{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25392", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:07.231Z", "datePublished": "2026-02-19T08:27:02.858Z", "dateUpdated": "2026-04-28T16:14:57.539Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "update-urls", "product": "Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress", "vendor": "KaizenCoders", "versions": [{"lessThanOrEqual": "1.4.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "0xd4rk5id3 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:20:34.637Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.<p>This issue affects Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3.</p>"}], "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3."}], "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "Phishing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:57.539Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/update-urls/vulnerability/wordpress-update-urls-quick-and-easy-way-to-search-old-links-and-replace-them-with-new-links-in-wordpress-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve"}], "title": "WordPress Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T19:50:01.919921Z", "id": "CVE-2026-25392", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T01:39:25.107Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25392", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T19:50:01.919921Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T19:48:40.436Z"}}], "cna": {"title": "WordPress Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "0xd4rk5id3 | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "Phishing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "KaizenCoders", "product": "Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.3"}], "packageName": "update-urls", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:20:34.637Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/update-urls/vulnerability/wordpress-update-urls-quick-and-easy-way-to-search-old-links-and-replace-them-with-new-links-in-wordpress-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3.", "supportingMedia": [{"type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.<p>This issue affects Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:09.684Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25392", "state": "PUBLISHED", "dateUpdated": "2026-04-28T01:39:25.107Z", "dateReserved": "2026-02-02T12:53:07.231Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:27:02.858Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs \u2013 Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n de URL a sitio no confiable ('Redirecci\u00f3n abierta') en KaizenCoders Update URLs \u2013 Manera r\u00e1pida y sencilla de buscar enlaces antiguos y reemplazarlos por enlaces nuevos en WordPress update-urls permite phishing. Este problema afecta a Update URLs \u2013 Manera r\u00e1pida y sencilla de buscar enlaces antiguos y reemplazarlos por enlaces nuevos en WordPress: desde n/a hasta &lt;= 1.4.0."}], "id": "CVE-2026-25392", "lastModified": "2026-04-28T19:37:04.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-02-19T09:16:21.377", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/update-urls/vulnerability/wordpress-update-urls-quick-and-easy-way-to-search-old-links-and-replace-them-with-new-links-in-wordpress-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress", "source": "cna", "vendor": "KaizenCoders"}, "product": "update_urls_&#8211;_quick_and_easy_way_to_search_old_links_and_replace_them_with_new_links_in_wordpress", "vendor": "kaizencoders"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T22:25:44.610903+00:00", "value": {"mitigation_remediation": ["Check for an updated plugin release that addresses the redirect issue; if available, upgrade to the latest version.", "If no update is available or the plugin remains vulnerable, disable or uninstall the plugin.", "If the plugin must remain in use, modify its source code to enforce a whitelist of redirect targets or disable the redirect capability entirely.", "Deploy a Web Application Firewall rule or server\u2011side redirect validator that blocks or rewrites external redirect requests."], "summary": {"action": "Patch When Available", "impact": "Open redirect that can be leveraged for phishing and credential theft"}, "threat_synthesis": {"affected_systems": "Any WordPress site that has the KaizenCoders Update URLs plugin installed and enabled and is running version 1.4.3 or earlier is affected. The flaw resides entirely in the plugin; no specific WordPress core versions are singled out apart from the normal compatibility requirements of the plugin.", "description_and_impact": "The vulnerability is an open redirect flaw in the KaizenCoders Update URLs WordPress plugin. The plugin performs a search\u2011and\u2011replace operation on URLs, but an attacker can supply an arbitrary external address that the plugin will redirect to. Consequently, visitors can be sent to malicious sites under the guise of a legitimate link, enabling phishing attacks and other social\u2011engineering exploits. The weakness is classified as CWE\u2011601 (Open Redirect).", "risk_and_exploitability": "The CVSS score of 4.7 indicates a medium severity, while the EPSS score of less than 1% suggests a relatively low likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Remote exploitation is straightforward: an attacker can craft a URL that triggers the plugin\u2019s redirect logic, and when an end\u2011user clicks that link, they are sent to the attacker\u2011chosen destination. No local privileges or complex conditions are required, making the attack path simple and purely remote."}}}}, "created": "2026-02-20T10:08:33.469180+00:00", "updated": "2026-04-28T22:30:41.624571+00:00", "vendors": ["kaizencoders", "kaizencoders$PRODUCT$update_urls_&#8211;_quick_and_easy_way_to_search_old_links_and_replace_them_with_new_links_in_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}