Description
The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the `filterText` parameter in the `ajaxUpdatePaginationLinks` AJAX action. The sanitization logic can be bypassed by using the sequence `*$/` which becomes `*/` after the `$` character is removed, allowing attackers to escape SQL comment contexts. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind SQL injection technique.
Published: 2025-12-13
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Breach via Authenticated SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The 404 Solution WordPress plugin allows an injected query through the filterText parameter used by the ajaxUpdatePaginationLinks action. Improper escaping and a bypass of the sanitization logic enable an attacker with administrator level access to append arbitrary SQL statements. The resulting time‑based blind injection can be used to extract sensitive data from the database, compromising confidentiality. This flaw is a classic SQL Injection weakness cataloged as CWE‑89.

Affected Systems

Any WordPress site running the 404 Solution plugin version 3.1.0 or older. The vulnerability exists in all releases up to and including 3.1.0. The affected vendor is aaron13100:404 Solution. Administrators with access to the site’s back‑end or authorized users of the AJAX endpoint are the relevant user class.

Risk and Exploitability

The CVSS score of 4.9 indicates a moderate security impact. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated with administrative privileges and to be able to send crafted requests to the ajaxUpdatePaginationLinks endpoint. The attacker can then inject and execute additional SQL statements, creating a potential data exfiltration vector.

Generated by OpenCVE AI on April 21, 2026 at 17:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the 404 Solution plugin to the latest release (v3.1.1 or newer).
  • If an update is not feasible, disable or remove the 404 Solution plugin entirely to eliminate the vulnerable endpoints.
  • Deploy input validation or sanitization on the filterText parameter or block the ajaxUpdatePaginationLinks action through web‑application firewall rules.

Generated by OpenCVE AI on April 21, 2026 at 17:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Aaron13100
Aaron13100 404 Solution
Wordpress
Wordpress wordpress
Vendors & Products Aaron13100
Aaron13100 404 Solution
Wordpress
Wordpress wordpress

Sat, 13 Dec 2025 03:45:00 +0000

Type Values Removed Values Added
Description The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the `filterText` parameter in the `ajaxUpdatePaginationLinks` AJAX action. The sanitization logic can be bypassed by using the sequence `*$/` which becomes `*/` after the `$` character is removed, allowing attackers to escape SQL comment contexts. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind SQL injection technique.
Title 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Aaron13100 404 Solution
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:46:32.501Z

Reserved: 2025-12-10T18:34:36.010Z

Link: CVE-2025-14477

cve-icon Vulnrichment

Updated: 2025-12-15T15:44:02.920Z

cve-icon NVD

Status : Deferred

Published: 2025-12-13T16:16:50.793

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T17:30:37Z

Weaknesses