Stored Cross-Site Scripting Vulnerability in WP 404 Auto Redirect to Similar Post Plugin for WordPress
CVE-2025-12037

4.4MEDIUM

Key Information:

Vendor: WordPress
Status: WP 404 Auto Redirect To Similar Post
Vendor: CVE Published:; 18 February 2026

What is CVE-2025-12037?

The WP 404 Auto Redirect to Similar Post plugin for WordPress contains a vulnerability that allows authenticated attackers with admin-level permissions to execute arbitrary web scripts. This arises due to inadequate input sanitization and output escaping in the admin settings. The vulnerability is particularly concerning for multi-site installations or those where the 'unfiltered_html' capability is disabled, enabling potential exploitation when users access affected pages.

Affected Version(s)

WP 404 Auto Redirect to Similar Post 0 <= 1.0.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/log/wp-404-auto-redire...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2026
Vulnerability Reserved
Oct 21, 2025

Credit

Cody Sixteen

CVE-2025-12037 Data

JSON