What the vulnerability does
01Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3.
Explanation of Vulnerability in Simple Terms
02Summary
The Update URLs plugin for WordPress contains an open redirect vulnerability in versions up to 1.4.3. An attacker can craft a malicious link that redirects users to an external website when clicked. The vulnerability requires user interaction—a site visitor must click the attacker's link. While the redirect itself doesn't directly compromise the site, it can be used in phishing attacks to steal credentials or distribute malware.
What an attacker can do
03Attacker Capabilities
Redirect site visitors to a malicious external website via a crafted link.
Potential impact on your site
04Site Impact
Your site could be used to phish visitors or distribute malware if attackers craft redirect links pointing to your site.
Conditions required to exploit
05Prerequisites
No authentication required. The victim must click an attacker-supplied link.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated