CVE-2016-20071
Description
The 404 Redirection Manager plugin for WordPress <=1.0 has an unauthenticated SQL injection flaw allowing remote attackers to extract arbitrary data from the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The 404 Redirection Manager plugin for WordPress <=1.0 has an unauthenticated SQL injection flaw allowing remote attackers to extract arbitrary data from the database.
Vulnerability
The 404 Redirection Manager plugin version 1.0 for WordPress fails to sanitize user input before using it in SQL queries, resulting in an unauthenticated SQL injection vulnerability. The vulnerable code resides in custom/lib/cf.SR_redirect_manager.class.php at line 356. Any version of the plugin up to and including 1.0 is affected [1][2].
Exploitation
An attacker with network access to the WordPress site can exploit this vulnerability by crafting a specially crafted HTTP GET request containing SQL injection payloads. No authentication or prior access is required. The proof-of-concept provided in the exploit database demonstrates a time-based blind SQL injection technique using a SLEEP() function to infer database information [2].
Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary SQL queries against the WordPress database. This can lead to the extraction of sensitive data such as user credentials, post content, and configuration details, potentially resulting in full compromise of the WordPress instance [1].
Mitigation
As of the publication date, no patched version of the 404 Redirection Manager plugin has been released. The plugin is no longer maintained, and affected versions include 1.0 (and possibly earlier releases). The recommended mitigation is to deactivate and remove the plugin from the WordPress installation [1].
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization in the 404 Redirection Manager plugin allows SQL injection through unsanitized user input."
Attack vector
An unauthenticated remote attacker sends a crafted GET request containing SQL injection payloads in the URL path to the WordPress instance running the 404 Redirection Manager plugin v1.0 [ref_id=1]. The plugin fails to sanitize user input before using it in database queries, allowing the attacker to manipulate those queries [ref_id=1]. The PoC demonstrates a time-based blind SQL injection using `SLEEP()` to extract information from the WordPress database [ref_id=1].
Affected code
The vulnerable page is `custom/lib/cf.SR_redirect_manager.class.php` on line 356 [ref_id=1]. The plugin does not properly sanitize user input, leading to an unauthenticated SQL injection vulnerability [ref_id=1].
What the fix does
The advisory does not include a patch diff. To remediate the vulnerability, user-supplied input must be properly sanitized or parameterized before being used in SQL queries, preventing malicious SQL code from being executed [ref_id=1].
Preconditions
- configThe WordPress site must have the 404 Redirection Manager plugin version 1.0 installed and active
- authNo authentication is required; the attacker can be unauthenticated
- networkThe attacker must be able to send HTTP GET requests to the WordPress instance
- inputThe attacker crafts a URL path containing SQL injection payloads
Generated on Jun 15, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.