Vulnerabilities and security researches forbulk-noindex-nofollow-toolkit-by-mad-fish bulk-noindex-nofollow-toolkit-by-mad-fish

Apr 03, 2025

CVE, Research URL: CVE-2025-31537
Home page URL: Security reports for Bulk NoIndex & NoFollow Toolkit
Application: Bulk NoIndex & NoFollow Toolkit
Date: Apr 02, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16.
Affected versions: Min -, max -.
Status: vulnerable

Sep 27, 2024

CVE, Research URL: CVE-2024-8803
Home page URL: Security reports for Bulk NoIndex & NoFollow Toolkit
Application: Bulk NoIndex & NoFollow Toolkit
Date: Sep 26, 2024
Research Description: The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-41688
Home page URL: Security reports for Bulk NoIndex & NoFollow Toolkit
Application: Bulk NoIndex & NoFollow Toolkit
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: 8923d2af08e39ea9c34e21dd7390dd95e84d47ab
Home page URL: Security reports for Bulk NoIndex & NoFollow Toolkit
Application: Bulk NoIndex & NoFollow Toolkit
Date: Sep 04, 2023
Research Description: Bulk NoIndex & NoFollow Toolkit [bulk-noindex-nofollow-toolkit-by-mad-fish] < 1.51 WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 1.42 is vulnerable to Broken Access Control No patched version is available. No reply from the vendor. Skalucy discovered and reported this Broken Access Control vulnerability in WordPress Bulk NoIndex & NoFollow Toolkit Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-29791
Home page URL: Security reports for Bulk NoIndex & NoFollow Toolkit
Application: Bulk NoIndex & NoFollow Toolkit
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-45065
Home page URL: Security reports for Bulk NoIndex & NoFollow Toolkit
Application: Bulk NoIndex & NoFollow Toolkit
Date: Oct 18, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions.
Affected versions: Min -, max -.
Status: vulnerable