CVE-2026-49067
9.3 CRITICALUnauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 9.3 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
- CWE
- CWE-89
Description
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-52700 — Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions (8.5 HIGH)
- CVE-2026-52697 — Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions (8.5 HIGH)
- CVE-2026-52693 — Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions (9.3 CRITICAL)
- CVE-2026-49776 — Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 vers... (9.3 CRITICAL)
- CVE-2026-48964 — Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions (8.5 HIGH)