Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Patch
AI Analysis

Impact

A DOM‑based cross‑site scripting flaw occurs in the SEO Friendly Images plugin for WordPress due to improper neutralization of user input when generating a web page. This issue allows malicious scripts to run in the browsers of visitors who view the affected site, potentially hijacking session cookies, defacing the site, or executing other client‑side attacks.

Affected Systems

All releases of the SEO Friendly Images plugin by Vladimir Prelovac up to and including version 3.0.5 are affected. Sites running any of these versions are vulnerable to the flaw.

Risk and Exploitability

The CVE does not include a CVSS score or EPSS value, and the vulnerability is not listed by CISA in KEV. The attack appears to be a client‑side exploit that can be triggered by crafted input or URLs handled by the plugin, though no publicly disclosed exploits are referenced in the provided data.

Generated by OpenCVE AI on April 8, 2026 at 10:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SEO Friendly Images plugin to the latest available version.
  • If an upgrade cannot be performed immediately, deactivate or delete the plugin to eliminate the vulnerability.
  • Apply a strong Content Security Policy to mitigate the impact of potential client‑side script execution.

Generated by OpenCVE AI on April 8, 2026 at 10:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Vladimir Prelovac
Vladimir Prelovac seo Friendly Images
Wordpress
Wordpress wordpress
Vendors & Products Vladimir Prelovac
Vladimir Prelovac seo Friendly Images
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
Title WordPress SEO Friendly Images plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Vladimir Prelovac Seo Friendly Images
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:37.934Z

Reserved: 2026-04-07T10:57:59.671Z

Link: CVE-2026-39665

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:37.743

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39665

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:41:11Z

Weaknesses