Bulk SEO Image Security & Risk Analysis

wordpress.org/plugins/bulk-seo-image

Easily update all the ALT attribute of your images. Can add the Article Name automatically to all your images improving traffic from search engines.

200 active installs v1.1 PHP + WP 3.0.1+ Updated May 13, 2015
altalt-attributeimageseo
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Safety Verdict

Is Bulk SEO Image Safe to Use in 2026?

Use With Caution

Score 63/100

Bulk SEO Image has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 11yr ago
Risk Assessment

The "bulk-seo-image" v1.1 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. This suggests a limited number of potential entry points for attackers. Furthermore, there are no recorded vulnerabilities in its history, and the taint analysis found no critical or high severity issues. However, significant concerns arise from the code signals. The presence of raw SQL queries without prepared statements is a notable risk, as it can be exploited for SQL injection if the query is user-controllable. Additionally, a complete lack of output escaping for all identified outputs is a critical flaw, leaving the plugin highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on any potential entry points (though none were found in this static analysis) also represents a gap in security best practices if any were to be introduced in future versions or if the analysis was incomplete.

While the plugin currently has no known vulnerabilities and a small attack surface, the fundamental security flaws in handling SQL and outputting data present a substantial risk. The lack of prepared statements for its single SQL query and the complete absence of output escaping are serious oversights that could lead to severe security breaches. The plugin's vulnerability history being clean could be due to its limited functionality or a lack of deep security auditing. It is crucial to address the output escaping and SQL query preparation to significantly improve its security posture.

Key Concerns

  • SQL queries without prepared statements
  • Output escaping not properly implemented
  • No nonce checks
  • No capability checks
Vulnerabilities
1 published

Bulk SEO Image Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-11997medium · 4.3Cross-Site Request Forgery (CSRF)

Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update

Jun 23, 2026Unpatched
Version History

Bulk SEO Image Release Timeline

v1.1Current1 CVE
v1.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Bulk SEO Image Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
25
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped25 total outputs
Attack Surface

Bulk SEO Image Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionadmin_menubulk-seo-image.php:157
Maintenance & Trust

Bulk SEO Image Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedMay 13, 2015
PHP min version
Downloads12K

Community Trust

Rating96/100
Number of ratings15
Active installs200
Developer Profile

Bulk SEO Image Developer Profile

SEO_tools

1 plugin · 200 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bulk SEO Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bulk-seo-image/

HTML / DOM Fingerprints

CSS Classes
wrapform-table
Data Attributes
name="bulkseoimage"id="BulkSeoImage"name="option1"name="choice"name="override"name="bulkseoimage"
Shortcode Output
%PostName%%CurrentSiteName%$i%PostName% <span style="color:orange">$i</span>
FAQ

Frequently Asked Questions about Bulk SEO Image