The 404 to 301 – Redirect, Log and Notify 404 Errors plugin for WordPress is vulnerable to a type of cyber attack known as Reflected Cross-Site Scripting. This means that attackers can inject malicious code into web pages which will be executed if they can trick a user into clicking on a link. This vulnerability exists in all versions of the plugin up to and including 3.1.1 and can only be exploited if the plugin has been installed for at least a week and the review notice has not been dismissed.