PatchSiren

surflabtech CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM surflabtech CVE published 2026-07-11

CVE-2026-3552

The SurfLink - Ultimate Link Manager plugin for WordPress has a vulnerability that allows authenticated attackers with Subscriber-level access and above to import arbitrary URLs into the 410 Gone database table. This is due to a missing capability check and nonce verification in the ajax_import_410() function. The vulnerability allows attackers to import arbitrary URLs, which can cause the site to return [truncated]