CVE-2025-23853 Information

Description

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in michelem NoFollow Free allows Reflected XSS. This issue affects NoFollow Free: from n/a through 1.6.3.

Reference

https://patchstack.com/database/wordpress/plugin/nofollow-free/vulnerability/wordpress-nofollow-free-plugin-1-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve