WordPress Plugin Vulnerabilities

404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection

Description

The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
404-to-301
Fixed in 2.0.3

References

CVE
CVE-2015-9323
URL
http://cinu.pl/research/wp-plugins/mail_e28f19a8f03f0517f94cb9fea15d8525.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
61586816-dd2b-461d-975f-1989502affd9

Timeline

Publicly Published
2015-08-20 (about 10 years ago)
Added
2015-11-22 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-02-28
Title
Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection
Published
2023-12-21
Title
E2Pdf < 1.20.24 - Authenticated(Administrator+) SQL Injection
Published
2025-02-18
Title
Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection
Published
2025-04-08
Title
Bulk Product Sync < 9.0 - Unauthenticated SQL Injection
Published
2021-08-04
Title
Availability Calendar < 1.2.1 - Authenticated SQL Injection