Vladimir Prelovac SEO Friendly Images allows malicious website content injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Vladimir Prelovac SEO Friendly Images allows malicious website content injection

CVE-2026-39665

Summary

The SEO Friendly Images plugin for WordPress has a security flaw that allows hackers to inject malicious content into web pages. This could allow them to steal user data or spread malware. Upgrade to version 3.0.6 or later to fix the issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Fri...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/seo-image/vulnerability/wordpre...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026