MEDIUM
seo_tools
CVE published 2026-06-24
CVE-2026-11997
The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 1.1. This vulnerability stems from missing or incorrect nonce validation on the plugin's settings page handler, BulkSeoImage(). Specifically, the plugin does not emit a wp_nonce_field() in the form and does not perform a check_admin_referer()/wp_verify_nonce() before bulk-overwriting [truncated]