CVE-2023-7196 is a medium severity vulnerability classified as CWE-352 (Cross-Site Request Forgery) affecting the Ultimate Noindex Nofollow Tool WordPress plugin up to version 1.1.2. This plugin is used to manage SEO-related settings by controlling the noindex and nofollow meta tags on WordPress sites. The vulnerability arises because the plugin lacks proper CSRF protections when updating its settings. Specifically, it does not implement anti-CSRF tokens or other verification mechanisms to ensure that requests to change settings originate from legitimate, authenticated users. As a result, an attacker can craft a malicious web page or link that, when visited by a logged-in WordPress administrator, causes the admin’s browser to unknowingly submit a request to modify the plugin’s settings. This could lead to unauthorized changes in SEO configurations, potentially impacting site visibility and behavior. The CVSS 3.1 base score is 4.3 (medium), reflecting that the attack requires user interaction (the admin must visit a malicious page), no privileges are required to initiate the attack, and the impact is limited to integrity (unauthorized changes) without affecting confidentiality or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is network exploitable and has low attack complexity, but requires a logged-in administrator to be tricked into performing the action.

For European organizations running WordPress sites with the Ultimate Noindex Nofollow Tool plugin, this vulnerability could allow attackers to alter SEO-related settings without authorization. While this does not directly compromise sensitive data or site availability, unauthorized changes to noindex/nofollow tags can negatively affect search engine indexing, leading to reduced site visibility, traffic loss, and potential reputational damage. For businesses relying heavily on organic search traffic, this can translate into financial impact and diminished competitive advantage. Additionally, if attackers combine this with other vulnerabilities or social engineering, it could be part of a broader attack chain. The impact is primarily on the integrity of site configuration and indirectly on business operations dependent on web presence.

European organizations should immediately audit their WordPress installations for the presence of the Ultimate Noindex Nofollow Tool plugin and verify the version in use. Until an official patch is released, administrators should restrict access to the WordPress admin interface to trusted networks or VPNs to reduce exposure. Implementing web application firewalls (WAFs) with custom rules to detect and block suspicious CSRF-like requests targeting the plugin’s settings endpoints can provide temporary protection. Educate administrators to avoid clicking on untrusted links while logged into WordPress. Monitoring changes to SEO settings and maintaining regular backups of configuration can help detect and recover from unauthorized modifications. Once a patch is available, apply it promptly. Additionally, plugin developers and site maintainers should enforce CSRF tokens and nonce verification for all state-changing requests to prevent such vulnerabilities.