows Stored XSS.This issue affects 404 Page by SeedProd: from n/a through < 1.0.2. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a.
Title WordPress 404 Page by SeedProd plugin < 1.0.2 - Cross Site Scripting (XSS) Vulnerability WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability
References

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd 404-page allows Stored XSS.This issue affects 404 Page by SeedProd: from n/a through < 1.0.2.
Title WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability WordPress 404 Page by SeedProd plugin < 1.0.2 - Cross Site Scripting (XSS) Vulnerability
References

Fri, 06 Jun 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a.
Title WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:01.145Z

Reserved: 2025-06-04T09:42:07.048Z

Link: CVE-2025-49322

cve-icon Vulnrichment

Updated: 2025-06-06T18:58:49.851Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:48.277

Modified: 2026-06-17T09:31:06.097

Link: CVE-2025-49322

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T12:00:12Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')