Vulnerabilities and security researches for404-solution 404-solution

Jun 07, 2024

CVE, Research URL: cd52879982fadaeecbf672581ab902e936dd10b3
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Oct 16, 2023
Research Description: 404 Solution [404-solution] < 2.34.0 404 Solution <= 2.33.0 - Sensitive Information Exposure The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.
Affected versions: max 2.34.0.
Status: vulnerable

CVE, Research URL: CVE-2023-50848
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Dec 28, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.
Affected versions: max 2.35.0.
Status: vulnerable

CVE, Research URL: CVE-2023-52146
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Jan 05, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.
Affected versions: max 2.33.1.
Status: vulnerable

CVE, Research URL: CVE-2024-1068
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Mar 11, 2024
Research Description: The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.
Affected versions: max 2.35.8.
Status: vulnerable

Nov 17, 2024

CVE, Research URL: CVE-2024-11094
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Nov 16, 2024
Research Description: The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which may reveal sensitive information.
Affected versions: max 2.35.18.
Status: vulnerable

Nov 21, 2024

CVE, Research URL: CVE-2024-11277
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Nov 20, 2024
Research Description: The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 2.35.20.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-14477
Home page URL: Security reports for 404 Solution
Application: 404 Solution
Date: Dec 13, 2025
Research Description: The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the `filterText` parameter in the `ajaxUpdatePaginationLinks` AJAX action. The sanitization logic can be bypassed by using the sequence `*$/` which becomes `*/` after the `$` character is removed, allowing attackers to escape SQL comment contexts. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind SQL injection technique.
Affected versions: max 3.1.1.
Status: vulnerable