CVE-2026-49067

CRITICAL

WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

Title source: cna

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.

Core 1

Core References

Vdb Entry vdb-entry

CVSS v3 9.3

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CWE

CWE-89

Status published

Products (1)

yydevelopment/Advanced 301 and 302 Redirect < 1.6.9

Published Jun 15, 2026

Tracked Since Jun 16, 2026