CVE-2024-1068 – This SQL injection vulnerability in the 404 Sol... (How to Fix)

Q: What is the severity of CVE-2024-1068?

CVE-2024-1068 has a CVSS score of 7.2 (HIGH). This SQL injection vulnerability in the 404 Solution WordPress plugin allows authenticated administrators to execute arbitrary SQL commands on the database. It affects WordPress sites running vulnerable plugin versions, potentially compromising site integrity and data confidentiality.

📋 TL;DR

This SQL injection vulnerability in the 404 Solution WordPress plugin allows authenticated administrators to execute arbitrary SQL commands on the database. It affects WordPress sites running vulnerable plugin versions, potentially compromising site integrity and data confidentiality.

💻 Affected Systems

Products:

404 Solution WordPress Plugin

Versions: All versions before 2.35.8

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress administrator privileges to exploit; affects all WordPress installations with vulnerable plugin versions.

📦 What is this software?

404 Solution by Ajexperience

View all CVEs affecting 404 Solution →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, or deletion; potential privilege escalation to full system access if database permissions allow.

🟠

Likely Case

Data exfiltration, privilege escalation within WordPress, or site defacement by malicious administrators.

🟢

If Mitigated

Limited impact due to proper access controls and monitoring, with only authorized administrators able to exploit.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator-level access; SQL injection is a well-understood attack vector with many available tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.35.8

Vendor Advisory: https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find '404 Solution' plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.35.8+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate 404-solution

Database Input Sanitization

all

Implement additional input validation at application layer

🧯 If You Can't Patch

Restrict administrator accounts to trusted personnel only
Implement database-level monitoring for unusual SQL queries

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → 404 Solution → Version number

Check Version:

wp plugin get 404-solution --field=version

Verify Fix Applied:

Confirm plugin version is 2.35.8 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from WordPress admin users
SQL error messages in WordPress logs

Network Indicators:

POST requests to wp-admin with SQL-like parameters

SIEM Query:

source="wordpress.log" AND "404-solution" AND ("SQL" OR "database error")

📊 Metadata

CVE ID: CVE-2024-1068

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 11, 2024

Last Updated: May 1, 2025

🔗 References

https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1068, you might also want to check these: