SQL Injection Vulnerability in 404 Solution Plugin for WordPress

CVE-2025-14477

What is CVE-2025-14477?

The 404 Solution plugin for WordPress has a vulnerability that allows authenticated users with administrator-level access to execute SQL injection attacks. Insufficient escaping of user-supplied parameters, particularly the filterText parameter in the ajaxUpdatePaginationLinks AJAX action, leads to improper sanitization. By bypassing the sanitization logic, which incorrectly processes specific character sequences, attackers can inject additional SQL queries into existing ones. This can result in unauthorized access to sensitive information stored in the database through time-based blind SQL injection methods.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References