Does IndexNow Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in IndexNow Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IndexNow Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, IndexNow Plugin 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is IndexNow Plugin compatible with PHP 5.6.20+?

IndexNow Plugin requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is IndexNow Plugin updated?

IndexNow Plugin was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is IndexNow Plugin's security score?

IndexNow Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IndexNow Plugin Security & Risk Analysis

wordpress.org/plugins/indexnow

IndexNow Plugin for WordPress enables site owners to instantly and automatically submit their new/updated pages to supporting search engines.

100K active installs v1.0.3 PHP 5.6.20+ WP 5.3+ Updated Feb 3, 2026

crawlingseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is IndexNow Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

IndexNow Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The IndexNow plugin v1.0.3 demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and the fact that all code signals for dangerous functions, file operations, and output escaping are clean are highly positive indicators. The plugin also performs well in areas like SQL query preparation, with 67% using prepared statements, and ensures 100% of outputs are properly escaped. Furthermore, the plugin makes only one external HTTP request, which is a common and often necessary function for plugins aiming to interact with external services like IndexNow.

However, there are a few areas that warrant attention. The complete lack of nonce checks across all identified entry points (though the attack surface is zero) is a significant concern. While there are no unprotected entry points currently identified, if any were to be introduced in future versions or through misconfiguration, they would lack essential CSRF protection. Similarly, the presence of only one capability check for the single external HTTP request suggests a potential for privilege escalation if the function making that request could be triggered by an unauthenticated or lower-privileged user. The absence of any taint analysis results is also notable; while it might mean no critical flows were found, it's also possible that the analysis was limited or insufficient to detect potential issues.

Overall, the plugin is in a good state, with no critical flaws or historical vulnerabilities. The strengths lie in its clean code regarding dangerous functions, SQL prepared statements, and output escaping. The primary weaknesses are the complete absence of nonce checks and the limited capability checks, which, while not exploitable in the current zero-attack-surface configuration, represent potential risks if the plugin evolves or is used in unexpected ways. The lack of taint analysis is a minor concern that could be addressed with more comprehensive testing.

Key Concerns

No nonce checks on any entry points
Limited capability checks for external requests

Vulnerabilities

None known

IndexNow Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

IndexNow Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared9 total queries

Output Escaping

100% escaped2 total outputs

Attack Surface

IndexNow Plugin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_enqueue_scriptsincludes\class-indexnow-url-submission.php:111

actionadmin_enqueue_scriptsincludes\class-indexnow-url-submission.php:112

actionadmin_initincludes\class-indexnow-url-submission.php:115

actionrest_api_initincludes\class-indexnow-url-submission.php:117

actiontemplate_redirectincludes\class-indexnow-url-submission.php:118

actionadmin_menuincludes\class-indexnow-url-submission.php:120

actiontransition_post_statusincludes\class-indexnow-url-submission.php:127

Maintenance & Trust

IndexNow Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version5.6.20

Downloads555K

Community Trust

Rating64/100

Number of ratings43

Active installs100K

Alternatives

IndexNow Plugin Alternatives

Bing URL Submissions Plugin

bing-webmaster-tools

100

Bing URL Submission Plugin for WordPress enables site owners to instantly and automatically submit their new/updated pages to the Bing index.

40K No CVEs

IndexNowForSeznamCZ Plugin

indexnow-pro-seznam-cz

IndexNowForSeznamCZ Plugin pro WordPress umožňuje majitelům webů instantně a automaticky posílat nové/upravené/smazané URL do vyhledávače Seznam.cz

90 No CVEs

Simple Search Submission for IndexNow

simple-search-submission

100

A simplified plugin for submitting crawl requests to search engines supporting IndexNow.

40 No CVEs

LLMs.txt – AI Website Content Crawling

llms-txt-ai-website-content-crawling

100

Generate a structured llms.txt file to manage AI and search engine crawling access across your WordPress site.

0 No CVEs

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 18 CVEs

Developer Profile

IndexNow Plugin Developer Profile

bingwebmastertools

2 plugins · 140K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IndexNow Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/indexnow/admin/js/indexnow-url-submission-admin.js/wp-content/plugins/indexnow/static/css/indexnow.css

Script Paths

/wp-content/plugins/indexnow/admin/js/indexnow-url-submission-admin.js/wp-content/plugins/indexnow/static/js/indexnow.js

Version Parameters

indexnow-url-submission-admin.js?ver=indexnow.js?ver=

HTML / DOM Fingerprints

HTML Comments

+11 more

Data Attributes

data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj4KPHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZlcnNpb249IjEuMSIgd2lkdGg9IjEyOHB4IiBoZWlnaHQ9IjEyOHB4IiBzdHlsZT0ic2hhcGUtcmVuZGVyaW5nOmdlb21ldHJpY1ByZWNpc2lvbjsgdGV4dC1yZW5kZXJpbmc6Z2VvbWV0cmljUHJlY2lzaW9uOyBpbWFnZS1yZW5kZXJpbmc6b3B0aW1pemVRdWFsaXR5OyBmaWxsLXJ1bGU6ZXZlbm9kZുന്ന ;

data-nonce='wp_rest'

JS Globals

window.indexnow_wpr_object

REST Endpoints

/wp-json/indexnow/v_1.0.3/

FAQ