CVE-2026-25392 PUBLISHED

WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability

Assigner: Patchstack
Reserved: 02.02.2026 Published: 19.02.2026 Updated: 19.02.2026

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.0.

Product Status

Vendor	KaizenCoders
Product	Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress
Versions	Default: unaffected affected from n/a to <= 1.4.0 (incl.)

Credits

0xd4rk5id3 | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/update-urls/vulnerability/wordpress-update-urls-quick-and-easy-way-to-search-old-links-and-replace-them-with-new-links-in-wordpress-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve

Problem Types

URL Redirection to Untrusted Site ('Open Redirect') CWE

Impacts

Phishing