Does Custom 404 Handler have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom 404 Handler have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom 404 Handler compatible with WordPress 6.8.5?

According to WordPress.org data, Custom 404 Handler 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Custom 404 Handler compatible with PHP 7.0+?

Custom 404 Handler requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Custom 404 Handler updated?

Custom 404 Handler was last updated on May 17, 2025. Frequent updates are generally a positive security signal.

What is Custom 404 Handler's security score?

Custom 404 Handler has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom 404 Handler Security & Risk Analysis

wordpress.org/plugins/custom-404-handler

Customized 404 page, error logging with analysis, automatic redirects and export functionality.

40 active installs v1.0.0 PHP 7.0+ WP 5.0+ Updated May 17, 2025

404custom-404errorloggingredirect

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Custom 404 Handler Safe to Use in 2026?

Generally Safe

Score 100/100

Custom 404 Handler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "custom-404-handler" plugin, version 1.0.0, presents a mixed security posture. On the positive side, it boasts no known vulnerabilities (CVEs) and a seemingly small attack surface with zero AJAX handlers, REST API routes, shortcodes, or cron events. The code also includes a reasonable number of nonce and capability checks, and half of its SQL queries utilize prepared statements, indicating some adherence to secure coding practices.

However, concerns arise from the static analysis. While the overall number of entry points is zero, a taint analysis revealed one flow with an unsanitized path, identified as high severity. This indicates a potential for privilege escalation or code injection if this path is reachable by an attacker. Furthermore, 42% of output strings are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities. The presence of file operations, even without external HTTP requests, also warrants careful review for potential insecure handling of files.

Given the lack of historical vulnerabilities, the plugin might have a generally secure codebase. Nevertheless, the identified high-severity taint flow and the significant percentage of unescaped output are critical areas that need immediate attention. Addressing these specific findings is paramount to improving the plugin's security before it becomes a target.

Key Concerns

High severity taint flow with unsanitized path
Significant portion of output not properly escaped
File operations present, requires careful review

Vulnerabilities

None known

Custom 404 Handler Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom 404 Handler Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

100 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared16 total queries

Output Escaping

58% escaped173 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

display_logs_page (custom-404-handler.php:372)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom 404 Handler Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menucustom-404-handler.php:68

actionadmin_initcustom-404-handler.php:71

actiontemplate_redirectcustom-404-handler.php:74

actionadmin_enqueue_scriptscustom-404-handler.php:77

actionwp_headcustom-404-handler.php:274

actionwp_headcustom-404-handler.php:306

actionadmin_initcustom-404-handler.php:576

Maintenance & Trust

Custom 404 Handler Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 17, 2025

PHP min version7.0

Downloads471

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Custom 404 Handler Alternatives

301 Redirects – Redirect Manager

eps-301-redirects

Manage 301 & 302 redirects. Simple redirection & redirects validation. Includes redirect stats & 404 error log.

300K 3 CVEs

All 404 Redirect to Homepage

all-404-redirect-to-homepage

Using this plugin, you can fix all 404 error links by redirecting them to homepage using the SEO 301 redirection. Improve your SEO rank & pages speed

200K 2 CVEs

404 to 301 – Redirect, Log and Notify 404 Errors

404-to-301

Automatically redirect, log and notify all 404 page errors to any page using 301 redirect for SEO. No more 404 Errors in WebMaster tool.

100K 6 CVEs

Smart Custom 404 Error Page

404page

Create a custom 404 error page the easy way! No coding, and no redirects.

100K 1 CVE

Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

simple-301-redirects

Simple 301 Redirects provides an easy method of redirecting requests to another page on your site or elsewhere on the web.

100K 7 CVEs

Developer Profile

Custom 404 Handler Developer Profile

jfkconsulting

1 plugin · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom 404 Handler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-404-handler/js/redirects.js/wp-content/plugins/custom-404-handler/js/settings.js

Script Paths