cleantalk
Vulnerabilities and Security Researches

SEO Friendly Images, f0c53a5a0e6e994d34c89fa61f207dd47899b2c0

CVE, Research URL

f0c53a5a0e6e994d34c89fa61f207dd47899b2c0

Home page URL

Security reports for SEO Friendly Images

Application

SEO Friendly Images

Published on
Jan 03, 2015
Research Description
SEO Friendly Images [seo-image] < 3.0.5 (closed) SEO Friendly Images <= 3.0.4 - Cross-Site Request Forgery to Cross-Site Scripting The SEO Friendly Images plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on the default_alt and default_title parameters along with a missing nonce check on the handle_settings() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 3.0.5.
Status
vulnerable
Previous vulnerability researches
SrbTransLatin &#8211; Serbian Latinisation (CVE-2018-5369) , Jun 07, 2024
SrbTransLatin &#8211; Serbian Latinisation (CVE-2018-5368) , Jun 07, 2024
SrbTransLatin &#8211; Serbian Latinisation (CVE-2025-31421) , Apr 05, 2025
SrbTransLatin &#8211; Serbian Latinisation (a848dceb0ab4270e438a59d3678ca4b9f06a90ea) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026