MEDIUM
surflabtech
CVE published 2026-07-11
CVE-2026-3552
The SurfLink - Ultimate Link Manager plugin for WordPress has a vulnerability that allows authenticated attackers with Subscriber-level access and above to import arbitrary URLs into the 410 Gone database table. This is due to a missing capability check and nonce verification in the ajax_import_410() function. The vulnerability allows attackers to import arbitrary URLs, which can cause the site to return [truncated]