The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.

CVE-2015-9320: OptionTree

An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

CVE-2019-15216

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

CVE-2019-15215

An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.

CVE-2019-15221

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

If you care about your website, you should take steps to avoid 404 errors as it affects your SEO badly. 404 ( Page not found ) errors are common and we all hate it, even Search engines do the same! Install this plugin then sit back and relax. It will take care of 404 errors!

**What is 404 to 301?**

_Handling 404 errors in your site should be easy. With this plugin, it finally is._

> **404 to 301 Log Manager – Add-on is now available!**
> 
> *   Instead of instant email alerts, get **hourly, twice daily, daily, twice weekly, weekly** alerts.
> *   Limit the amount of emails sent out based on error logs count.
> *   **PDF file** attachment of error logs will be delivered through the email.
> *   **Automatically clear** old error logs based on time period.
> *   Get email alerts to multiple email recipients.
> 
> Get this add-on now | See Docs

404 to 301 is a simple but amazing plugin which handles all 404 errors for you. It will redirect all 404 errors to any page that you set, using 301 (or any other) status. That means no more 404 errors! Even in Google webmaster tool you are safe!  
You will not see any 404 error reports in your webmaster tool dashboard.

> **404 to 301 – Features**
> 
> *   You can redirect errors to any existing page or custom link (globally).
> *   **You can set custom redirect for each 404 path!**
> *   No more 404 errors in your website. Seriously!
> *   **Translation ready!**
> *   You can optionally monitor/log all errors.
> *   Exclude paths from errors.
> *   You can optionally enable email notification on all 404 errors.
> *   You can choose which redirect method to be used (301,302,307).
> *   Will not irritate your visitors if they land on a non-existing page/url.
> *   Increase your SEO by telling Google that all 404 pages are moved to some other page.
> *   Completely free to use with lifetime updates.
> *   Developer friendly.
> *   Follows best WordPress coding standards.
> *   Of course, available in GitHub
> 
> Installation | Docs | Screenshots

**Bug Reports**

Bug reports for 404 to 301 are always welcome. Report here.

**More information**

*   404 to 301 – Plugin Homepage, containing more details and docs.
*   Follow the developer @Twitter
*   Other WordPress plugins by Joel James for Duck Dev

**404 Errors and Redirect – More Details**

If you are confused with these terms 404,301, redirect etc, refer this page to know more about the redirect and SEO.

**Bug Reports**

Bug reports for 404 to 301 are always welcome. Report here.

**Installing the plugin – Simple**

1.  In your WordPress admin panel, go to _Plugins > New Plugin_, search for **404 to 301** and click “_Install now_“
2.  Alternatively, download the plugin and upload the contents of `404-to-301.zip` to your plugins directory, which usually is `/wp-content/plugins/`.
3.  Activate the plugin
4.  Go to 404 to 301 tab on your admin menus.
5.  Configure the plugin options with available settings.

**Need more help?**

Please take a look at the plugin documentation or open a support request.

**Missing something?**

If you would like to have an additional feature for this plugin, let me know

**What is the use of 404 to 301?**

It will increase your SEO by redirecting all 404 errors using SEO redirects.

**Can I monitor 404 errors?**

Yes. You can. If you enable logs from settings, it will list all the errors.

**How can I clear logs?**

Select ‘clear logs’ from bulk actions and submit. It will delete all log data from your db.

**Can I get email notifications?**

Yes. You can enable email notifications on each 404 errors (optional).

**Can I set custom redirects for each errors?**

Yes. You can set that from error logs table.

**I need more details**

Please take a look at the plugin documentation or open a support request.

![](https://secure.gravatar.com/avatar/246378b8fd892943ec989dc061ca96bf?s=60&d=retro&r=g)

Since installing this plugin several years ago I have not had to worry about deleting, renaming, or moving pages. It works seamlessly in the background.

![](https://secure.gravatar.com/avatar/4eb6e0988cc21fc3d47902c3e68139b8?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/71993e0df65c4077f1d4a63f3963850b?s=60&d=retro&r=g)

The redirection worked quite well for a while. But the log table ran full over time, because I nearly forgot about this plugin while working on other construction sites. When I recognized the full log and clicked the clean up button of "404 to 301", the whole server went down immediately! I had to call web hoster to reboot the server. They told me this script made Wordpress open too many mySQL connections, that way used up all RAM, and caused heavy load on HDDs. Bad architecture I guess. First, it shouldn't run endless logging, but terminate itself after a default time. And second, it should clean up the mess in small steps. I must admit that I can't tell, if this issue is legacy and if there's a new version handling things more gracious. But from what I've seen on the screenshots, there don't seem to have been many essential improvements over the last years.

![](https://secure.gravatar.com/avatar/7a34a598493fb9163e980985edb9bf6a?s=60&d=retro&r=g)

This plugin is very nice for me. I like the option that I could redirect the error 404 to a personal page, it is very useful for me.

![](https://secure.gravatar.com/avatar/d76314ab38ad06c239316e72e50543a5?s=60&d=retro&r=g)

This plug-in does a great job for us, we use an other plugin that is restricting the access of our pages, when an access to one of our pages is done the oter plugin generate a 404 error, at this time this plugin enter in action and redirect the user to the login page! Simple!

![](https://secure.gravatar.com/avatar/b24ec3d63fa67ab3df8221d25773e9fb?s=60&d=retro&r=g)

Really worth getting this plugin, made my life a lot easier

Read all 252 reviews

“404 to 301 – Redirect, Log and Notify 404 Errors” is open source software. The following people have contributed to this plugin.

Contributors

**3.1.1 (15/11/2021)**

**👌 Improvements**

*   Security checks and improvements.

**3.1.0 (18/10/2021)**

**👌 Improvements**

*   Tested with WP 5.8.
*   Added sanitization.

**3.0.9 (06/10/2021)**

**👌 Improvements**

*   Added nonce verification for bulk actions.

**3.0.8 (12/06/2021)**

**👌 Improvements**

*   Tested with WP 5.7.
*   Add capability checks for ajax actions – Thanks Jerome.
*   Improve query preparations – Thanks Jerome.

**3.0.7 (28/01/2021)**

**🐛 Bug Fixes**

*   Activation hook was not being executed.
*   Table creation failed in new installations.

**3.0.6 (18/12/2020)**

**👌 Improvements**

*   Tested with WP 5.6.
*   Small improvements.
*   Temporarily disabled Freemius SDK.

**3.0.5 (02/07/2019)**

**👌 Improvements**

*   Updated Freemius SDK.
*   Tested with WP 5.2.

**3.0.4 (16/03/2019)**

**📦 New**

*   Added option to disable URL guessing.
*   Added review notice.

**3.0.3 (15/03/2019)**

**🐛 Bug Fixes**

*   Opt-in is disabled temporarily to debug the issues.

**3.0.2 (26/02/2019)**

**🐛 Bug Fixes**

*   Security fix.

**👌 Improvements**

*   Minor performance improvements.

**3.0.1 (24/08/2018)**

**👌 Improvements**

*   Make release automated.

**🐛 Bug Fixes**

*   Do not include exclude path items.

**3.0.0.1 (25/06/2018)**

**Bug Fixes**

*   Using template\_redirect hook for redirect instead of wp hook.
*   Fixed an issue with do\_action in Freemius SDK.

**3.0.0 (20/06/2018)**

**New Features**

*   Individual optional settings for each error log item (Individual redirec, log, email alert can be set).
*   Clear error logs without removing custom redirects.
*   Added error logs grouping with count.
*   WPML compatible.
*   Integrated Freemius for addon, support and analytics (optional).

**Improvements**

*   Complete code revamp. More improved structure.
*   Set custom options from previous logs if same item exists.
*   Made 3rd party integration easier.

**2.3.3 (31/08/2016)**

**Bug Fixes**

*   Using esc\_url() for Ref and Url fields.
*   Fixed Cross Site Scripting vulnerability in “From” column – Thanks to Plugin Vulnerabilities.

**2.3.1 (27/08/2016)**

**Bug Fixes**

*   Fixed Cross Site Scripting vulnerability – Thanks to Summer of Pwnage & Louis Dion-Marcil.
*   Fixed sorting issue in error log (Changed default order to Date Descending order).
*   Fixed issues when trailing slash found at the end of custom redirect.

**Improvements**

*   Tested with WordPress 4.6.

**2.3.0 (17/08/2016)**

**Bug Fixes**

*   Removed unused UAN button from help page.
*   Completely safe to use.
*   Tracking completely removed from the plugin since it was detected as spam. Read more here.

**2.2.9 (16/08/2016)**

**Bug Fixes**

*   Serious issue fixed – Usage tracking script was being detected as spam.
*   Removed tracking completely.

**2.2.8 (12/07/2016)**

**Bug Fixes**

*   Fixed a minor bug on TOC button.

**2.2.7 (07/07/2016)**

**Bug Fixes**

*   Fixed issue with PHP 5.4 – Empty error log data.

**Improvements**

*   Improved condition checking.
*   Speed improvements.
*   Made error log link to new tab.

**2.2.6 (30/06/2016)**

**Bug Fixes**

*   Fixed issue – Undefined index when accessed directly.

**Improvements**

*   Improved condition checking.

**2.2.5 (05/06/2016)**

**Bug Fixes**

*   Fixed issue – Front end was slow.

**2.2.4 (02/06/2016)**

**Bug Fixes**

*   Fixed custom redirect issue.
*   Fixed issues when activating.

**2.2.2 (01/06/2016)**

**New Feature**

*   Now you can set **custom redirects** for reach error path.
*   Goto error logs list and set custom redirect.
*   Fixed issues with BuddyPress.

**Improvements**

*   Improved code.

**2.1.7 (20/04/2016)**

**New Add-on**

*   New Log Manager add-on available now.
*   Get periodic email alerts instead of instant email alerts for every errors (add-on).
*   Automatically clear error logs (add-on).

**Improvements**

*   Removed inactive filter – i4t3\_before\_404\_redirect

**2.1.6 (06/04/2016)**

**Improvements**

*   Fixed broken plugin website links.
*   Tested with WordPress 4.5.

**2.1.5 (22/03/2016)**

**Improvements**

*   Fixed issues with deprecated functions – Thanks to Pedro Mendonça.
*   Translated missing strings.
*   Tested with WordPress 4.4.2.

**2.1.4 (22/01/2016)**

**Bug Fixes**

*   Fixed issues when clearing logs (header already sent..).
*   Tested with WordPress 4.4.1.

**2.1.3 (20/12/2015)**

**Bug Fixes**

*   Fixed issues with older version of WordPress.
*   Fixed issues with older version of PHP.

**2.1.0 (20/12/2015)**

**New Feature**

*   New option to set items per page from error log listing page.
*   New option to show or hide items from listing table (Screen option).

**Improvements**

*   Improved error listing page table structure.

**Bug Fixes**

*   Fixed issue – Null value issue when no Referrer or User Agent found.
*   Fixed issue – Clearing errors and redirecting.

**2.0.9 (2/11/2015)**

**Bug Fixes**

*   Fixed issue – Empty needle issue after 2.0.8 update.

**2.0.8 (28/10/2015)**

**New Feature**

*   New option to exclude paths from error logs and redirect.

**Bug Fixes**

*   Fixed issue – Email notifications are being sent even after disabling it.
*   Fixed issue – Settings reset after reactivation of plugin.

**2.0.7 (25/09/2015)**

**New Feature**

*   New option to change error notification email address.
*   Now **100% Translation ready**.

**Improvements**

*   Minor code improvements.

**2.0.6 (13/09/2015)**

**Improvements**

*   Introduced new website for the plugin.
*   Fixed few dead link issues

**2.0.5 (03/09/2015)**

**Improvements**

*   Added option to avoid search engine crawlers/bots from logging errors.

**Bug Fixes**

*   Fixed error log per page issue.

**2.0.4 (26/08/2015)**

**Bug Fixes**

*   Fixed an issue where error log table is not being created.

**2.0.3 (21/08/2015)**

**Bug Fixes**

*   Fixed a serious issue which may cause SQL injection attack.

**2.0.2 (16/08/2015)**

**Bug Fixes**

*   Fixed an issue with https redirect.
*   Fixed an issue with url preg\_match.

**2.0.1 (29/07/2015)**

**New Feature**

*   Now you can log/monitor all 404 errors (optional).
*   You can get email notifications on 404 errors (optional).
*   You can select existing pages from dropdown to set as redirect page.
*   New plugin home page.

**Improvements**

*   Upgraded to WordPress plugin coding standard.
*   Documented all functions.

**1.0.8**

*   Very minor bug fix
*   Tested for WP 4.2

**1.0.7**

*   Fixed options saving issue in admin page.
*   Improved performance.

**1.0.6**

*   Tested with latest version.
*   Improved structure.

**1.0.5**

*   Bug fix.
*   Fixed permission issue on redirect link on plugin activation.

**1.0.4**

*   Bug fix.
*   Fixed permission issue on activating along with some security plugins like WordFence.

**1.0.3**

*   Added official support forum.

**1.0.1**

*   Added official website details.

**1.0.0**

*   Added first version with basic options.

CVE-2015-9323: 404 to 301 – Redirect, Log and Notify 404 Errors

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

CVE-2019-15046: ServiceDesk Plus readme | Service desk release notes | ServiceDesk Plus latest version read me notes | IT service management release notes | Service desk current version

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.

CVE-2016-10867: All-In-One Security (AIOS) – Security and Firewall

The events-manager plugin before 5.6 for WordPress has code injection.

CVE-2015-9298: Events Manager

The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.

CVE-2015-9304: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

The simple-membership plugin before 3.5.7 for WordPress has XSS.

Tag

#google