Analyst readout for executives and security teams
Plain-English summary
CVE-2023-30474 is a CSRF issue in the WordPress Ultimate Noindex Nofollow Tool II plugin through version 1.3. An attacker would need to trick a logged-in user into an action that changes plugin-related settings. The reported impact is limited integrity change, not data theft or outage.
Executive priority
Handle as a moderate, routine WordPress plugin hygiene item. It is most urgent for public business sites where unexpected noindex or nofollow changes could affect search visibility. The available evidence does not support emergency treatment absent confirmed deployment or exploitation.
Technical view
The vulnerability is CWE-352 in Kilian Evang Ultimate Noindex Nofollow Tool II <= 1.3. CVSS 3.1 is 4.3: network reachable, low complexity, no attacker privileges, user interaction required, unchanged scope, no confidentiality or availability impact, and low integrity impact.
Likely exposure
Exposure is limited to WordPress sites where the Ultimate Noindex Nofollow Tool II plugin is installed at version 1.3 or earlier. The source bundle does not provide CPEs, install prevalence, a fixed version, or confirmation of current plugin support status.
Exploitation context
The provided sources do not indicate active exploitation, and this CVE is not marked as CISA KEV. Practical abuse depends on convincing a logged-in user with relevant WordPress access to perform an attacker-triggered request.
Researcher notes
The public bundle is sparse. It establishes CSRF, affected plugin name, version boundary <= 1.3, CVSS 4.3, CWE-352, and no KEV listing. It does not identify a patched release, vulnerable endpoint, nonce behavior, exploit evidence, or broad ecosystem exposure.
Mitigation direction
- Inventory WordPress sites for the affected plugin and version.
- Check Patchstack, the vendor, or WordPress plugin source for fixed-version guidance.
- If version <= 1.3 is present, update, disable, or remove per vendor guidance.
- Limit administrative browsing from active WordPress sessions where feasible.
- Review SEO/indexing settings for unexpected noindex or nofollow changes.
Validation and detection
- Confirm whether Ultimate Noindex Nofollow Tool II is installed.
- Record the installed plugin version and compare against <= 1.3.
- Check whether trusted sources name a fixed version or retirement guidance.
- Review recent WordPress administrative changes for unexpected plugin setting updates.
- Verify affected sites remain correctly indexed according to business requirements.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-352: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2023-30474 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 4.3 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N2.81.4Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
4.3MediumVector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Source materials
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
