What the vulnerability does
01Description
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Explanation of Vulnerability in Simple Terms
The Advanced 301 and 302 Redirect plugin for WordPress contains a SQL injection vulnerability in versions up to 1.6.9. An unauthenticated attacker can inject malicious SQL commands through user input, potentially reading sensitive data from the site's database. The vulnerability requires no user interaction and can be exploited remotely over the network.
What an attacker can do
Read sensitive data from the site's database, including user credentials and configuration details.
Potential impact on your site
Attackers can extract user data, passwords, and site configuration without logging in.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities