CVE-2026-25392

Name of the Vulnerable Software and Affected Versions KaizenCoders Update URLs versions through 1.4.0

Description The Update URLs plugin for WordPress contains a flaw that allows for redirection to untrusted sites, potentially enabling phishing attacks. The issue resides in the way the plugin handles URLs, allowing malicious actors to manipulate them. The vulnerable component is Update URLs – Quick and Easy way to search old links and replace them with new links.

Recommendations Update to a version newer than 1.4.0.