CVE-2024-11094: CWE-488 Exposure of Data Element to Wrong Session in aaron13100 404 Solution
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters which may reveal sensitive information. On most sites this is unlikely to be the case.
AI Analysis
Technical Summary
CVE-2024-11094 is a medium severity vulnerability in the 404 Solution WordPress plugin (versions up to 2.35.17) that allows unauthenticated attackers to access sensitive information through the plugin's export feature. The vulnerability is categorized as CWE-488, meaning data elements are exposed to the wrong session, specifically allowing extraction of redirect data including GET parameters. This could reveal sensitive information depending on site configuration. There is no indication of integrity or availability impact. No patch or vendor advisory is currently provided.
Potential Impact
An unauthenticated attacker can extract sensitive information such as redirect URLs and GET parameters via the export feature of the vulnerable plugin. This may lead to exposure of sensitive data depending on the site's use of redirects and parameters. The impact is limited to confidentiality with no known effects on integrity or availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, consider disabling or restricting access to the export feature of the 404 Solution plugin to prevent unauthorized data extraction. Monitor official sources for updates or fixes from the vendor.
CVE-2024-11094: CWE-488 Exposure of Data Element to Wrong Session in aaron13100 404 Solution
Description
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters which may reveal sensitive information. On most sites this is unlikely to be the case.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-11094 is a medium severity vulnerability in the 404 Solution WordPress plugin (versions up to 2.35.17) that allows unauthenticated attackers to access sensitive information through the plugin's export feature. The vulnerability is categorized as CWE-488, meaning data elements are exposed to the wrong session, specifically allowing extraction of redirect data including GET parameters. This could reveal sensitive information depending on site configuration. There is no indication of integrity or availability impact. No patch or vendor advisory is currently provided.
Potential Impact
An unauthenticated attacker can extract sensitive information such as redirect URLs and GET parameters via the export feature of the vulnerable plugin. This may lead to exposure of sensitive data depending on the site's use of redirects and parameters. The impact is limited to confidentiality with no known effects on integrity or availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, consider disabling or restricting access to the export feature of the 404 Solution plugin to prevent unauthorized data extraction. Monitor official sources for updates or fixes from the vendor.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-11-11T20:06:35.663Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6e07b7ef31ef0b593d8d
Added to database: 2/25/2026, 9:47:51 PM
Last enriched: 4/9/2026, 5:55:34 AM
Last updated: 4/12/2026, 9:56:12 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.