In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

_Published August 5, 2019 | Updated August 12, 2019_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Note:** Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the August 2019 Pixel Update Bulletin.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2019-08-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2019-08-01 patch level. Vulnerabilities are grouped under the component they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, such as the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Android runtime**

The vulnerability in this section could enable a local attacker to bypass user interaction requirements in order to gain access to additional permissions.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2019-2120

A-130821293

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

**Framework**

The most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2019-2121

A-131105245

EoP

High

9

CVE-2019-2122

A-127605586 \[2\] \[3\]

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2125

A-132275252

EoP

Moderate

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

**Media framework**

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2019-2126

A-127702368 \[2\]

RCE

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2128

A-132647222

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2129

A-124781927

ID

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

**System**

The most severe vulnerability in this section could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2019-2130

A-132073833

RCE

Critical

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2131

A-119115683

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2132

A-130568701

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2133

A-132082342

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2134

A-132083376

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2135

A-125900276

ID

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2136

A-132650049 \[2\] \[3\] \[4\]

ID

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

CVE-2019-2137

A-132438333 \[2\]

DoS

High

9

**2019-08-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2019-08-05 patch level. Vulnerabilities are grouped under the component they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, such as the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Media framework**

The vulnerability in this section could enable a local attacker to execute arbitrary code within the context of a privileged process.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2019-2127

A-124899895

EoP

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

**System**

The vulnerability in this section could enable a proximate attacker to access or tamper with data.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2019-9506

A-124301137 \[2\]

ID

High

7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

**Broadcom components**

The vulnerability in this section could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

    

CVE

References

Type

Severity

Component

CVE-2019-11516

A-132966035\*

RCE

Critical

Bluetooth

**Qualcomm components**

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Type

Severity

Component

CVE-2019-10492

A-132170519  
QC-CR#2389432

N/A

Critical

HLOS

CVE-2019-10509

A-132171185  
QC-CR#2359039

N/A

High

BTHOST

CVE-2019-10510

A-132173563  
QC-CR#2305025

N/A

High

BTHOST

CVE-2019-10499

A-134440231  
QC-CR#2398099

N/A

High

MProc

CVE-2019-10538

A-132193791  
QC-CR#2448763

N/A

High

WLAN

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Type

Severity

Component

CVE-2019-10539

A-135126805\*

N/A

Critical

Closed-source component

CVE-2019-10540

A-135126805\*

N/A

Critical

Closed-source component

CVE-2019-10489

A-132108754\*

N/A

High

Closed-source component

CVE-2019-2294

A-132108952\*

N/A

High

Closed-source component

**2019-06-05 security patch level—Updates**

In the section below, we provide details for two more security vulnerabilities that were included in the 2019-06-05 patch level. These issues were announced at a recent security conference as part of a coordinated disclosure with affected parties.

**Qualcomm components**

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Type

Severity

Component

CVE-2019-2279

A-114073969  
QC-CR#2345481 \[2\]

N/A

Critical

QC Venus Firmware

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Type

Severity

Component

CVE-2019-2252

A-114235025\*

N/A

Critical

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2019-08-01 or later address all issues associated with the 2019-08-01 security patch level.
*   Security patch levels of 2019-08-05 or later address all issues associated with the 2019-08-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2019-08-01\]
*   \[ro.build.version.security\_patch\]:\[2019-08-05\]

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2019-08-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2019-08-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

August 5, 2019

Bulletin published

1.1

August 7, 2019

Bulletin revised to include AOSP links

1.2

August 12, 2019

Bulletin revised to include issues announced at recent security conferences as part of a coordinated disclosure with affected parties

CVE-2019-2126: Android Security Bulletin—August 2019

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Security bulletin for Adobe Acrobat and Reader | APSB19-41

**Bulletin ID**

**Date Published**

**Priority**

APSB19-41

August 13, 2019

2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

These updates will address important vulnerabilities in the software. Adobe will be assigning the following  priority ratings to these updates:

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

*   Users can update their product installations manually by choosing Help > Check for Updates.     
    
*   The products will update automatically, without requiring user intervention, when updates are detected.      
    
*   The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     
    

For IT administrators (managed environments):     

*   Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.     
    
*   Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     
    

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVE Number**

Out-of-Bounds Read   

Information Disclosure   

Important   

CVE-2019-8077

CVE-2019-8094

CVE-2019-8095

CVE-2019-8096

CVE-2019-8102

CVE-2019-8103

CVE-2019-8104

CVE-2019-8105

CVE-2019-8106

CVE-2019-8002

CVE-2019-8004

CVE-2019-8005

CVE-2019-8007

CVE-2019-8010

CVE-2019-8011

CVE-2019-8012

CVE-2019-8018

CVE-2019-8020

CVE-2019-8021

CVE-2019-8032

CVE-2019-8035

CVE-2019-8037

CVE-2019-8040

CVE-2019-8043

CVE-2019-8052

Out-of-Bounds Write   

Arbitrary Code Execution    

Important  

CVE-2019-8098

CVE-2019-8100

CVE-2019-7965

CVE-2019-8008

CVE-2019-8009

CVE-2019-8016

CVE-2019-8022

CVE-2019-8023

CVE-2019-8027

Command Injection 

Arbitrary Code Execution  

Important 

CVE-2019-8060

Use After Free   

Arbitrary Code Execution     

Important 

CVE-2019-8003

CVE-2019-8013

CVE-2019-8024  

CVE-2019-8025  

CVE-2019-8026  

CVE-2019-8028

CVE-2019-8029

CVE-2019-8030

CVE-2019-8031

CVE-2019-8033

CVE-2019-8034

CVE-2019-8036

CVE-2019-8038

CVE-2019-8039

CVE-2019-8047

CVE-2019-8051

CVE-2019-8053

CVE-2019-8054

CVE-2019-8055

CVE-2019-8056

CVE-2019-8057

CVE-2019-8058  

CVE-2019-8059

CVE-2019-8061

CVE-2019-8257

Heap Overflow 

Arbitrary Code Execution     

Important 

CVE-2019-8066

CVE-2019-8014

CVE-2019-8015

CVE-2019-8041

CVE-2019-8042

CVE-2019-8046

CVE-2019-8049

CVE-2019-8050

Buffer Error 

Arbitrary Code Execution     

 Important  

CVE-2019-8048

Double Free 

Arbitrary Code Execution     

Important   

CVE-2019-8044 

Integer Overflow

Information Disclosure

Important 

CVE-2019-8099

CVE-2019-8101

Internal IP Disclosure

Information Disclosure

Important 

CVE-2019-8097

Type Confusion

Arbitrary Code Execution  

Important 

CVE-2019-8019 

CVE-2019-8249

CVE-2019-8250

Untrusted Pointer Dereference

Arbitrary Code Execution 

Important 

CVE-2019-8006

CVE-2019-8017

CVE-2019-8045

Insufficiently Robust Encryption

Security feature bypass

Critical

CVE-2019-8237

Type Confusion

Information Disclosure

Important

CVE-2019-8251

CVE-2019-8252

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:    

*   Dhanesh Kizhakkinan of FireEye Inc. (CVE-2019-8066) 
*   Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences and Codesafe Team of Legendsec at Qi'anxin Group (CVE-2019-8029, CVE-2019-8030, CVE-2019-8031) 
*   (A.K.) Karim Zidani, Independent Security Researcher ; https://imAK.xyz/ (CVE-2019-8097) 
*   Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-8033, CVE-2019-8037)  
*   BUGFENSE Anonymous Bug Bounties https://bugfense.io (CVE-2019-8015) 
*   Haikuo Xie of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2019-8035, CVE-2019-8257) 
*   Wei Lei of STAR Labs (CVE-2019-8009, CVE-2019-8018, CVE-2019-8010, CVE-2019-8011) 
*   Li Qi(@leeqwind) & Wang Lei(@CubestoneW) & Liao Bangjie(@b1acktrac3) of Qihoo360 CoreSecurity(@360CoreSec) (CVE-2019-8012) 
*   Ke Liu of Tencent Security Xuanwu Lab (CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8004, CVE-2019-8005, CVE-2019-8006, CVE-2019-8077, CVE-2019-8003, CVE-2019-8020, CVE-2019-8021, CVE-2019-8022, CVE-2019-8023) 
*   Haikuo Xie of Baidu Security Lab (CVE-2019-8032, CVE-2019-8036) 
*   ktkitty (https://ktkitty.github.io) working with Trend Micro Zero Day Initiative (CVE-2019-8014) 
*   Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-8008, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059) 
*   Mateusz Jurczyk of Google Project Zero (CVE-2019-8041, CVE-2019-8042, CVE-2019-8043, CVE-2019-8044, CVE-2019-8045, CVE-2019-8046, CVE-2019-8047, CVE-2019-8048, CVE-2019-8049, CVE-2019-8050, CVE-2019-8016, CVE-2019-8017) 
*   Michael Bourque (CVE-2019-8007) 
*   peternguyen working with Trend Micro Zero Day Initiative (CVE-2019-8013, CVE-2019-8034) 
*   Simon Zuckerbraun of Trend Micro Zero Day Initiative (CVE-2019-8027) 
*   Steven Seeley (mr\_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2019-8019) 
*   Steven Seeley (mr\_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8098, CVE-2019-8099, CVE-2019-8100, CVE-2019-8101, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8106, CVE-2019-7965, CVE-2019-8105) 
*   willJ working with Trend Micro Zero Day Initiative (CVE-2019-8040, CVE-2019-8052) 
*   Esteban Ruiz (mr\_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8002) 
*   Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-8024, CVE-2019-8061, CVE-2019-8055) 
*   Zhaoyan Xu, Hui Gao of Palo Alto Networks (CVE-2019-8026, CVE-2019-8028) 
*   Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-8025) 
*   Bit of STARLabs working with Trend Micro Zero Day Initiative (CVE-2019-8038, CVE-2019-8039)
*   Zhongcheng Li (CK01) of Topsec Alpha Team (CVE-2019-8060)
*   Jens Müller (CVE-2019-8237)
*   Steven Seeley (mr\_me) of Source Incite (CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252)

August 14, 2019: Added acknowledgement for CVE-2019-8016 & CVE-2019-8017.

August 22, 2019: Updated CVE id from CVE-2019-7832 to CVE-2019-8066.

September 26, 2019: Added acknowledgement for CVE-2019-8060.

October 23, 2019: Inlcuded details about CVE-2019-8237.

November 19, 2019: Included details about CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252

December 10, 2019: Inlcuded details about CVE-2019-8257.

CVE-2019-8038: Adobe Security Bulletin

The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.

CVE-2015-9320: OptionTree

An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

CVE-2019-15216

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

CVE-2019-15215

An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.

CVE-2019-15221

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

If you care about your website, you should take steps to avoid 404 errors as it affects your SEO badly. 404 ( Page not found ) errors are common and we all hate it, even Search engines do the same! Install this plugin then sit back and relax. It will take care of 404 errors!

**What is 404 to 301?**

_Handling 404 errors in your site should be easy. With this plugin, it finally is._

> **404 to 301 Log Manager – Add-on is now available!**
> 
> *   Instead of instant email alerts, get **hourly, twice daily, daily, twice weekly, weekly** alerts.
> *   Limit the amount of emails sent out based on error logs count.
> *   **PDF file** attachment of error logs will be delivered through the email.
> *   **Automatically clear** old error logs based on time period.
> *   Get email alerts to multiple email recipients.
> 
> Get this add-on now | See Docs

404 to 301 is a simple but amazing plugin which handles all 404 errors for you. It will redirect all 404 errors to any page that you set, using 301 (or any other) status. That means no more 404 errors! Even in Google webmaster tool you are safe!  
You will not see any 404 error reports in your webmaster tool dashboard.

> **404 to 301 – Features**
> 
> *   You can redirect errors to any existing page or custom link (globally).
> *   **You can set custom redirect for each 404 path!**
> *   No more 404 errors in your website. Seriously!
> *   **Translation ready!**
> *   You can optionally monitor/log all errors.
> *   Exclude paths from errors.
> *   You can optionally enable email notification on all 404 errors.
> *   You can choose which redirect method to be used (301,302,307).
> *   Will not irritate your visitors if they land on a non-existing page/url.
> *   Increase your SEO by telling Google that all 404 pages are moved to some other page.
> *   Completely free to use with lifetime updates.
> *   Developer friendly.
> *   Follows best WordPress coding standards.
> *   Of course, available in GitHub
> 
> Installation | Docs | Screenshots

**Bug Reports**

Bug reports for 404 to 301 are always welcome. Report here.

**More information**

*   404 to 301 – Plugin Homepage, containing more details and docs.
*   Follow the developer @Twitter
*   Other WordPress plugins by Joel James for Duck Dev

**404 Errors and Redirect – More Details**

If you are confused with these terms 404,301, redirect etc, refer this page to know more about the redirect and SEO.

**Bug Reports**

Bug reports for 404 to 301 are always welcome. Report here.

**Installing the plugin – Simple**

1.  In your WordPress admin panel, go to _Plugins > New Plugin_, search for **404 to 301** and click “_Install now_“
2.  Alternatively, download the plugin and upload the contents of `404-to-301.zip` to your plugins directory, which usually is `/wp-content/plugins/`.
3.  Activate the plugin
4.  Go to 404 to 301 tab on your admin menus.
5.  Configure the plugin options with available settings.

**Need more help?**

Please take a look at the plugin documentation or open a support request.

**Missing something?**

If you would like to have an additional feature for this plugin, let me know

**What is the use of 404 to 301?**

It will increase your SEO by redirecting all 404 errors using SEO redirects.

**Can I monitor 404 errors?**

Yes. You can. If you enable logs from settings, it will list all the errors.

**How can I clear logs?**

Select ‘clear logs’ from bulk actions and submit. It will delete all log data from your db.

**Can I get email notifications?**

Yes. You can enable email notifications on each 404 errors (optional).

**Can I set custom redirects for each errors?**

Yes. You can set that from error logs table.

**I need more details**

Please take a look at the plugin documentation or open a support request.

![](https://secure.gravatar.com/avatar/246378b8fd892943ec989dc061ca96bf?s=60&d=retro&r=g)

Since installing this plugin several years ago I have not had to worry about deleting, renaming, or moving pages. It works seamlessly in the background.

![](https://secure.gravatar.com/avatar/4eb6e0988cc21fc3d47902c3e68139b8?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/71993e0df65c4077f1d4a63f3963850b?s=60&d=retro&r=g)

The redirection worked quite well for a while. But the log table ran full over time, because I nearly forgot about this plugin while working on other construction sites. When I recognized the full log and clicked the clean up button of "404 to 301", the whole server went down immediately! I had to call web hoster to reboot the server. They told me this script made Wordpress open too many mySQL connections, that way used up all RAM, and caused heavy load on HDDs. Bad architecture I guess. First, it shouldn't run endless logging, but terminate itself after a default time. And second, it should clean up the mess in small steps. I must admit that I can't tell, if this issue is legacy and if there's a new version handling things more gracious. But from what I've seen on the screenshots, there don't seem to have been many essential improvements over the last years.

![](https://secure.gravatar.com/avatar/7a34a598493fb9163e980985edb9bf6a?s=60&d=retro&r=g)

This plugin is very nice for me. I like the option that I could redirect the error 404 to a personal page, it is very useful for me.

![](https://secure.gravatar.com/avatar/d76314ab38ad06c239316e72e50543a5?s=60&d=retro&r=g)

This plug-in does a great job for us, we use an other plugin that is restricting the access of our pages, when an access to one of our pages is done the oter plugin generate a 404 error, at this time this plugin enter in action and redirect the user to the login page! Simple!

![](https://secure.gravatar.com/avatar/b24ec3d63fa67ab3df8221d25773e9fb?s=60&d=retro&r=g)

Really worth getting this plugin, made my life a lot easier

Read all 252 reviews

“404 to 301 – Redirect, Log and Notify 404 Errors” is open source software. The following people have contributed to this plugin.

Contributors

**3.1.1 (15/11/2021)**

**👌 Improvements**

*   Security checks and improvements.

**3.1.0 (18/10/2021)**

**👌 Improvements**

*   Tested with WP 5.8.
*   Added sanitization.

**3.0.9 (06/10/2021)**

**👌 Improvements**

*   Added nonce verification for bulk actions.

**3.0.8 (12/06/2021)**

**👌 Improvements**

*   Tested with WP 5.7.
*   Add capability checks for ajax actions – Thanks Jerome.
*   Improve query preparations – Thanks Jerome.

**3.0.7 (28/01/2021)**

**🐛 Bug Fixes**

*   Activation hook was not being executed.
*   Table creation failed in new installations.

**3.0.6 (18/12/2020)**

**👌 Improvements**

*   Tested with WP 5.6.
*   Small improvements.
*   Temporarily disabled Freemius SDK.

**3.0.5 (02/07/2019)**

**👌 Improvements**

*   Updated Freemius SDK.
*   Tested with WP 5.2.

**3.0.4 (16/03/2019)**

**📦 New**

*   Added option to disable URL guessing.
*   Added review notice.

**3.0.3 (15/03/2019)**

**🐛 Bug Fixes**

*   Opt-in is disabled temporarily to debug the issues.

**3.0.2 (26/02/2019)**

**🐛 Bug Fixes**

*   Security fix.

**👌 Improvements**

*   Minor performance improvements.

**3.0.1 (24/08/2018)**

**👌 Improvements**

*   Make release automated.

**🐛 Bug Fixes**

*   Do not include exclude path items.

**3.0.0.1 (25/06/2018)**

**Bug Fixes**

*   Using template\_redirect hook for redirect instead of wp hook.
*   Fixed an issue with do\_action in Freemius SDK.

**3.0.0 (20/06/2018)**

**New Features**

*   Individual optional settings for each error log item (Individual redirec, log, email alert can be set).
*   Clear error logs without removing custom redirects.
*   Added error logs grouping with count.
*   WPML compatible.
*   Integrated Freemius for addon, support and analytics (optional).

**Improvements**

*   Complete code revamp. More improved structure.
*   Set custom options from previous logs if same item exists.
*   Made 3rd party integration easier.

**2.3.3 (31/08/2016)**

**Bug Fixes**

*   Using esc\_url() for Ref and Url fields.
*   Fixed Cross Site Scripting vulnerability in “From” column – Thanks to Plugin Vulnerabilities.

**2.3.1 (27/08/2016)**

**Bug Fixes**

*   Fixed Cross Site Scripting vulnerability – Thanks to Summer of Pwnage & Louis Dion-Marcil.
*   Fixed sorting issue in error log (Changed default order to Date Descending order).
*   Fixed issues when trailing slash found at the end of custom redirect.

**Improvements**

*   Tested with WordPress 4.6.

**2.3.0 (17/08/2016)**

**Bug Fixes**

*   Removed unused UAN button from help page.
*   Completely safe to use.
*   Tracking completely removed from the plugin since it was detected as spam. Read more here.

**2.2.9 (16/08/2016)**

**Bug Fixes**

*   Serious issue fixed – Usage tracking script was being detected as spam.
*   Removed tracking completely.

**2.2.8 (12/07/2016)**

**Bug Fixes**

*   Fixed a minor bug on TOC button.

**2.2.7 (07/07/2016)**

**Bug Fixes**

*   Fixed issue with PHP 5.4 – Empty error log data.

**Improvements**

*   Improved condition checking.
*   Speed improvements.
*   Made error log link to new tab.

**2.2.6 (30/06/2016)**

**Bug Fixes**

*   Fixed issue – Undefined index when accessed directly.

**Improvements**

*   Improved condition checking.

**2.2.5 (05/06/2016)**

**Bug Fixes**

*   Fixed issue – Front end was slow.

**2.2.4 (02/06/2016)**

**Bug Fixes**

*   Fixed custom redirect issue.
*   Fixed issues when activating.

**2.2.2 (01/06/2016)**

**New Feature**

*   Now you can set **custom redirects** for reach error path.
*   Goto error logs list and set custom redirect.
*   Fixed issues with BuddyPress.

**Improvements**

*   Improved code.

**2.1.7 (20/04/2016)**

**New Add-on**

*   New Log Manager add-on available now.
*   Get periodic email alerts instead of instant email alerts for every errors (add-on).
*   Automatically clear error logs (add-on).

**Improvements**

*   Removed inactive filter – i4t3\_before\_404\_redirect

**2.1.6 (06/04/2016)**

**Improvements**

*   Fixed broken plugin website links.
*   Tested with WordPress 4.5.

**2.1.5 (22/03/2016)**

**Improvements**

*   Fixed issues with deprecated functions – Thanks to Pedro Mendonça.
*   Translated missing strings.
*   Tested with WordPress 4.4.2.

**2.1.4 (22/01/2016)**

**Bug Fixes**

*   Fixed issues when clearing logs (header already sent..).
*   Tested with WordPress 4.4.1.

**2.1.3 (20/12/2015)**

**Bug Fixes**

*   Fixed issues with older version of WordPress.
*   Fixed issues with older version of PHP.

**2.1.0 (20/12/2015)**

**New Feature**

*   New option to set items per page from error log listing page.
*   New option to show or hide items from listing table (Screen option).

**Improvements**

*   Improved error listing page table structure.

**Bug Fixes**

*   Fixed issue – Null value issue when no Referrer or User Agent found.
*   Fixed issue – Clearing errors and redirecting.

**2.0.9 (2/11/2015)**

**Bug Fixes**

*   Fixed issue – Empty needle issue after 2.0.8 update.

**2.0.8 (28/10/2015)**

**New Feature**

*   New option to exclude paths from error logs and redirect.

**Bug Fixes**

*   Fixed issue – Email notifications are being sent even after disabling it.
*   Fixed issue – Settings reset after reactivation of plugin.

**2.0.7 (25/09/2015)**

**New Feature**

*   New option to change error notification email address.
*   Now **100% Translation ready**.

**Improvements**

*   Minor code improvements.

**2.0.6 (13/09/2015)**

**Improvements**

*   Introduced new website for the plugin.
*   Fixed few dead link issues

**2.0.5 (03/09/2015)**

**Improvements**

*   Added option to avoid search engine crawlers/bots from logging errors.

**Bug Fixes**

*   Fixed error log per page issue.

**2.0.4 (26/08/2015)**

**Bug Fixes**

*   Fixed an issue where error log table is not being created.

**2.0.3 (21/08/2015)**

**Bug Fixes**

*   Fixed a serious issue which may cause SQL injection attack.

**2.0.2 (16/08/2015)**

**Bug Fixes**

*   Fixed an issue with https redirect.
*   Fixed an issue with url preg\_match.

**2.0.1 (29/07/2015)**

**New Feature**

*   Now you can log/monitor all 404 errors (optional).
*   You can get email notifications on 404 errors (optional).
*   You can select existing pages from dropdown to set as redirect page.
*   New plugin home page.

**Improvements**

*   Upgraded to WordPress plugin coding standard.
*   Documented all functions.

**1.0.8**

*   Very minor bug fix
*   Tested for WP 4.2

**1.0.7**

*   Fixed options saving issue in admin page.
*   Improved performance.

**1.0.6**

*   Tested with latest version.
*   Improved structure.

**1.0.5**

*   Bug fix.
*   Fixed permission issue on redirect link on plugin activation.

**1.0.4**

*   Bug fix.
*   Fixed permission issue on activating along with some security plugins like WordFence.

**1.0.3**

*   Added official support forum.

**1.0.1**

*   Added official website details.

**1.0.0**

*   Added first version with basic options.

CVE-2015-9323: 404 to 301 – Redirect, Log and Notify 404 Errors

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

CVE-2019-15046: ServiceDesk Plus readme | Service desk release notes | ServiceDesk Plus latest version read me notes | IT service management release notes | Service desk current version

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.

CVE-2016-10867: All-In-One Security (AIOS) – Security and Firewall

The events-manager plugin before 5.6 for WordPress has code injection.

Tag

#google