CVE-2016-20071 | The 404 Redirection Manager plugin version 1.0 for WordPress… | CVSS 8.2 HIGH

Description

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.

Metadata

CVE ID: CVE-2016-20071
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-15 11:37 UTC
Published: 2026-06-15 12:00 UTC
Last updated: 2026-06-15 14:51 UTC
Primary CWE: CWE-89
Improper Neutralization of Special Elements used in an SQL C…
Vendor / Product: 404-redirection-manager / 404 Redirection Manager
Sources: cve.org · NVD

Severity & Metrics

8.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
404-redirection-manager	404 Redirection Manager	—	1.0

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
8.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References (3)

ExploitDB-40941 https://www.exploit-db.com/exploits/40941
Product Reference https://wordpress.org/plugins/404-redirection-manager/
VulnCheck Advisory: WordPress 404 Redirection Manager Plugin 1.0 SQL Injection https://www.vulncheck.com/advisories/wordpress-404-redirection-manager-plugin-sql-injection