PatchSiren cyber security CVE debrief
CVE-2016-20071 404-redirection-manager CVE debrief
CVE-2016-20071 is an unauthenticated SQL injection vulnerability in the 404 Redirection Manager plugin version 1.0 for WordPress. The vulnerability allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.
- Vendor
- 404-redirection-manager
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the 404 Redirection Manager plugin version 1.0 for WordPress should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability. This vulnerability is due to unsanitized user input and allows remote attackers to execute arbitrary SQL queries.
Defensive priority
HIGH
Recommended defensive actions
- Update to a patched version of the 404 Redirection Manager plugin, if available.
- Implement input validation and sanitization for user input.
- Monitor for suspicious activity and implement additional security measures to protect against SQL injection attacks.
Evidence notes
The CVE-2016-20071 vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The vulnerability was published on June 15, 2026, and has not been modified since.
Official resources
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input.