CVE Catalog

CVE-2016-20071

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input.

Risk Assessment

Attackers can manipulate database queries and extract sensitive information from the WordPress database, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update the 404 Redirection Manager plugin to the latest version to mitigate this vulnerability and implement additional security measures such as input validation.

Original NVD description (English source)

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS