[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6unAh-mwz0jmrLXOiNMFDs58K8WCGiSxNQ6nbMhlUC8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":69,"analysis":160,"fingerprints":281},"ultimate-noindex-nofollow-tool-ii","Ultimate Noindex Nofollow Tool II","1.3.6","texttheater","https:\u002F\u002Fprofiles.wordpress.org\u002Ftexttheater\u002F","\u003Cp>Improves your blog’s search engine optimization by “noindexing” pages you choose.\u003C\u002Fp>\n\u003Cp>Add the \u003Ccode>noindex\u003C\u002Fcode> robots meta tag to archives, categories, search pages, tags, author pages, login, admin pages or any other page you choose.\u003C\u002Fp>\n\u003Cp>Add the \u003Ccode>rel=\"nofollow\"\u003C\u002Fcode> attribute to individual pages listed by the \u003Ccode>wp_list_pages\u003C\u002Fcode> function or the Pages widget. Also, add the \u003Ccode>rel=\"nofollow\"\u003C\u002Fcode> attribute to archive links, category links, registration and login links.\u003C\u002Fp>\n\u003Cp>Written by Jon Kemp, currently maintained by Kilian Evang.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>After installation, the settings page for this plugin can be found in your WordPress administration interface under Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Ultimate noindex.\u003C\u002Fp>\n","Improves your blog's search engine optimization by \"noindexing\" pages you choose. Now also for page-based (as opposed to date-based) archives.",3000,59569,62,8,"2024-02-20T16:20:00.000Z","6.4.8","2.6.5","",[20,21,22,23,24],"archive","archives","google","nofollow","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-noindex-nofollow-tool-ii.zip",84,2,0,"2024-03-25 00:00:00","2026-03-15T15:16:48.613Z",[32,47],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-1663","ultimate-noindex-nofollow-tool-ii-authenticated-admin-stored-cross-site-scripting","Ultimate Noindex Nofollow Tool II \u003C= 1.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting","The Ultimate Noindex Nofollow Tool II plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.3.5","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-29 18:50:11",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffaaa7b98-d762-4e5e-9178-a419de2629c6?source=api-prod",431,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2023-30474","ultimate-noindex-nofollow-tool-ii-cross-site-request-forgery","Ultimate Noindex Nofollow Tool II \u003C= 1.3.3 - Cross-Site Request Forgery","The Ultimate Noindex Nofollow Tool II plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the unn_admin function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C1.3.4","1.3.4",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-04-13 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7761fe7c-e7f5-4bab-8820-42e6fcabcb2f?source=api-prod",285,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":64,"avg_security_score":65,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},3,3920,85,358,69,"2026-04-04T03:58:11.566Z",[70,85,105,124,143],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":28,"num_ratings":28,"last_updated":80,"tested_up_to":81,"requires_at_least":17,"requires_php":18,"tags":82,"homepage":83,"download_link":84,"security_score":65,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"archive-links-nofollow","Nofollow Archives","1.0","Gombos Robert","https:\u002F\u002Fprofiles.wordpress.org\u002Fdinvla\u002F","\u003Cp>Adds the “nofollow” rel attribute to archive links.\u003C\u002Fp>\n","Adds the \"nofollow\" rel attribute to archive links.",10,1953,"2010-03-25T08:43:00.000Z","3.0.5",[20,21,22,23,24],"http:\u002F\u002Fwww.web-articles.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farchive-links-nofollow.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":94,"num_ratings":27,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":103,"download_link":104,"security_score":94,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"noindex-seo","noindex SEO","2.0.0","Javier Casares","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaviercasares\u002F","\u003Cp>Fine-grained control over how search engines index and display your WordPress content. Apply 5 independent robots directives to 25 different page contexts with flexible implementation methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>5 Robots Directives:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>noindex\u003C\u002Fstrong>: Prevent search engines from indexing the page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>nofollow\u003C\u002Fstrong>: Prevent search engines from following links on the page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>noarchive\u003C\u002Fstrong>: Prevent search engines from showing cached versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>nosnippet\u003C\u002Fstrong>: Prevent search engines from showing text snippets in results\u003C\u002Fli>\n\u003Cli>\u003Cstrong>noimageindex\u003C\u002Fstrong>: Prevent search engines from indexing images on the page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Implementation Methods:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>HTML Meta Tags: Traditional method, easy to verify in page source (default)\u003C\u002Fli>\n\u003Cli>HTTP Headers: More robust, works with all content types including PDFs and images\u003C\u002Fli>\n\u003Cli>Both: Maximum compatibility for all scenarios\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Control Levels:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Global Settings: Apply directives to 25 different page contexts (posts, pages, archives, etc.)\u003C\u002Fli>\n\u003Cli>Granular Control (Optional): Override global settings for individual posts, pages, and custom post types via meta boxes in the editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocking indexing of attachment pages while allowing link following\u003C\u002Fli>\n\u003Cli>Preventing duplicate content issues with flexible directive combinations\u003C\u002Fli>\n\u003Cli>Controlling archive page indexing with granular control\u003C\u002Fli>\n\u003Cli>Managing pagination SEO with independent settings\u003C\u002Fli>\n\u003Cli>Protecting private content from search engine caching\u003C\u002Fli>\n\u003Cli>Preventing snippet display while still indexing content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Main pages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Front Page: Block the indexing of the site’s front page.\u003C\u002Fli>\n\u003Cli>Home: Block the indexing of the site’s home page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Pages and Posts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page: Block the indexing of the site’s pages.\u003C\u002Fli>\n\u003Cli>Privacy Policy: Block the indexing of the site’s privacy policy page.\u003C\u002Fli>\n\u003Cli>Single: Block the indexing of a post on the site.\u003C\u002Fli>\n\u003Cli>Singular: Block the indexing of a post or a page of the site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Taxonomies\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Category: Block the indexing of the site categories. The lists where the posts appear.\u003C\u002Fli>\n\u003Cli>Tag: Block the indexing of the site’s tags. The lists where the posts appear.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Dates\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date: Block the indexing when any date-based archive page (i.e. a monthly, yearly, daily or time-based archive) of the site. The lists where the posts appear.\u003C\u002Fli>\n\u003Cli>Day: Block the indexing when a daily archive of the site. The lists where the posts appear.\u003C\u002Fli>\n\u003Cli>Month: Block the indexing when a monthly archive of the site. The lists where the posts appear.\u003C\u002Fli>\n\u003Cli>Time: Block the indexing when an hourly, “minutely”, or “secondly” archive of the site. The lists where the posts appear.\u003C\u002Fli>\n\u003Cli>Year: Block the indexing when a yearly archive of the site. The lists where the posts appear.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Archives\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Archive: Block the indexing of any type of Archive page. Category, Tag, Author and Date based pages are all types of Archives. The lists where the posts appear.\u003C\u002Fli>\n\u003Cli>Author: Block the indexing of the author’s page, where the author’s publications appear.\u003C\u002Fli>\n\u003Cli>Post Type Archive: Block the indexing of any post type page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Pagination\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pagination: Block the indexing of the pagination, i.e. all pages other than the main page of an archive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Search\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search: Block the indexing of the internal search result pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Attachments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Attachment: Block the indexing of an attachment document to a post or page. An attachment is an image or other file uploaded through the post editor’s upload utility. Attachments can be displayed on their own “page” or template. This will not cause the indexing of the image or file to be blocked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Previews\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize Preview: Block the indexing when a content is being displayed in customize mode.\u003C\u002Fli>\n\u003Cli>Preview: Block the indexing when a single post is being displayed in draft mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Error Page\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Error 404: This will cause an error page to be blocked from being indexed. As it is an error page, it should not be indexed per se, but just in case.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important note: if you have any doubt about any of the following items it is best not to activate the option as you could lose results in the search engines.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress: 6.6 – 6.9\u003C\u002Fli>\n\u003Cli>PHP: 7.2 – 8.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin adheres to the following security measures and review protocols for each version:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002F\" rel=\"nofollow ugc\">WordPress Plugin Handbook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fplugin-security\u002F\" rel=\"nofollow ugc\">WordPress Plugin Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fapis\u002Fsecurity\u002F\" rel=\"nofollow ugc\">WordPress APIs Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress-Coding-Standards\" rel=\"nofollow ugc\">WordPress Coding Standards\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-check\u002F\" rel=\"ugc\">Plugin Check (PCP)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin does not collect any information about your site, your identity, the plugins, themes or content the site has.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Vulnerabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No vulnerabilities have been published up to version 2.0.0.\u003C\u002Fli>\n\u003Cli>Version 2.0.0 includes proactive security hardening based on comprehensive security audit (see docs\u002FSECURITY-2026-01-20.md).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Found a security vulnerability? Please report it to us privately at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaviercasares\u002Fnoindex-seo\u002Fsecurity\u002Fadvisories\u002Fnew\" rel=\"nofollow ugc\">noindex SEO GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Control search engine indexing with robots directives using HTML meta tags or HTTP headers.",45718,100,"2026-01-20T14:42:00.000Z","6.9.4","6.6","7.2",[100,23,101,102,24],"noarchive","noindex","robots","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnoindex-seo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnoindex-seo.2.0.0.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":18,"tags":120,"homepage":122,"download_link":123,"security_score":65,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"easy-noindex-and-nofollow","Easy Noindex And Nofollow","1.2","Ivan Kristianto","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankristianto\u002F","\u003Cp>Easily add Noindex and Nofollow to post, page, search and category page.\u003C\u002Fp>\n\u003Cp>See my article \u003Ca href=\"http:\u002F\u002Fgoo.gl\u002F500FU\" rel=\"nofollow ugc\">Easy Noindex and Nofollow WordPress Plugin\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Cp>Full list of features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add nofollow and noindex in post, page, search and category page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Other interesting stuff:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check out the my other WordPress plugins or web development \u003Ca href=\"http:\u002F\u002Fgoo.gl\u002FOHQNc\" rel=\"nofollow ugc\">My Portfolio\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Want to optimize your WordPress blog? Check out the \u003Ca href=\"http:\u002F\u002Fgoo.gl\u002FQedtH\" rel=\"nofollow ugc\">WordPress Optimization Article\u003C\u002Fa> Guide!\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add Noindex and Nofollow to post, page, search and category page.",400,24293,80,1,"2011-05-03T19:45:00.000Z","3.1.4","2.8",[121,23,101,24],"google-panda","http:\u002F\u002Fwww.ivankristianto.com\u002Fweb-development\u002Fprogramming\u002Feasy-noindex-and-nofollow-wordpress-plugin\u002F1797\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-noindex-and-nofollow.1.2.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":94,"num_ratings":63,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":94,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"ugc-comments","UGC Comments","1.00","Flector","https:\u002F\u002Fprofiles.wordpress.org\u002Fflector\u002F","\u003Cp>The plugin allows you to manage the values of the “rel” attribute in comment links. You can enable or disable the \"\u003Cstrong>ugc\u003C\u002Fstrong>\" and \"\u003Cstrong>nofollow\u003C\u002Fstrong>\" values for all links in comments (separately for the comment author’s links and separately for links within the comment).\u003C\u002Fp>\n\u003Cp>Help from Google:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>rel=\"ugc\"\u003C\u002Fstrong>: UGC stands for User Generated Content, and the ugc attribute value is recommended for links within user generated content, such as comments and forum posts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>rel=\"nofollow\"\u003C\u002Fstrong>: Use this attribute for cases where you want to link to a page but don’t want to imply any type of endorsement, including passing along ranking credit to another page.\u003C\u002Fp>\n\u003Cp>You can read more in the Google \u003Ca href=\"https:\u002F\u002Fwebmasters.googleblog.com\u002F2019\u002F09\u002Fevolving-nofollow-new-ways-to-identify.html\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin’s additional features include the ability to hide comment links from Yandex (by inverting them with \u003C!––noindex––>\u003C!––\u002Fnoindex––> tags).\u003C\u002Fp>\n\u003Cp>If you liked my plugin, please \u003Cstrong>rate\u003C\u002Fstrong> it.\u003C\u002Fp>\n","The plugin allows you to manage the values of the \"rel\" attribute in comment links (\"ugc\", \"nofollow\").",300,3880,"2025-05-19T09:41:00.000Z","6.8.5","4.9","5.3",[22,23,139,24,140],"rel","ugc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fugc-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fugc-comments.zip",{"slug":144,"name":145,"version":108,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":150,"num_ratings":116,"last_updated":152,"tested_up_to":153,"requires_at_least":154,"requires_php":18,"tags":155,"homepage":158,"download_link":159,"security_score":65,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-nofollow-more-links","WP Nofollow More Links","Marvie Pons","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarviepons\u002F","\u003Cp>Adds the “nofollow” rel attribute to the read more links. No complicated setup. Just activate and everything will work automatically!\u003C\u002Fp>\n\u003Cp>Plugin by \u003Ca href=\"http:\u002F\u002Ftutskid.com\u002F\" rel=\"nofollow ugc\">TutsKid | WordPress Tutorials, Themes, Plugins, and More!\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with WP Nofollow More Links. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Adds the nofollow rel attribute to the more (read more) links.",20,3934,"2014-04-27T10:28:00.000Z","3.9.40","3.0",[22,156,23,157,24],"more-links","read-more","http:\u002F\u002Ftutskid.com\u002Fwp-nofollow-more-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-nofollow-more-links.1.2.zip",{"attackSurface":161,"codeSignals":206,"taintFlows":217,"riskAssessment":267,"analyzedAt":280},{"hooks":162,"ajaxHandlers":202,"restRoutes":203,"shortcodes":204,"cronEvents":205,"entryPointCount":28,"unprotectedCount":28},[163,169,173,177,181,186,190,194,198],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","admin_menu","unn_admin_menu","ultimate-noindex.php",27,{"type":164,"name":170,"callback":171,"file":167,"line":172},"wp_head","wp_noindex",28,{"type":164,"name":174,"callback":175,"file":167,"line":176},"login_head","unn_noindex_login",29,{"type":164,"name":178,"callback":179,"file":167,"line":180},"admin_head","unn_noindex_admin",30,{"type":182,"name":183,"callback":184,"file":167,"line":185},"filter","wp_list_pages","unn_nofollow_pages",31,{"type":182,"name":187,"callback":188,"file":167,"line":189},"get_archives_link","unn_nofollow_archives",32,{"type":182,"name":191,"callback":192,"file":167,"line":193},"wp_list_categories","unn_nofollow_cats",33,{"type":182,"name":195,"callback":196,"file":167,"line":197},"loginout","unn_nofollow_login",34,{"type":182,"name":199,"callback":200,"file":167,"line":201},"register","unn_nofollow_register",35,[],[],[],[],{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":210,"fileOperations":28,"externalRequests":28,"nonceChecks":116,"capabilityChecks":28,"bundledLibraries":216},[],{"prepared":28,"raw":28,"locations":209},[],{"escaped":211,"rawEcho":116,"locations":212},4,[213],{"file":167,"line":214,"context":215},239,"raw output",[],[218,253],{"entryPoint":219,"graph":220,"unsanitizedCount":28,"severity":252},"unn_admin (ultimate-noindex.php:154)",{"nodes":221,"edges":247},[222,227,233,236,240,244],{"id":223,"type":224,"label":225,"file":167,"line":226},"n0","source","$_POST (x15)",160,{"id":228,"type":229,"label":230,"file":167,"line":231,"wp_function":232},"n1","sink","update_option() [Settings Manipulation]",161,"update_option",{"id":234,"type":224,"label":235,"file":167,"line":214},"n2","$_SERVER['REQUEST_URI']",{"id":237,"type":229,"label":238,"file":167,"line":214,"wp_function":239},"n3","echo() [XSS]","echo",{"id":241,"type":224,"label":242,"file":167,"line":243},"n4","$_POST (x2)",181,{"id":245,"type":229,"label":238,"file":167,"line":246,"wp_function":239},"n5",248,[248,250,251],{"from":223,"to":228,"sanitized":249},true,{"from":234,"to":237,"sanitized":249},{"from":241,"to":245,"sanitized":249},"low",{"entryPoint":254,"graph":255,"unsanitizedCount":28,"severity":252},"\u003Cultimate-noindex> (ultimate-noindex.php:0)",{"nodes":256,"edges":263},[257,258,259,260,261,262],{"id":223,"type":224,"label":225,"file":167,"line":226},{"id":228,"type":229,"label":230,"file":167,"line":231,"wp_function":232},{"id":234,"type":224,"label":235,"file":167,"line":214},{"id":237,"type":229,"label":238,"file":167,"line":214,"wp_function":239},{"id":241,"type":224,"label":242,"file":167,"line":243},{"id":245,"type":229,"label":238,"file":167,"line":246,"wp_function":239},[264,265,266],{"from":223,"to":228,"sanitized":249},{"from":234,"to":237,"sanitized":249},{"from":241,"to":245,"sanitized":249},{"summary":268,"deductions":269},"The static analysis of ultimate-noindex-nofollow-tool-ii v1.3.6 reveals a strong security posture in its current implementation. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface from these common entry points. The code also demonstrates good practices with the absence of dangerous functions, file operations, and external HTTP requests. All SQL queries are prepared, and a nonce check is present, indicating an awareness of security fundamentals.  However, the vulnerability history is a significant concern. The plugin has two documented medium-severity CVEs, one of which was recently patched (as of March 25, 2024). The types of historical vulnerabilities, Cross-Site Scripting and Cross-Site Request Forgery, are common and can be severe if not properly mitigated. While the current version shows no obvious flaws in the static analysis, the past indicates a propensity for security issues that require active patching by users.",[270,273,275,277],{"reason":271,"points":272},"Past medium severity vulnerabilities (XSS, CSRF)",15,{"reason":274,"points":78},"Vulnerability history indicates potential for future issues",{"reason":276,"points":211},"Low percentage of properly escaped output (80%)",{"reason":278,"points":279},"No capability checks for entry points",5,"2026-03-17T05:36:27.016Z",{"wat":282,"direct":287},{"assetPaths":283,"generatorPatterns":284,"scriptPaths":285,"versionParams":286},[],[],[],[],{"cssClasses":288,"htmlComments":289,"htmlAttributes":290,"restEndpoints":291,"jsGlobals":292,"shortcodeOutput":293},[],[],[],[],[],[]]