CVE-2016-20071
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input.
Risk Assessment
Attackers can manipulate database queries and extract sensitive information from the WordPress database, posing a serious threat to the organization's data security.
Recommendation
It is recommended to update the 404 Redirection Manager plugin to the latest version to mitigate this vulnerability and implement additional security measures such as input validation.
Original NVD description (English source)
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.

