Description
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors version 3.0.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.9 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:CC13DB1E-5F7F-49B2-81DA-F913CFE70543
https://plugins.svn.wordpress.org/404-to-301/trunk/readme.txt
Related Vulnerabilities
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4724)
WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Local File Inclusion (1.5.24)