cleantalk
Vulnerabilities and Security Researches

WP 404 Auto Redirect to Similar Post, CVE-2025-12037

CVE, Research URL

CVE-2025-12037

Home page URL

Security reports for WP 404 Auto Redirect to Similar Post

Application

WP 404 Auto Redirect to Similar Post

Published on
Feb 18, 2026
Research Description
The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 1.0.6.
Status
vulnerable
Previous vulnerability researches
Coming Soon Page & Maintenance Mode (CVE-2019-25139) , Jun 10, 2024
Coming Soon Page & Maintenance Mode (fd9c668cc0f17388cd919046a5f290722fd40062) , Jun 11, 2024
Coming Soon Page & Maintenance Mode (CVE-2019-25140) , Jun 10, 2024
Coming Soon Page & Maintenance Mode (CVE-2024-1136) , Jun 10, 2024
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5664) , Jun 07, 2024
New vulnerability
Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin (CVE-2025-69328) , Feb 27, 2026
Widget Logic Visual (CVE-2025-68842) , Feb 27, 2026
OneClick Chat to Order (CVE-2025-14270) , Feb 27, 2026
OAuth Single Sign On – SSO (OAuth Client) (CVE-2025-10753) , Feb 27, 2026
ElementInvader Addons for Elementor (CVE-2026-25028) , Feb 27, 2026