Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-12-15

CVE-2025-14477 - 404 Solution Plugin

The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the `filterText` parameter in the `ajaxUpdatePaginationLinks` AJAX action. The sanitization logic can be bypassed by using the sequence `*$/` which becomes `*/` after the `$` character is removed, allowing attackers to escape SQL comment contexts. This makes it possible for authenticated attackers, with administrator-level access…

PLUGIN 404 Solution

CVE-2025-14477

MEDIUM CVSS 4.9 2025-12-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-26

CVE-2024-11277 - 404 Solution Plugin

The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN 404 Solution

CVE-2024-11277

MEDIUM CVSS 6.1 2024-11-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-18

CVE-2024-11094 - 404 Solution Plugin

The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which may reveal sensitive information.

PLUGIN 404 Solution

CVE-2024-11094

MEDIUM CVSS 5.3 2024-11-16
Open Full Technical Breakdown
Threat Entry Updated 2025-05-01

CVE-2024-1068 - 404 Solution Plugin

The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.

PLUGIN 404 Solution

CVE-2024-1068

HIGH CVSS 7.2 2024-03-11
Open Full Technical Breakdown
Scroll to top