Search criteria
12 vulnerabilities found for 404_solution by ajexperience
FKIE_CVE-2024-11277
Vulnerability from fkie_nvd - Published: 2024-11-20 07:15 - Updated: 2024-11-26 20:59
Severity ?
Summary
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajexperience | 404_solution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4B7E3D17-F874-4DF6-BDFD-27527E264F8D",
"versionEndExcluding": "2.35.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento 404 Solution para WordPress es vulnerable a Cross-Site Scripting reflejado a trav\u00e9s de URL en todas las versiones hasta la 2.35.19 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"id": "CVE-2024-11277",
"lastModified": "2024-11-26T20:59:50.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-11-20T07:15:09.117",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3191597%40404-solution\u0026new=3191597%40404-solution\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/259f9ea3-ac24-4bea-8d0d-c635a68d9c98?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-1068
Vulnerability from fkie_nvd - Published: 2024-03-11 18:15 - Updated: 2025-05-01 00:04
Severity ?
Summary
The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajexperience | 404_solution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "12EB4315-7F4D-48C2-84E2-0CE2CDF24357",
"versionEndExcluding": "2.35.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins."
},
{
"lang": "es",
"value": "El complemento 404 Solution de WordPress anterior a 2.35.8 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios con privilegios elevados, como los administradores."
}
],
"id": "CVE-2024-1068",
"lastModified": "2025-05-01T00:04:20.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-11T18:15:17.847",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-52146
Vulnerability from fkie_nvd - Published: 2024-01-05 11:15 - Updated: 2024-11-21 08:39
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajexperience | 404_solution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3041EFFB-8B96-40AF-9E2A-799F980B92CA",
"versionEndIncluding": "2.33.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Aaron J 404 Solution. Este problema afecta a 404 Solution: desde n/a hasta 2.33.0."
}
],
"id": "CVE-2023-52146",
"lastModified": "2024-11-21T08:39:16.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-05T11:15:10.650",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-50848
Vulnerability from fkie_nvd - Published: 2023-12-28 12:15 - Updated: 2024-11-21 08:37
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ajexperience | 404_solution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FEC9148F-4F77-4837-916A-2524C7AD658F",
"versionEndExcluding": "2.35.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") en Aaron J 404 Solution. Este problema afecta a 404 Solution: desde n/a hasta 2.34.0."
}
],
"id": "CVE-2023-50848",
"lastModified": "2024-11-21T08:37:24.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-28T12:15:42.750",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
CVE-2024-11277 (GCVE-0-2024-11277)
Vulnerability from cvelistv5 – Published: 2024-11-20 06:42 – Updated: 2024-11-20 15:16
VLAI?
Title
404 Solution <= 2.35.19 - Reflected Cross-Site Scripting
Summary
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| aaron13100 | 404 Solution |
Affected:
* , ≤ 2.35.19
(semver)
|
Credits
Max Boll
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:10:59.398292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:16:27.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "404 Solution",
"vendor": "aaron13100",
"versions": [
{
"lessThanOrEqual": "2.35.19",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Max Boll"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T06:42:53.621Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/259f9ea3-ac24-4bea-8d0d-c635a68d9c98?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3191597%40404-solution\u0026new=3191597%40404-solution\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-19T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "404 Solution \u003c= 2.35.19 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11277",
"datePublished": "2024-11-20T06:42:53.621Z",
"dateReserved": "2024-11-15T19:01:44.824Z",
"dateUpdated": "2024-11-20T15:16:27.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1068 (GCVE-0-2024-1068)
Vulnerability from cvelistv5 – Published: 2024-03-11 17:56 – Updated: 2024-08-26 18:17
VLAI?
Title
404 Solution < 2.35.8 - Admin+ SQL Injection
Summary
The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | 404 Solution |
Affected:
0 , < 2.35.8
(semver)
|
Credits
Sumit Patel
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "404_solution",
"vendor": "ajexperience",
"versions": [
{
"lessThan": "2.35.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:16:26.906944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:17:29.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "404 Solution",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.35.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sumit Patel"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T18:08:57.515Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "404 Solution \u003c 2.35.8 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-1068",
"datePublished": "2024-03-11T17:56:05.763Z",
"dateReserved": "2024-01-30T13:26:45.932Z",
"dateUpdated": "2024-08-26T18:17:29.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52146 (GCVE-0-2023-52146)
Vulnerability from cvelistv5 – Published: 2024-01-05 11:05 – Updated: 2025-06-17 20:29
VLAI?
Title
WordPress 404 Solution Plugin <= 2.33.0 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aaron J | 404 Solution |
Affected:
n/a , ≤ 2.33.0
(custom)
|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-09T16:28:50.940138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:13.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "404-solution",
"product": "404 Solution",
"vendor": "Aaron J",
"versions": [
{
"changes": [
{
"at": "2.33.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.33.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.\u003cp\u003eThis issue affects 404 Solution: from n/a through 2.33.0.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T10:46:55.509Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.33.1 or a higher version."
}
],
"value": "Update to\u00a02.33.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 404 Solution Plugin \u003c= 2.33.0 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-52146",
"datePublished": "2024-01-05T11:05:45.212Z",
"dateReserved": "2023-12-28T20:16:26.719Z",
"dateUpdated": "2025-06-17T20:29:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50848 (GCVE-0-2023-50848)
Vulnerability from cvelistv5 – Published: 2023-12-28 11:38 – Updated: 2024-08-27 15:00
VLAI?
Title
WordPress 404 Solution Plugin <= 2.34.0 is vulnerable to SQL Injection
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.
Severity ?
7.6 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aaron J | 404 Solution |
Affected:
n/a , ≤ 2.34.0
(custom)
|
Credits
Muhammad Daffa (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T14:47:47.611105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T15:00:15.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "404-solution",
"product": "404 Solution",
"vendor": "Aaron J",
"versions": [
{
"changes": [
{
"at": "2.35.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.34.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Muhammad Daffa (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Aaron J 404 Solution.\u003cp\u003eThis issue affects 404 Solution: from n/a through 2.34.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T11:38:06.049Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.35.0 or a higher version."
}
],
"value": "Update to\u00a02.35.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 404 Solution Plugin \u003c= 2.34.0 is vulnerable to SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-50848",
"datePublished": "2023-12-28T11:38:06.049Z",
"dateReserved": "2023-12-14T17:19:02.630Z",
"dateUpdated": "2024-08-27T15:00:15.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11277 (GCVE-0-2024-11277)
Vulnerability from nvd – Published: 2024-11-20 06:42 – Updated: 2024-11-20 15:16
VLAI?
Title
404 Solution <= 2.35.19 - Reflected Cross-Site Scripting
Summary
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| aaron13100 | 404 Solution |
Affected:
* , ≤ 2.35.19
(semver)
|
Credits
Max Boll
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:10:59.398292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:16:27.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "404 Solution",
"vendor": "aaron13100",
"versions": [
{
"lessThanOrEqual": "2.35.19",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Max Boll"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T06:42:53.621Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/259f9ea3-ac24-4bea-8d0d-c635a68d9c98?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3191597%40404-solution\u0026new=3191597%40404-solution\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-19T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "404 Solution \u003c= 2.35.19 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11277",
"datePublished": "2024-11-20T06:42:53.621Z",
"dateReserved": "2024-11-15T19:01:44.824Z",
"dateUpdated": "2024-11-20T15:16:27.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1068 (GCVE-0-2024-1068)
Vulnerability from nvd – Published: 2024-03-11 17:56 – Updated: 2024-08-26 18:17
VLAI?
Title
404 Solution < 2.35.8 - Admin+ SQL Injection
Summary
The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | 404 Solution |
Affected:
0 , < 2.35.8
(semver)
|
Credits
Sumit Patel
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ajexperience:404_solution:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "404_solution",
"vendor": "ajexperience",
"versions": [
{
"lessThan": "2.35.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:16:26.906944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:17:29.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "404 Solution",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.35.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sumit Patel"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T18:08:57.515Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "404 Solution \u003c 2.35.8 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-1068",
"datePublished": "2024-03-11T17:56:05.763Z",
"dateReserved": "2024-01-30T13:26:45.932Z",
"dateUpdated": "2024-08-26T18:17:29.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52146 (GCVE-0-2023-52146)
Vulnerability from nvd – Published: 2024-01-05 11:05 – Updated: 2025-06-17 20:29
VLAI?
Title
WordPress 404 Solution Plugin <= 2.33.0 is vulnerable to Sensitive Data Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aaron J | 404 Solution |
Affected:
n/a , ≤ 2.33.0
(custom)
|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-09T16:28:50.940138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:13.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "404-solution",
"product": "404 Solution",
"vendor": "Aaron J",
"versions": [
{
"changes": [
{
"at": "2.33.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.33.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.\u003cp\u003eThis issue affects 404 Solution: from n/a through 2.33.0.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T10:46:55.509Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.33.1 or a higher version."
}
],
"value": "Update to\u00a02.33.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 404 Solution Plugin \u003c= 2.33.0 is vulnerable to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-52146",
"datePublished": "2024-01-05T11:05:45.212Z",
"dateReserved": "2023-12-28T20:16:26.719Z",
"dateUpdated": "2025-06-17T20:29:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50848 (GCVE-0-2023-50848)
Vulnerability from nvd – Published: 2023-12-28 11:38 – Updated: 2024-08-27 15:00
VLAI?
Title
WordPress 404 Solution Plugin <= 2.34.0 is vulnerable to SQL Injection
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.
Severity ?
7.6 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aaron J | 404 Solution |
Affected:
n/a , ≤ 2.34.0
(custom)
|
Credits
Muhammad Daffa (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T14:47:47.611105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T15:00:15.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "404-solution",
"product": "404 Solution",
"vendor": "Aaron J",
"versions": [
{
"changes": [
{
"at": "2.35.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.34.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Muhammad Daffa (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Aaron J 404 Solution.\u003cp\u003eThis issue affects 404 Solution: from n/a through 2.34.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T11:38:06.049Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-34-0-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.35.0 or a higher version."
}
],
"value": "Update to\u00a02.35.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 404 Solution Plugin \u003c= 2.34.0 is vulnerable to SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-50848",
"datePublished": "2023-12-28T11:38:06.049Z",
"dateReserved": "2023-12-14T17:19:02.630Z",
"dateUpdated": "2024-08-27T15:00:15.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}