A high-severity vulnerability in the 404 Redirection Manager plugin exposes the host WordPress environment to potential security compromises.

This vulnerability involves a flaw in the 404 Redirection Manager plugin, which may permit unauthorized access or manipulation of site redirection settings.

The CVSS score of 8.2 indicates a high risk to the business, as an attacker could potentially redirect traffic to malicious sites or manipulate site navigation, leading to a loss of user trust. Unauthorized control over redirection settings can also be leveraged to facilitate phishing campaigns against site visitors.

Immediate Action: Update the 404 Redirection Manager plugin to the latest version recommended by the vendor.

Proactive Monitoring: Regularly audit redirection rules and monitor logs for unexpected changes to site configuration files.

Compensating Controls: Implement a WAF to monitor and block suspicious HTTP requests that deviate from normal site navigation patterns.

Public Exploit Available: false

Security teams should prioritize updating the 404 Redirection Manager plugin to mitigate this high-risk vulnerability. If the plugin is not actively required for business operations, it should be removed to reduce the overall attack surface.