WordPress Update URLs Plugin Redirects to Untrusted Sites

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.7

WordPress Update URLs Plugin Redirects to Untrusted Sites

CVE-2026-25392

Summary

A security issue in the WordPress Update URLs plugin can redirect users to untrusted websites, potentially allowing phishing attacks. This affects the plugin 'Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress' if you're using version 1.4.0 or earlier. Update the plugin to a newer version to fix this issue.

Original title

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls...

Original description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.0.

nvd CVSS3.1 4.7

Vulnerability type

CWE-601 Open Redirect

https://patchstack.com/database/Wordpress/Plugin/update-urls/vulnerability/wordp...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026