Does 404 Solution have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is 404 Solution compatible with WordPress 6.9.4?

According to WordPress.org data, 404 Solution 4.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is 404 Solution compatible with PHP 7.4+?

404 Solution requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 404 Solution updated?

404 Solution was last updated on Apr 16, 2026. Frequent updates are generally a positive security signal.

What is 404 Solution's security score?

404 Solution has a WP-Safety security score of 86/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

404 Solution Security & Risk Analysis

wordpress.org/plugins/404-solution

Automatically redirect 404 errors to the right page using a 7-engine matching pipeline and spell-checking algorithm. Zero configuration required.

10K active installs v4.1.2 PHP 7.4+ WP 5.0+ Updated Apr 16, 2026

404404-redirectbroken-linksredirectspell-check

A · Safe

CVEs total8

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is 404 Solution Safe to Use in 2026?

Generally Safe

Score 86/100

404 Solution has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Dec 12, 2025Updated 1mo ago

Risk Assessment

The "404-solution" plugin, version 3.2.2, exhibits a mixed security posture. While it demonstrates good practices by implementing nonce checks and capability checks on its entry points, and a significant majority of its SQL queries utilize prepared statements, there are notable areas of concern. The static analysis reveals a concerning number of flows with unsanitized paths, with two identified as high severity in the taint analysis. This suggests potential vulnerabilities where user-supplied input might not be adequately validated or escaped before being processed, potentially leading to exploits.

The plugin's vulnerability history is a significant red flag, with a substantial number of known CVEs, including one critical and one high severity. Although none are currently unpatched, the pattern of past vulnerabilities, including Cross-site Scripting, SQL Injection, and various information exposure issues, indicates a recurring tendency towards insecure coding practices. The plugin's attack surface is relatively small with no unprotected entry points, which is a positive sign. However, the presence of high-severity taint flows and a history of critical vulnerabilities, despite the presence of security controls, warrants caution.

Key Concerns

High severity taint flows found
1 critical CVE in history
1 high severity CVE in history
6 medium severity CVEs in history
12 flows with unsanitized paths

Vulnerabilities

8 published

404 Solution Security Vulnerabilities

CVEs by Year

4 CVEs in 2023

2023

3 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

8 total CVEs

CVE-2025-14477medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter

Dec 12, 2025 Patched in 3.1.1 (1d)

CVE-2024-11277medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

404 Solution <= 2.35.19 - Reflected Cross-Site Scripting

Nov 19, 2024 Patched in 2.35.20 (1d)

CVE-2024-11094medium · 5.3Exposure of Data Element to Wrong Session

404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure

Nov 15, 2024 Patched in 2.35.18 (4d)

CVE-2024-1068critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection

Feb 17, 2024 Patched in 2.35.8 (68d)

CVE-2023-52146medium · 5.3Insertion of Sensitive Information into Log File

404 Solution <= 2.33.0 - Sensitive Information Exposure via Log File

Dec 28, 2023 Patched in 2.33.1 (26d)

CVE-2023-50848medium · 6.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 2.34.0 - Authenticated(Administrator+) SQL Injection

Dec 21, 2023 Patched in 2.35.0 (33d)

WF-14958861-305e-4a9b-b428-de204cd6781e-404-solutionhigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 2.33.2 - Authenticated (Administrator+) SQL Injection via orderby

Oct 23, 2023 Patched in 2.34.0 (92d)

WF-fadc1374-fe4d-414a-af84-1a4de5b89807-404-solutionmedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

404 Solution <= 2.33.0 - Sensitive Information Exposure

Oct 16, 2023 Patched in 2.33.1 (99d)

Version History

404 Solution Release Timeline

v4.1.2Current

v4.1.1

v4.1.0

v4.0.4

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.1

v3.3.0

v3.2.2

v3.2.1

v3.2.0

v3.1.10

v3.1.9

Code Analysis

Analyzed Mar 16, 2026

404 Solution Code Analysis

Dangerous Functions

Raw SQL Queries

99 prepared

Unescaped Output

144

663 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

76% prepared130 total queries

Output Escaping

82% escaped807 total outputs

Data Flows · Security

12 unsanitized

Data Flow Analysis

16 flows12 with unsanitized paths

NormalErrorHandler (includes\ErrorHandler.php:37)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

404 Solution Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_abj404_dismiss_setup_wizardincludes\SetupWizard.php:34

authwp_ajax_abj404_save_uninstall_prefsincludes\UninstallModal.php:25

WordPress Hooks 52

actiondoing_it_wrong_run404-solution.php:130

actionsend_headers404-solution.php:320

actiontemplate_redirect404-solution.php:345

actionwp_head404-solution.php:413

actionabj404_cleanupCronAction404-solution.php:509

actionabj404_updateLogsHitsTableAction404-solution.php:510

actionabj404_updatePermalinkCacheAction404-solution.php:511

actionabj404_rebuild_ngram_cache_hook404-solution.php:512

actionabj404_network_activation_hook404-solution.php:513

actionabj404_network_activation_background404-solution.php:514

filterplugin_locale404-solution.php:544

actionadmin_notices404-solution.php:561

actionadmin_notices404-solution.php:601

actionadmin_init404-solution.php:760

actionshutdownincludes\DataAccess.php:2473

actionshutdownincludes\DataAccess.php:3495

actionupdated_optionincludes\PermalinkCache.php:57

filteruser_has_capincludes\PluginLogic.php:100

actionnetwork_admin_noticesincludes\PluginLogic.php:1391

filtermanage_posts_columnsincludes\PostEditorIntegration.php:39

filtermanage_pages_columnsincludes\PostEditorIntegration.php:40

actionmanage_posts_custom_columnincludes\PostEditorIntegration.php:41

actionmanage_pages_custom_columnincludes\PostEditorIntegration.php:42

actionquick_edit_custom_boxincludes\PostEditorIntegration.php:43

actionadmin_enqueue_scriptsincludes\PostEditorIntegration.php:44

actionadd_meta_boxesincludes\PostEditorIntegration.php:47

actioninitincludes\PostEditorIntegration.php:50

actionenqueue_block_editor_assetsincludes\PostEditorIntegration.php:51

actionadmin_initincludes\Privacy.php:21

filterwp_privacy_personal_data_exportersincludes\Privacy.php:24

filterwp_privacy_personal_data_erasersincludes\Privacy.php:25

actionadmin_initincludes\SetupWizard.php:30

actionadmin_enqueue_scriptsincludes\SetupWizard.php:37

actionadmin_headincludes\SetupWizard.php:215

actionadmin_footerincludes\SetupWizard.php:218

actionadmin_footerincludes\SetupWizard.php:221

actionsave_postincludes\SlugChangeHandler.php:37

actionupdated_optionincludes\SpellChecker.php:196

actionsave_postincludes\SpellChecker.php:197

actiondelete_postincludes\SpellChecker.php:198

actionadmin_enqueue_scriptsincludes\UninstallModal.php:22

actionadmin_footerincludes\UninstallModal.php:143

actionwp_mail_failedincludes\UninstallModal.php:807

actionwpmu_new_blogincludes\WordPress_Connector.php:121

actionwp_initialize_siteincludes\WordPress_Connector.php:122

actiondelete_blogincludes\WordPress_Connector.php:123

actionadmin_noticesincludes\WordPress_Connector.php:135

actionadmin_menuincludes\WordPress_Connector.php:137

actionadmin_enqueue_scriptsincludes\WordPress_Connector.php:139

actionadmin_headincludes\WordPress_Connector.php:141

filteradmin_footer_textincludes\WordPress_Connector.php:194

filterupdate_footerincludes\WordPress_Connector.php:197

Scheduled Events 6

abj404_network_activation_background

abj404_rebuild_ngram_cache_hook

abj404_network_activation_hook

abj404_cleanupCronAction

Maintenance & Trust

404 Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 16, 2026

PHP min version7.4

Downloads1.0M

Community Trust

Rating100/100

Number of ratings41

Active installs10K

Alternatives

404 Solution Alternatives

Clenex

clenex

100

Analyze and optimize your WordPress site with smart tools for disk space, performance, broken links, and duplicate files.

10 No CVEs

Smart 404 Redirect Manager

smart-404-redirect-manager

100

Smart 404 Redirect & Log Manager fixes 404 errors, auto-redirects broken links, prevents loops, and boosts SEO with smart error management.

0 No CVEs

404 to 301 – Redirect, Log and Notify 404 Errors

404-to-301

Automatically redirect, log and notify all 404 page errors to any page using 301 redirect for SEO. No more 404 Errors in WebMaster tool.

100K 6 CVEs

404 Redirect

redirect-to-404

Redirect all 404 errors to a specific page

200 No CVEs

Advanced Redirect Manager 301

advanced-redirect-manager

100

Manage 301 redirects, monitor 404 errors, and fix broken links. A complete redirect manager and broken link checker for WordPress SEO.

60 No CVEs

Developer Profile

404 Solution Developer Profile

Aaron

1 plugin · 10K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

41 days

View full developer profile

Detection Fingerprints

How We Detect 404 Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/404-solution/assets/css/frontend.css/wp-content/plugins/404-solution/assets/js/frontend.js

Script Paths

/wp-content/plugins/404-solution/assets/js/frontend.js

Version Parameters

404-solution/assets/css/frontend.css?ver=404-solution/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

abj404-suggestions

HTML Comments

Data Attributes

data-abj404-nonce

JS Globals

ABJ404_nonce_value

Shortcode Output

[abj404_solution_page_suggestions]

FAQ