PT-2026-20725 · WordPress+1 · Update Urls+1
0Xd4Rk5Id
·
Published
2026-02-19
·
Updated
2026-02-19
·
CVE-2026-25392
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
KaizenCoders Update URLs versions through 1.4.0
Description
The Update URLs plugin for WordPress contains a flaw that allows for redirection to untrusted sites, potentially enabling phishing attacks. The issue resides in the way the plugin handles URLs, allowing malicious actors to manipulate them. The vulnerable component is Update URLs – Quick and Easy way to search old links and replace them with new links.
Recommendations
Update to a version newer than 1.4.0.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaizencoders Update Urls
Update Urls