Index: app/controllers/settings_controller.rb
===================================================================
--- app/controllers/settings_controller.rb	(revision 11204)
+++ app/controllers/settings_controller.rb	(working copy)
@@ -52,6 +52,11 @@
 
   def plugin
     @plugin = Redmine::Plugin.find(params[:id])
+    unless @plugin.configurable?
+      render_404
+      return
+    end
+
     if request.post?
       Setting.send "plugin_#{@plugin.id}=", params[:settings]
       flash[:notice] = l(:notice_successful_update)
Index: test/functional/settings_controller_test.rb
===================================================================
--- test/functional/settings_controller_test.rb	(revision 11204)
+++ test/functional/settings_controller_test.rb	(working copy)
@@ -101,11 +101,31 @@
     assert_response 404
   end
 
+  def test_get_non_configurable_plugin_settings
+    Redmine::Plugin.register(:foo) {}
+
+    get :plugin, :id => 'foo'
+    assert_response 404
+
+    Redmine::Plugin.clear
+  end
+
   def test_post_plugin_settings
     Setting.expects(:plugin_foo=).with({'sample_setting' => 'Value'}).returns(true)
-    Redmine::Plugin.register(:foo) {}
+    Redmine::Plugin.register(:foo) do
+      settings :partial => 'not blank' # so that configurable? is true
+    end
 
     post :plugin, :id => 'foo', :settings => {'sample_setting' => 'Value'}
     assert_redirected_to '/settings/plugin/foo'
   end
+
+  def test_post_non_configurable_plugin_settings
+    Redmine::Plugin.register(:foo) {}
+
+    post :plugin, :id => 'foo', :settings => {'sample_setting' => 'Value'}
+    assert_response 404
+
+    Redmine::Plugin.clear
+  end
 end