WP-Safety

DoFollow Case by Case Security & Risk Analysis

wordpress.org/plugins/dofollow-case-by-case

DoFollow Case by Case allows you to selectively apply dofollow to comments and make links in pages or posts nofollow.

1K active installs v3.6.0 PHP + WP 4.0+ Updated Feb 1, 2026
commentcommentsdofollownofollowrel-nofollow
95
A · Safe
CVEs total4
Unpatched0
Last CVEOct 26, 2025
Plugin page Download
Safety Verdict

Is DoFollow Case by Case Safe to Use in 2026?

Generally Safe

Score 95/100

DoFollow Case by Case has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Oct 26, 2025Updated 2mo ago
Risk Assessment

The plugin 'dofollow-case-by-case' v3.6.0 demonstrates a generally strong security posture based on the static analysis. The absence of a significant attack surface, including no unprotected AJAX handlers, REST API routes, shortcodes, or cron events, is a positive indicator. Furthermore, the code shows good practices with a high percentage of SQL queries using prepared statements and a majority of output being properly escaped. The low number of taint flows and the absence of critical or high severity issues in the taint analysis also contribute to a favorable assessment.

Key Concerns

  • Vulnerability History - Medium Severity
  • Vulnerability History - Multiple Medium CVEs
  • Vulnerability History - Common Vulnerability Types
  • SQL queries without prepared statements
  • Output escaping not always proper
Vulnerabilities
4

DoFollow Case by Case Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-62102medium · 4.3Cross-Site Request Forgery (CSRF)

DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery

Oct 26, 2025 Patched in 3.6.0 (101d)
CVE-2025-47625medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DoFollow Case by Case <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 7, 2025 Patched in 3.6.0 (273d)
CVE-2025-47624medium · 4.3Cross-Site Request Forgery (CSRF)

DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery

May 7, 2025 Patched in 3.6.0 (273d)
CVE-2023-49197medium · 4.3Cross-Site Request Forgery (CSRF)

DoFollow Case by Case <= 3.4.2 Cross-Site Request Forgery via getEmail and getUrl

Sep 22, 2023 Patched in 3.5.0 (123d)
Code Analysis
Analyzed Mar 16, 2026

DoFollow Case by Case Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
29 prepared
Unescaped Output
10
43 escaped
Nonce Checks
4
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

97% prepared30 total queries

Output Escaping

81% escaped53 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
getEmail (dofollow-case-by-case.php:237)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

DoFollow Case by Case Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 13
actionadmin_initdofollow-case-by-case.php:52
actionplugins_loadeddofollow-case-by-case.php:59
filterplugin_action_linksdofollow-case-by-case.php:71
actionadmin_menudofollow-case-by-case.php:74
actionadmin_menudofollow-case-by-case.php:89
actionadmin_menudofollow-case-by-case.php:96
actionadmin_noticesdofollow-case-by-case.php:370
actionadmin_noticesdofollow-case-by-case.php:446
actionadmin_noticesdofollow-case-by-case.php:512
actionadd_meta_boxesdofollow-case-by-case.php:567
filteredit_commentdofollow-case-by-case.php:621
filterget_comment_author_linkdofollow-case-by-case.php:676
filterget_comment_textdofollow-case-by-case.php:748
Maintenance & Trust

DoFollow Case by Case Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 1, 2026
PHP min version
Downloads26K

Community Trust

Rating80/100
Number of ratings8
Active installs1K
Alternatives

DoFollow Case by Case Alternatives

Nofollow Case by Case

Nofollow Case by Case

nofollow-case-by-case

A
85

"Dofollow" but Nofollow Case by Case allows you to selectively apply nofollow to your comments as well.

200 No CVEs
SMu Manual DoFollow

SMu Manual DoFollow

manuall-dofollow

C
63

SMu DoFollow has many DoFollow Options (Manual or Automatism) and included URL Validator (Manual, WP-Cron or Cronjob).

100 1 unpatched
140follow

140follow

140follow

A
85

140follow removes NOFOLLOW from author link if the comment has more than XXX characters.

10 No CVEs
NFCBC SEO Light

NFCBC SEO Light

nfcbc-seo-light

A
85

NFCBC SEO Light - The light version of [Nofollow Case by Case](http://www.fob-marketing.de/marketing-seo-blog/wordpress-nofollow-seo-plugin-nofollow-c &hellip;

10 No CVEs
DoFollow State

DoFollow State

dofollow-state

A
85

DoFollow State let your Wordpress webblog have dofollow structure for all links including links on comments.

60 No CVEs
Developer Profile

DoFollow Case by Case Developer Profile

apasionados

28 plugins · 61K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
326 days
View full developer profile
Detection Fingerprints

How We Detect DoFollow Case by Case

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dofollow-case-by-case/css/style.css
Version Parameters
dofollow-case-by-case/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
pagination
Data Attributes
namevalue
FAQ

Frequently Asked Questions about DoFollow Case by Case