CVE-2025-14477
Unknown Unknown - Not Provided
SQL Injection in 404 Solution WordPress Plugin Allows Data Extraction

Publication date: 2025-12-13

Last updated on: 2025-12-13

Assigner: Wordfence

Description
The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the `filterText` parameter in the `ajaxUpdatePaginationLinks` AJAX action. The sanitization logic can be bypassed by using the sequence `*$/` which becomes `*/` after the `$` character is removed, allowing attackers to escape SQL comment contexts. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind SQL injection technique.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-13
Last Modified
2025-12-13
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14477
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpres 404_solution 3.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a SQL Injection in the 404 Solution WordPress plugin versions up to 3.1.0. It occurs because the plugin does not properly sanitize the 'filterText' parameter in an AJAX action called 'ajaxUpdatePaginationLinks'. Attackers can bypass the sanitization by using a specific sequence '*$/', which allows them to escape SQL comment contexts and append additional SQL queries. This enables authenticated users with administrator-level access or higher to extract sensitive information from the database using a time-based blind SQL injection technique.

Impact Analysis

If exploited, this vulnerability allows an attacker with administrator-level access to extract sensitive information from the database by injecting additional SQL queries. This can lead to unauthorized disclosure of sensitive data, potentially compromising the confidentiality of your system's information.

Compliance Impact

The vulnerability allows authenticated administrators to perform SQL Injection attacks that can extract sensitive information from the database. This exposure of sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access or disclosure. Therefore, exploitation of this vulnerability may result in violations of these standards due to potential data breaches. [4]

Detection Guidance

Detection of this vulnerability involves identifying exploitation attempts targeting the `filterText` parameter in the `ajaxUpdatePaginationLinks` AJAX action of the 404 Solution WordPress plugin. Since the vulnerability is a time-based blind SQL injection exploitable by authenticated admin users, monitoring AJAX requests to the plugin's pagination endpoint for suspicious payloads containing the sequence '*$/' (which bypasses sanitization) is key. Network or system detection can include inspecting HTTP requests for this pattern in the `filterText` parameter. Additionally, reviewing logs for unusual delays in AJAX responses (indicative of time-based SQL injection) or unexpected database query times can help. Specific commands depend on the environment, but example commands include using `grep` or `tcpdump` to filter logs or network traffic for the suspicious pattern. For example, on a web server log: `grep -i 'filterText=.*\*\$/' /path/to/access.log` or using `tcpdump` to capture HTTP traffic and filter for the pattern. Also, monitoring WordPress logs or plugin logs for anomalies or errors related to SQL queries may help detect exploitation attempts. [4]

Mitigation Strategies

Immediate mitigation steps include updating the 404 Solution WordPress plugin to version 3.1.1 or later, where the SQL injection vulnerability in the `filterText` parameter has been fixed by properly escaping this parameter in SQL queries. If updating immediately is not possible, restrict administrator-level access to trusted users only, as exploitation requires authenticated admin privileges. Additionally, monitor and block suspicious AJAX requests containing the bypass sequence '*$/' in the `filterText` parameter. Applying Web Application Firewall (WAF) rules to detect and block SQL injection patterns targeting this plugin can also help mitigate risk until the update is applied. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14477. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart