cleantalk
Vulnerabilities and Security Researches

Bulk NoIndex & NoFollow Toolkit, CVE-2024-8803

CVE, Research URL

CVE-2024-8803

Home page URL

Security reports for Bulk NoIndex & NoFollow Toolkit

Application

Bulk NoIndex & NoFollow Toolkit

Published on
Sep 26, 2024
Research Description
The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 2.16.
Status
vulnerable
Previous vulnerability researches
Bulk NoIndex & NoFollow Toolkit (CVE-2023-41688) , Jun 10, 2024
Bulk NoIndex & NoFollow Toolkit (CVE-2025-31537) , Apr 03, 2025
Bulk NoIndex & NoFollow Toolkit (CVE-2024-8803) , Sep 27, 2024
Bulk NoIndex & NoFollow Toolkit (8923d2af08e39ea9c34e21dd7390dd95e84d47ab) , Jun 06, 2024
Bulk NoIndex & NoFollow Toolkit (CVE-2024-29791) , Jun 06, 2024
New vulnerability
Glossary by WPPedia – Best Glossary plugin for WordPress (CVE-2025-4803) , May 28, 2025
Import Social Events (CVE-2025-48256) , May 28, 2025
MStore API (CVE-2025-4683) , May 28, 2025
WP Statistics , May 27, 2025
Hostinger , May 27, 2025