WP-Safety

Smart Custom 404 Error Page Security & Risk Analysis

wordpress.org/plugins/404page

Create a custom 404 error page the easy way! No coding, and no redirects.

100K active installs v11.4.8 PHP 5.4+ WP 4.0+ Updated Jul 16, 2025
404404-error404-pagecustom-404not-found
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 3, 2024
Download
Safety Verdict

Is Smart Custom 404 Error Page Safe to Use in 2026?

Generally Safe

Score 99/100

Smart Custom 404 Error Page has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 3, 2024Updated 8mo ago
Risk Assessment

The '404page' plugin version 11.4.8 exhibits a generally positive security posture with no critical or high-severity vulnerabilities identified in the static analysis or vulnerability history. The absence of AJAX handlers, REST API routes without permission callbacks, cron events, and external HTTP requests significantly limits the plugin's attack surface. Furthermore, the presence of nonce and capability checks, along with a good proportion of SQL queries using prepared statements, indicates a commitment to secure coding practices. However, a notable concern is the low percentage of properly escaped output (14%), which can lead to Cross-Site Scripting (XSS) vulnerabilities, as evidenced by its past vulnerability history. While the most recent vulnerability was medium severity and is now patched, this pattern of XSS susceptibility warrants attention and suggests that output sanitization should be a priority for developers.

Despite the current lack of identified critical issues, the plugin's history of XSS vulnerabilities, coupled with a significant number of improperly escaped outputs in the static analysis, represents a potential risk. The limited attack surface and use of security checks are strengths, but the weakness in output escaping means that any future vulnerabilities of this type could have a high impact if exploited. Therefore, while the plugin is currently in a good state, ongoing vigilance regarding output sanitization is crucial to maintain its security.

Key Concerns

  • Low percentage of properly escaped output
  • History of Cross-Site Scripting vulnerabilities
Vulnerabilities
1

Smart Custom 404 Error Page Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-9204medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Custom 404 Error Page <= 11.4.7 - Reflected Cross-Site Scripting

Oct 3, 2024 Patched in 11.4.8 (1d)
Code Analysis
Analyzed Mar 16, 2026

Smart Custom 404 Error Page Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
50
8 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

14% escaped58 total outputs
Attack Surface

Smart Custom 404 Error Page Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[pp_404_url] shortcodes.php:15
WordPress Hooks 37
actioninitblock.php:14
actionenqueue_block_editor_assetsblock.php:31
actionadmin_enqueue_scriptsinc\class-404page-admin.php:35
actionadmin_enqueue_scriptsinc\class-404page-admin.php:36
actionadmin_headinc\class-404page-block-editor.php:29
actionadmin_headinc\class-404page-classic-editor.php:28
actioninitinc\class-404page.php:119
actionpre_get_postsinc\class-404page.php:151
filterget_pagesinc\class-404page.php:152
filterredirect_canonicalinc\class-404page.php:156
filterwpseo_exclude_from_sitemap_by_post_idsinc\class-404page.php:168
filterjetpack_sitemap_skip_postinc\class-404page.php:179
actionpre_get_postsinc\class-404page.php:204
filterbody_classinc\class-404page.php:224
filtertc_404_header_contentinc\class-404page.php:226
filtertc_404_contentinc\class-404page.php:227
filtertc_404_selectorsinc\class-404page.php:228
actiontemplate_redirectinc\class-404page.php:236
filterthe_postsinc\class-404page.php:245
filterdwqa_prepare_answersinc\class-404page.php:248
filter404_templateinc\class-404page.php:253
actiontemplate_redirectinc\class-404page.php:257
actiontemplate_redirectinc\class-404page.php:267
filterbody_classinc\class-404page.php:317
actionwpinc\class-404page.php:398
filterbody_classinc\class-404page.php:399
filtertemplate_includeinc\class-404page.php:400
actionwpinc\class-404page.php:434
filterbody_classinc\class-404page.php:435
filterbody_classinc\class-404page.php:527
actionwp_headinc\class-404page.php:653
actionwp_headinc\class-404page.php:654
actionadmin_noticesinc\ppf\ppf-admin.php:612
actionadmin_print_footer_scriptsinc\ppf\ppf-admin.php:647
actionplugins_loadedinc\ppf\ppf-plugin-addon.php:132
actionadmin_noticesinc\ppf\ppf-plugin-addon.php:140
actionadmin_noticesinc\ppf\ppf-plugin-addon.php:144
Maintenance & Trust

Smart Custom 404 Error Page Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 16, 2025
PHP min version5.4
Downloads2.7M

Community Trust

Rating98/100
Number of ratings1,194
Active installs100K
Alternatives

Smart Custom 404 Error Page Alternatives

Page as 404

Page as 404

page-as-404

A
100

The lightweight and core-friendly way to manage your site's 404 response using a standard Page within your site

0 No CVEs
404 to 301 – Redirect, Log and Notify 404 Errors

404 to 301 – Redirect, Log and Notify 404 Errors

404-to-301

A
95

Automatically redirect, log and notify all 404 page errors to any page using 301 redirect for SEO. No more 404 Errors in WebMaster tool.

100K 6 CVEs
Easy Custom 404 Page

Easy Custom 404 Page

easy-custom-404

A
92

Customize your 404 error page very easy. Simply select a page and save.

0 No CVEs
Redirect 404 Error Page to Homepage or Custom Page with Logs

Redirect 404 Error Page to Homepage or Custom Page with Logs

redirect-404-error-page-to-homepage-or-custom-page

A
91

Redirect the 404 error page to the homepage or any other page with logs. Supports permanent (301), temporary (302) redirects & not found (404).

10K 2 CVEs
Redirect 404 to Home Page – Custom URL

Redirect 404 to Home Page – Custom URL

redirect-404-to-home-page-custom-url

A
92

This Wordpress Plugin fixes 404 Errors in Google Webmasters by Redirecting all 404 URLs to Home Page or a Custom URL.

4K No CVEs
Developer Profile

Smart Custom 404 Error Page Developer Profile

NerdPress

4 plugins · 191K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
328 days
View full developer profile
Detection Fingerprints

How We Detect Smart Custom 404 Error Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/404page/css/admin.css/wp-content/plugins/404page/css/settings.css/wp-content/plugins/404page/js/admin.js/wp-content/plugins/404page/js/settings.js/wp-content/plugins/404page/js/block.js
Script Paths
/wp-content/plugins/404page/js/admin.js/wp-content/plugins/404page/js/settings.js/wp-content/plugins/404page/js/block.js
Version Parameters
404page/css/admin.css?ver=404page/css/settings.css?ver=404page/js/admin.js?ver=404page/js/settings.js?ver=404page/js/block.js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-404page-infohas-text-align-lefthas-text-align-centerhas-text-align-right
HTML Comments
<!-- Moved from init to enqueue_block_editor_assets in 11.4.1 --><!-- init admin --><!-- moved to PP_404Page_Admin in v 10 --><!-- moved to PP_404Page_Admin in v 10 -->+5 more
Data Attributes
data-pp-404page-edit-linkdata-pp-404page-test-linkdata-pp-404page-current-value
JS Globals
pp_404page
FAQ

Frequently Asked Questions about Smart Custom 404 Error Page