WP-Safety

404 to 301 – Redirect, Log and Notify 404 Errors Security & Risk Analysis

wordpress.org/plugins/404-to-301

Automatically redirect, log and notify all 404 page errors to any page using 301 redirect for SEO. No more 404 Errors in WebMaster tool.

100K active installs v3.1.5 PHP 5.6+ WP 3.5+ Updated Dec 9, 2025
404404-redirectcustom-404-pagenot-foundseo-redirect
95
A · Safe
CVEs total6
Unpatched0
Last CVEJun 7, 2022
Plugin page Download
Safety Verdict

Is 404 to 301 – Redirect, Log and Notify 404 Errors Safe to Use in 2026?

Generally Safe

Score 95/100

404 to 301 – Redirect, Log and Notify 404 Errors has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jun 7, 2022Updated 3mo ago
Risk Assessment

The '404-to-301' plugin v3.1.5 exhibits a mixed security posture. While the code analysis shows a strong adherence to secure coding practices with a high percentage of prepared SQL statements and properly escaped output, the presence of unprotected AJAX handlers is a significant concern. These entry points could be exploited to perform unauthorized actions if not properly secured at the application level.

The vulnerability history of this plugin is a major red flag. With a total of 6 known CVEs, including one critical and two high severity vulnerabilities in the past, it indicates a recurring pattern of security weaknesses. The types of past vulnerabilities (XSS, CSRF, Access Control, SQL Injection) suggest that the plugin has historically struggled with handling user input securely and enforcing proper authorization. The fact that there are currently no unpatched vulnerabilities is positive, but the history itself warrants caution.

In conclusion, while the latest version shows improvements in its static code analysis regarding SQL queries and output escaping, the unprotected AJAX handlers and the plugin's historical vulnerability record collectively suggest a moderate to high risk. Users should exercise caution and ensure they have other security measures in place to mitigate potential risks.

Key Concerns

  • 2 unprotected AJAX handlers
  • 6 total known CVEs, 1 critical, 2 high
  • Vulnerability history includes SQL Injection, XSS, CSRF, Access Control
Vulnerabilities
6

404 to 301 – Redirect, Log and Notify 404 Errors Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2016
2016
1 CVE in 2019
2019
2 CVEs in 2021
2021
1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
3

6 total CVEs

WF-11177270-cc73-4c65-9f72-8c0a0a89bed5-404-to-301medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

404 to 301 – Redirect, Log and Notify 404 Errors <= 3.1.1 - Reflected Cross-Site Scripting

Jun 7, 2022 Patched in 3.1.2 (595d)
CVE-2021-24766medium · 6.5Cross-Site Request Forgery (CSRF)

404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery

Oct 11, 2021 Patched in 3.0.9 (834d)
CVE-2021-4338medium · 6.4Improper Access Control

404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation

Jun 18, 2021 Patched in 3.0.8 (949d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-404-to-301high · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 3.0.2 (1793d)
WF-28624634-9161-4da7-89f3-88ce1d38c3ea-404-to-301high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting

Aug 27, 2016 Patched in 2.3.1 (2705d)
CVE-2015-9323critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

404 to 301 – Redirect, Log and Notify 404 Errors <= 2.0.2 - SQL Injection

Aug 20, 2015 Patched in 2.0.3 (3078d)
Code Analysis
Analyzed Mar 16, 2026

404 to 301 – Redirect, Log and Notify 404 Errors Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
10 prepared
Unescaped Output
4
55 escaped
Nonce Checks
3
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

83% prepared12 total queries

Output Escaping

93% escaped59 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
open_redirect (includes\admin\class-jj4t3-log-listing.php:902)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

404 to 301 – Redirect, Log and Notify 404 Errors Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_jj4t3_redirect_thickboxincludes\admin\class-jj4t3-admin.php:46
authwp_ajax_jj4t3_redirect_formincludes\admin\class-jj4t3-admin.php:47
WordPress Hooks 17
actionplugins_loaded404-to-301.php:98
filteradmin_initincludes\admin\class-jj4t3-admin.php:38
actionadmin_enqueue_scriptsincludes\admin\class-jj4t3-admin.php:39
actionadmin_enqueue_scriptsincludes\admin\class-jj4t3-admin.php:40
actionadmin_menuincludes\admin\class-jj4t3-admin.php:41
actionadmin_menuincludes\admin\class-jj4t3-admin.php:42
actionadmin_initincludes\admin\class-jj4t3-admin.php:43
filterset-screen-optionincludes\admin\class-jj4t3-admin.php:44
actionadmin_footerincludes\admin\class-jj4t3-admin.php:45
actionadmin_footerincludes\admin\class-jj4t3-admin.php:48
filterplugin_action_linksincludes\admin\class-jj4t3-admin.php:49
actionplugins_loadedincludes\admin\class-jj4t3-admin.php:50
actionadmin_noticesincludes\admin\class-jj4t3-admin.php:53
actionadmin_initincludes\admin\class-jj4t3-admin.php:54
actionplugins_loadedincludes\class-jj4t3-i18n.php:29
actiontemplate_redirectincludes\public\class-jj4t3-404-actions.php:93
filterredirect_canonicalincludes\public\class-jj4t3-404-actions.php:94
Maintenance & Trust

404 to 301 – Redirect, Log and Notify 404 Errors Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 9, 2025
PHP min version5.6
Downloads2.1M

Community Trust

Rating92/100
Number of ratings308
Active installs100K
Alternatives

404 to 301 – Redirect, Log and Notify 404 Errors Alternatives

404 Redirect

404 Redirect

redirect-to-404

A
85

Redirect all 404 errors to a specific page

200 No CVEs
404s

404s

404s

A
85

fix all kinds of 404s, fix broken link & images automatically,log each 404,redirect each broken link to specific URL,404 mail alert,export 404s,re &hellip;

10 1 CVE
404 Redirect to Homepage or Custom URL

404 Redirect to Homepage or Custom URL

404-redirect-to-homepage-or-custom-url

A
100

Automatically redirect 404 errors to your homepage or any custom URL.

0 No CVEs
Auto Redirect 404 to Custom URL

Auto Redirect 404 to Custom URL

auto-redirect-404s

A
100

Automatically redirect all 404 errors to a custom URL or homepage. Fix 404 errors in Google Search Console with SEO-friendly 301 redirects.

0 No CVEs
All 404 Redirect to Homepage

All 404 Redirect to Homepage

all-404-redirect-to-homepage

A
99

Using this plugin, you can fix all 404 error links by redirecting them to homepage using the SEO 301 redirection. Improve your SEO rank & pages speed

200K 2 CVEs
Developer Profile

404 to 301 – Redirect, Log and Notify 404 Errors Developer Profile

Joel James

7 plugins · 117K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1175 days
View full developer profile
Detection Fingerprints

How We Detect 404 to 301 – Redirect, Log and Notify 404 Errors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/404-to-301/assets/css/admin.min.css/wp-content/plugins/404-to-301/assets/js/admin.min.js
Script Paths
/wp-content/plugins/404-to-301/assets/js/admin.min.js
Version Parameters
404-to-301/assets/css/admin.min.css?ver=404-to-301/assets/js/admin.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-iddata-redirectdata-slug
JS Globals
jj4t3strings
FAQ

Frequently Asked Questions about 404 to 301 – Redirect, Log and Notify 404 Errors