PatchSiren cyber security CVE debrief
CVE-2026-49067 yydevelopment CVE debrief
CVE-2026-49067 is a critical vulnerability in the Advanced 301 and 302 Redirect plugin for WordPress, with a CVSS score of 9.3. The vulnerability allows unauthenticated SQL injection and affects versions up to 1.6.9. The CVE was published on 2026-06-15T21:17:19.530Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- yydevelopment
- Product
- Advanced 301 and 302 Redirect
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Advanced 301 and 302 Redirect plugin for WordPress should be aware of this critical vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection weakness in the Advanced 301 and 302 Redirect plugin. This allows attackers to inject malicious SQL code, potentially leading to data breaches and other security issues.
Defensive priority
High
Recommended defensive actions
- Update the Advanced 301 and 302 Redirect plugin to a version that is not vulnerable.
- Use a Web Application Firewall (WAF) to detect and prevent SQL injection attacks.
Evidence notes
The CVE was reported by Patchstack and is listed in the National Vulnerability Database (NVD).
Official resources
-
CVE-2026-49067 CVE record
CVE.org
-
CVE-2026-49067 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49067 was disclosed on 2026-06-15T21:17:19.530Z.