CVE-2025-14477

Name of the Vulnerable Software and Affected Versions 404 Solution versions prior to 3.1.1

Description The 404 Solution plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization. Specifically, the filterText parameter within the ajaxUpdatePaginationLinks AJAX action lacks sufficient escaping and query preparation. The sanitization process can be circumvented using the sequence *$/, which transforms into */, enabling attackers to bypass SQL comment contexts. This allows authenticated attackers with administrator-level access or higher to inject additional SQL queries into existing ones, potentially extracting sensitive database information through a time-based blind SQL injection technique.

Recommendations Update 404 Solution to version 3.1.1 or later.