WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cloaking (2.2.9)

Description

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors is prone to cloaking. The plugin is inserting links to websites into page content, hidden to the site owner, that would only show up when Google or another search engine crawled the site. WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors version 2.2.9 is affected; prior versions may also be affected.

Remediation

Update to plugin version 2.3.0 or latest

References

https://www.wordfence.com/blog/2016/08/404-301-plugin-considered-harmful/

https://wordpress.org/support/topic/cloaking-seriously

https://www.wordfence.com/blog/2016/08/will-always-put-customers-community-first/

https://wordpress.org/plugins/404-to-301/changelog/

Related Vulnerabilities

WordPress Plugin Content Timeline Multiple SQL Injection Vulnerabilities (4.4.2)

Microsoft SQL Server CVE-2023-36420 Vulnerability (CVE-2023-36420)

WordPress Plugin OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2161)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)

Severity

High

Tags

Missing Update