PLUGIN SECURITY
Is 404 To 301 safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the 404 To 301 WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
404-to-301 - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.9 [CVE-2021-24766, WordPress 404 to 301 plugin <= 3.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Logs Deletion, 404 to 301 < 3.0.9 - Logs Deletion via CSRF, 404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.0.3 [CVE-2015-9323, 404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection, 404 to 301 – Redirect, Log and Notify 404 Errors <= 2.0.2 - SQL Injection]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.8 [WordPress 404 to 301 plugin <= 3.0.7 - Broken Access Control vulnerability]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.2 [WordPress 404 to 301 plugin <= 3.0.1 - Authenticated Option Update vulnerability (Fremius Library security issue)]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.2.9 [WordPress 404 to 301 Plugin <= 2.2.8 - Persistent Cross Site Scripting]
+ 14 more known vulnerabilities
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.3.3 [WordPress 404 to 301 Plugin <= 2.3.1 - Persistent Cross-Site Scripting (XSS) Vulnerability]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.3.1 [WordPress 404 to 301 Plugin <= 2.3.0 - Cross Site Scripting]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.0.3 [WordPress 404 to 301 Plugin <= 2.0.2 - Blind SQL Injection]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.1.2 [WordPress 404 to 301 plugin <= 3.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.1.2 [404 to 301 < 3.1.2 - Reflected Cross-Site Scripting]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.2 [Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.8 [404 to 301 < 3.0.8 - Broken Access Control]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.3.1 [404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting (XSS)]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.1.2 [404 to 301 – Redirect, Log and Notify 404 Errors <= 3.1.1 - Reflected Cross-Site Scripting]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.8 [404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.2 [Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 2.3.1 [404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.8 [CVE-2021-4338]
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications [404-to-301] < 3.0.6 [CVE-2023-33999, WordPress 404 to 301 Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS), Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Redirection — 2000000+ active installs — max PHP 8.4
- Broken Link Checker by AIOSEO – Find & Fix Broken Internal, External & Video Links — 300000+ active installs — max PHP 8.4
- Smart Custom 404 Error Page — 100000+ active installs — max PHP 8.4
- Redirection — 100000+ active installs — max PHP 8.4
- WP 404 Auto Redirect to Similar Post — 30000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.