Hello,

Plugin: 404 to 301 2.0.2 https://wordpress.org/plugins/404-to-301/

1. Blind SQL injection (_404_To_301_Logs::i4t3_get_log_data)

Authenticated administrators can execute arbitrary sql commands (there is no CSRF protection).

Method: GET

Url: http://localhost/wp-admin/admin.php?page=i4t3-logs&orderby

Vulnerable parameters: orderby, order

Example PHP callstack:

_404_To_301_Logs::__construct   [/404-to-301/admin/class-404-to-301-logs.php:62]

_404_To_301_Logs::i4t3_get_log_data   [/404-to-301/admin/class-404-to-301-logs.php:103]

wpdb::get_results

Verification: