Open Redirect Vulnerability in Update URLs Plugin for WordPress
CVE-2026-25392

Currently unrated

Key Information:

Vendor

WordPress
Status
Update Urls – Quick And Easy Way To Search Old Links And Replace Them With New Links In WordPress
Vendor
CVE Published:
19 February 2026

What is CVE-2026-25392?

The Update URLs plugin for WordPress is susceptible to an Open Redirect vulnerability, enabling attackers to redirect users to untrusted sites. This issue affects all versions up to 1.4.0 and poses a significant risk by allowing phishing attempts through manipulated URLs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/update-u...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program
JSON
.