WP-Safety

404 Solution Security & Risk Analysis

wordpress.org/plugins/404-solution

The smartest 404 plugin for WordPress - finds what your visitors were actually looking for.

10K active installs v3.2.2 PHP 7.4+ WP 5.0+ Updated Mar 14, 2026
301302404redirect
86
A · Safe
CVEs total8
Unpatched0
Last CVEDec 12, 2025
Plugin page Download
Safety Verdict

Is 404 Solution Safe to Use in 2026?

Generally Safe

Score 86/100

404 Solution has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Dec 12, 2025Updated 19d ago
Risk Assessment

The "404-solution" plugin, version 3.2.2, exhibits a mixed security posture. While it demonstrates good practices by implementing nonce checks and capability checks on its entry points, and a significant majority of its SQL queries utilize prepared statements, there are notable areas of concern. The static analysis reveals a concerning number of flows with unsanitized paths, with two identified as high severity in the taint analysis. This suggests potential vulnerabilities where user-supplied input might not be adequately validated or escaped before being processed, potentially leading to exploits.

The plugin's vulnerability history is a significant red flag, with a substantial number of known CVEs, including one critical and one high severity. Although none are currently unpatched, the pattern of past vulnerabilities, including Cross-site Scripting, SQL Injection, and various information exposure issues, indicates a recurring tendency towards insecure coding practices. The plugin's attack surface is relatively small with no unprotected entry points, which is a positive sign. However, the presence of high-severity taint flows and a history of critical vulnerabilities, despite the presence of security controls, warrants caution.

Key Concerns

  • High severity taint flows found
  • 1 critical CVE in history
  • 1 high severity CVE in history
  • 6 medium severity CVEs in history
  • 12 flows with unsanitized paths
Vulnerabilities
8

404 Solution Security Vulnerabilities

CVEs by Year

4 CVEs in 2023
2023
3 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
6

8 total CVEs

CVE-2025-14477medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter

Dec 12, 2025 Patched in 3.1.1 (1d)
CVE-2024-11277medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

404 Solution <= 2.35.19 - Reflected Cross-Site Scripting

Nov 19, 2024 Patched in 2.35.20 (1d)
CVE-2024-11094medium · 5.3Exposure of Data Element to Wrong Session

404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure

Nov 15, 2024 Patched in 2.35.18 (4d)
CVE-2024-1068critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection

Feb 17, 2024 Patched in 2.35.8 (68d)
CVE-2023-52146medium · 5.3Insertion of Sensitive Information into Log File

404 Solution <= 2.33.0 - Sensitive Information Exposure via Log File

Dec 28, 2023 Patched in 2.33.1 (26d)
CVE-2023-50848medium · 6.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 2.34.0 - Authenticated(Administrator+) SQL Injection

Dec 21, 2023 Patched in 2.35.0 (33d)
WF-14958861-305e-4a9b-b428-de204cd6781e-404-solutionhigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 Solution <= 2.33.2 - Authenticated (Administrator+) SQL Injection via orderby

Oct 23, 2023 Patched in 2.34.0 (92d)
WF-fadc1374-fe4d-414a-af84-1a4de5b89807-404-solutionmedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

404 Solution <= 2.33.0 - Sensitive Information Exposure

Oct 16, 2023 Patched in 2.33.1 (99d)
Code Analysis
Analyzed Mar 16, 2026

404 Solution Code Analysis

Dangerous Functions
0
Raw SQL Queries
31
99 prepared
Unescaped Output
144
663 escaped
Nonce Checks
36
Capability Checks
13
File Operations
27
External Requests
3
Bundled Libraries
0

SQL Query Safety

76% prepared130 total queries

Output Escaping

82% escaped807 total outputs
Data Flows
12 unsanitized

Data Flow Analysis

16 flows12 with unsanitized paths
NormalErrorHandler (includes\ErrorHandler.php:37)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

404 Solution Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_abj404_dismiss_setup_wizardincludes\SetupWizard.php:34
authwp_ajax_abj404_save_uninstall_prefsincludes\UninstallModal.php:25
WordPress Hooks 52
actiondoing_it_wrong_run404-solution.php:130
actionsend_headers404-solution.php:320
actiontemplate_redirect404-solution.php:345
actionwp_head404-solution.php:413
actionabj404_cleanupCronAction404-solution.php:509
actionabj404_updateLogsHitsTableAction404-solution.php:510
actionabj404_updatePermalinkCacheAction404-solution.php:511
actionabj404_rebuild_ngram_cache_hook404-solution.php:512
actionabj404_network_activation_hook404-solution.php:513
actionabj404_network_activation_background404-solution.php:514
filterplugin_locale404-solution.php:544
actionadmin_notices404-solution.php:561
actionadmin_notices404-solution.php:601
actionadmin_init404-solution.php:760
actionshutdownincludes\DataAccess.php:2473
actionshutdownincludes\DataAccess.php:3495
actionupdated_optionincludes\PermalinkCache.php:57
filteruser_has_capincludes\PluginLogic.php:100
actionnetwork_admin_noticesincludes\PluginLogic.php:1391
filtermanage_posts_columnsincludes\PostEditorIntegration.php:39
filtermanage_pages_columnsincludes\PostEditorIntegration.php:40
actionmanage_posts_custom_columnincludes\PostEditorIntegration.php:41
actionmanage_pages_custom_columnincludes\PostEditorIntegration.php:42
actionquick_edit_custom_boxincludes\PostEditorIntegration.php:43
actionadmin_enqueue_scriptsincludes\PostEditorIntegration.php:44
actionadd_meta_boxesincludes\PostEditorIntegration.php:47
actioninitincludes\PostEditorIntegration.php:50
actionenqueue_block_editor_assetsincludes\PostEditorIntegration.php:51
actionadmin_initincludes\Privacy.php:21
filterwp_privacy_personal_data_exportersincludes\Privacy.php:24
filterwp_privacy_personal_data_erasersincludes\Privacy.php:25
actionadmin_initincludes\SetupWizard.php:30
actionadmin_enqueue_scriptsincludes\SetupWizard.php:37
actionadmin_headincludes\SetupWizard.php:215
actionadmin_footerincludes\SetupWizard.php:218
actionadmin_footerincludes\SetupWizard.php:221
actionsave_postincludes\SlugChangeHandler.php:37
actionupdated_optionincludes\SpellChecker.php:196
actionsave_postincludes\SpellChecker.php:197
actiondelete_postincludes\SpellChecker.php:198
actionadmin_enqueue_scriptsincludes\UninstallModal.php:22
actionadmin_footerincludes\UninstallModal.php:143
actionwp_mail_failedincludes\UninstallModal.php:807
actionwpmu_new_blogincludes\WordPress_Connector.php:121
actionwp_initialize_siteincludes\WordPress_Connector.php:122
actiondelete_blogincludes\WordPress_Connector.php:123
actionadmin_noticesincludes\WordPress_Connector.php:135
actionadmin_menuincludes\WordPress_Connector.php:137
actionadmin_enqueue_scriptsincludes\WordPress_Connector.php:139
actionadmin_headincludes\WordPress_Connector.php:141
filteradmin_footer_textincludes\WordPress_Connector.php:194
filterupdate_footerincludes\WordPress_Connector.php:197

Scheduled Events 6

abj404_network_activation_background
abj404_rebuild_ngram_cache_hook
abj404_rebuild_ngram_cache_hook
abj404_network_activation_hook
abj404_network_activation_hook
abj404_cleanupCronAction
Maintenance & Trust

404 Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version7.4
Downloads981K

Community Trust

Rating100/100
Number of ratings41
Active installs10K
Alternatives

404 Solution Alternatives

Redirectioner

Redirectioner

404-redirected

A
85

Creates automatic redirects for 404 traffic and page suggestions when matches are not found providing better service to your web visitors.

2K No CVEs
WP Post Redirection – 301, 404 Redirects

WP Post Redirection – 301, 404 Redirects

advance-wp-redirect

A
100

WP Post Redirection – 301, 404 Redirects lets you quickly redirect pages, posts, custom types, and URLs to new locations for seamless navigation.

60 No CVEs
Simple Htaccess Redirects

Simple Htaccess Redirects

simple-htaccess-redirects

A
85

Appends the correct code into the .htaccess file for redirection.

20 No CVEs
Redirection

Redirection

redirection

A
97

Manage 301 redirects, track 404 errors, and improve your site. No knowledge of Apache or Nginx required.

2.0M 5 CVEs
301 Redirects – Redirect Manager

301 Redirects – Redirect Manager

eps-301-redirects

A
98

Manage 301 & 302 redirects. Simple redirection & redirects validation. Includes redirect stats & 404 error log.

300K 3 CVEs
Developer Profile

404 Solution Developer Profile

Aaron

1 plugin · 10K total installs

78
trust score
Avg Security Score
86/100
Avg Patch Time
41 days
View full developer profile
Detection Fingerprints

How We Detect 404 Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/404-solution/assets/css/frontend.css/wp-content/plugins/404-solution/assets/js/frontend.js
Script Paths
/wp-content/plugins/404-solution/assets/js/frontend.js
Version Parameters
404-solution/assets/css/frontend.css?ver=404-solution/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
abj404-suggestions
HTML Comments
<!-- ABJ 404 Solution is enabled. See: https://www.ajexperience.com/404-solution/ --><!-- ABJ 404 Solution: A redirect is needed. --><!-- ABJ 404 Solution: No redirect needed. --><!-- ABJ 404 Solution: Search suggestions provided. -->
Data Attributes
data-abj404-nonce
JS Globals
ABJ404_nonce_value
Shortcode Output
[abj404_solution_page_suggestions]
FAQ

Frequently Asked Questions about 404 Solution