WP-Safety

Image SEO – AI-Driven Image SEO Optimizer Security & Risk Analysis

wordpress.org/plugins/imageseo

Improve your images alt, title, captions and filenames for better SEO rankings.

1K active installs v3.2.4 PHP 7.0+ WP 5.8+ Updated Feb 25, 2026
ai-optimizationoptimize-imagesrankingseosocial-media
99
A · Safe
CVEs total2
Unpatched0
Last CVEJul 23, 2024
Plugin page Download
Safety Verdict

Is Image SEO – AI-Driven Image SEO Optimizer Safe to Use in 2026?

Generally Safe

Score 99/100

Image SEO – AI-Driven Image SEO Optimizer has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 23, 2024Updated 1mo ago
Risk Assessment

The "imageseo" plugin version 3.2.4 exhibits a generally good security posture with several positive indicators. The plugin has a limited attack surface, with all identified entry points (AJAX handlers) appearing to have authentication checks. Furthermore, the code demonstrates strong practices in handling SQL queries (94% prepared) and output escaping (92% escaped), which significantly mitigates risks of common vulnerabilities like SQL injection and cross-site scripting. The absence of any taint flows with unsanitized paths and the robust implementation of nonce and capability checks further bolster its defenses.

However, there are notable concerns. The presence of two instances of the `unserialize` function poses a potential risk. If user-controlled data is unserialized without proper validation and sanitization, it can lead to Remote Code Execution (RCE) vulnerabilities. While the taint analysis did not reveal any immediate issues stemming from these, it remains a critical area to monitor. The plugin's history of two medium-severity CVEs, although currently unpatched, indicates a pattern of past security weaknesses related to exposure of sensitive information and CSRF. This suggests that while current static analysis might not reveal active vulnerabilities, past issues warrant careful consideration and ongoing vigilance.

In conclusion, "imageseo" 3.2.4 has made commendable progress in security by implementing strong defenses in key areas. The limited attack surface and good data handling practices are significant strengths. Nevertheless, the potential risks associated with `unserialize` and the historical precedent of medium-severity vulnerabilities necessitate cautious use and prompt updates when future patches become available.

Key Concerns

  • Use of unserialize function
  • Past medium severity CVEs
Vulnerabilities
2

Image SEO – AI-Driven Image SEO Optimizer Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-6571medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Optimize Images ALT Text (alt tag) & names for SEO using AI <= 3.1.1 - Unauthenticated Full Path Disclosure

Jul 23, 2024 Patched in 3.1.2 (1d)
CVE-2022-4548medium · 4.3Cross-Site Request Forgery (CSRF)

Optimize images ALT Text <= 2.0.7 - Cross-Site Request Forgery

Dec 28, 2022 Patched in 2.0.8 (391d)
Code Analysis
Analyzed Mar 16, 2026

Image SEO – AI-Driven Image SEO Optimizer Code Analysis

Dangerous Functions
2
Raw SQL Queries
6
95 prepared
Unescaped Output
12
142 escaped
Nonce Checks
13
Capability Checks
12
File Operations
3
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize($data, $options); // @phpcs:ignoresrc\Async\WPBackgroundProcess.php:806
unserialize$schedule = unserialize( $data->schedule ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.sethirds\action-scheduler\classes\data-stores\ActionScheduler_DBStore.php:369

SQL Query Safety

94% prepared101 total queries

Output Escaping

92% escaped154 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
generateSocialMediaManually (src\Actions\Admin\GenerateImage.php:36)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Image SEO – AI-Driven Image SEO Optimizer Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_imageseo_media_alt_updatesrc\Actions\Admin\MediaLibrary.php:33
authwp_ajax_imageseo_check_current_processsrc\Actions\Admin\SocialMediaGenerate.php:24
authwp_ajax_imageseo_generate_social_mediasrc\Actions\Admin\SocialMediaGenerate.php:25
WordPress Hooks 129
actionadmin_noticesimageseo.php:85
actionplugins_loadedimageseo.php:162
actionadmin_bar_menusrc\Actions\Admin\AdminBar.php:23
actionadmin_post_imageseo_backup_rename_filesrc\Actions\Admin\BackupFilename.php:13
actionadmin_enqueue_scriptssrc\Actions\Admin\Enqueue.php:14
actionadmin_enqueue_scriptssrc\Actions\Admin\Enqueue.php:15
actionenqueue_block_editor_assetssrc\Actions\Admin\Enqueue.php:16
actiontransition_post_statussrc\Actions\Admin\GenerateImage.php:32
actionadmin_post_imageseo_generate_manual_social_mediasrc\Actions\Admin\GenerateImage.php:33
filtermanage_media_columnssrc\Actions\Admin\MediaLibrary.php:30
actionmanage_media_custom_columnsrc\Actions\Admin\MediaLibrary.php:31
filterwp_generate_attachment_metadatasrc\Actions\Admin\MediaLibrary.php:35
actiondelete_attachmentsrc\Actions\Admin\MediaLibrary.php:36
actionadmin_enqueue_scriptssrc\Actions\Admin\MediaLibrary.php:37
actionrestrict_manage_postssrc\Actions\Admin\MediaLibraryFilters.php:26
actionpre_get_postssrc\Actions\Admin\MediaLibraryFilters.php:27
filterattachment_fields_to_editsrc\Actions\Admin\MediaLibraryPinterest.php:13
actionattachment_fields_to_savesrc\Actions\Admin\MediaLibraryPinterest.php:14
actionadmin_post_imageseo_generate_altsrc\Actions\Admin\MediaLibraryReport.php:29
actionadmin_post_imageseo_rename_attachmentsrc\Actions\Admin\MediaLibraryReport.php:30
actionadmin_noticessrc\Actions\Admin\Notices\Curl.php:21
actionadmin_noticessrc\Actions\Admin\Notices\NoConfiguration.php:21
filterplugin_action_linkssrc\Actions\Admin\PluginLinks.php:13
actionadd_meta_boxessrc\Actions\Admin\SocialMediaColumn.php:34
actionadmin_post_imageseo_backup_attachmentsrc\Actions\Admin\Support.php:19
actionadmin_post_imageseo_recount_imagessrc\Actions\Admin\UpdateCounterImages.php:25
actionwp_enqueue_scriptssrc\Actions\Front\Enqueue.php:17
actionwp_headsrc\Actions\Front\SocialMediaHead.php:37
filterrank_math/opengraph/facebook/add_imagessrc\Actions\Front\SocialMediaHead.php:62
filterrank_math/opengraph/twitter/add_imagessrc\Actions\Front\SocialMediaHead.php:71
filterrank_math/opengraph/facebook/imagesrc\Actions\Front\SocialMediaHead.php:81
filterrank_math/opengraph/facebppl/og_image_secure_urlsrc\Actions\Front\SocialMediaHead.php:82
filterrank_math/opengraph/twitter/imagesrc\Actions\Front\SocialMediaHead.php:83
filterwpseo_og_og_imagesrc\Actions\Front\SocialMediaHead.php:88
filterwpseo_og_og_image_secure_urlsrc\Actions\Front\SocialMediaHead.php:89
filterwpseo_og_og_image_widthsrc\Actions\Front\SocialMediaHead.php:90
filterwpseo_og_og_image_heightsrc\Actions\Front\SocialMediaHead.php:91
filterwpseo_twitter_imagesrc\Actions\Front\SocialMediaHead.php:92
filterseopress_social_og_thumbsrc\Actions\Front\SocialMediaHead.php:97
filterseopress_social_twitter_card_thumbsrc\Actions\Front\SocialMediaHead.php:98
filterseopress_social_twitter_card_summarysrc\Actions\Front\SocialMediaHead.php:99
actioninitsrc\Actions\Migration.php:22
actionrest_api_initsrc\Actions\RestApi.php:18
actioninitsrc\Actions\VendorProtect.php:9
actionadmin_menusrc\Admin\SettingsPage.php:27
actionadmin_enqueue_scriptssrc\Admin\SettingsPage.php:28
filtercron_schedulessrc\Async\WPBackgroundProcess.php:111
actionprocess_image_batchsrc\Services\BulkOptimizer.php:51
actioncheck_image_batchsrc\Services\BulkOptimizer.php:52
actioncheck_optimizer_finishedsrc\Services\BulkOptimizer.php:53
actionplugins_loadedthirds\action-scheduler\action-scheduler.php:36
actionplugins_loadedthirds\action-scheduler\action-scheduler.php:39
actioninitthirds\action-scheduler\classes\abstracts\ActionScheduler.php:152
actioninitthirds\action-scheduler\classes\abstracts\ActionScheduler.php:153
actioninitthirds\action-scheduler\classes\abstracts\ActionScheduler.php:154
actioninitthirds\action-scheduler\classes\abstracts\ActionScheduler.php:155
actioninitthirds\action-scheduler\classes\abstracts\ActionScheduler.php:157
actionaction_scheduler/migration_completethirds\action-scheduler\classes\abstracts\ActionScheduler.php:213
actionaction_scheduler_canceled_actionthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:50
actionaction_scheduler_begin_executethirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:51
actionaction_scheduler_after_executethirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:52
actionaction_scheduler_failed_executionthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:53
actionaction_scheduler_failed_actionthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:54
actionaction_scheduler_unexpected_shutdownthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:55
actionaction_scheduler_reset_actionthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:56
actionaction_scheduler_execution_ignoredthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:57
actionaction_scheduler_failed_fetch_actionthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:58
actionaction_scheduler_failed_to_schedule_next_instancethirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:59
actionaction_scheduler_bulk_cancel_actionsthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:60
actionaction_scheduler_stored_actionthirds\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:64
actionwoocommerce_admin_status_content_action-schedulerthirds\action-scheduler\classes\ActionScheduler_AdminView.php:37
actionwoocommerce_system_status_reportthirds\action-scheduler\classes\ActionScheduler_AdminView.php:38
filterwoocommerce_admin_status_tabsthirds\action-scheduler\classes\ActionScheduler_AdminView.php:39
actionadmin_menuthirds\action-scheduler\classes\ActionScheduler_AdminView.php:42
actionadmin_noticesthirds\action-scheduler\classes\ActionScheduler_AdminView.php:43
actioncurrent_screenthirds\action-scheduler\classes\ActionScheduler_AdminView.php:44
filteraction_scheduler_store_classthirds\action-scheduler\classes\ActionScheduler_DataController.php:167
filteraction_scheduler_logger_classthirds\action-scheduler\classes\ActionScheduler_DataController.php:168
actiondeactivate_pluginthirds\action-scheduler\classes\ActionScheduler_DataController.php:169
actionaction_scheduler/progress_tickthirds\action-scheduler\classes\ActionScheduler_DataController.php:174
actionshutdownthirds\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:19
actionaction_scheduler_before_executethirds\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:20
actionaction_scheduler_after_executethirds\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:21
actionaction_scheduler_execution_ignoredthirds\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:22
actionaction_scheduler_failed_executionthirds\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:23
actionaction_scheduler/created_tablethirds\action-scheduler\classes\ActionScheduler_ListTable.php:551
filtercron_schedulesthirds\action-scheduler\classes\ActionScheduler_QueueRunner.php:54
actionshutdownthirds\action-scheduler\classes\ActionScheduler_QueueRunner.php:77
actionpre_get_commentsthirds\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:44
actionwp_count_commentsthirds\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:45
actioncomment_feed_wherethirds\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:46
actionload-tools_page_action-schedulerthirds\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:49
actionload-woocommerce_page_wc-statusthirds\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:50
actionadmin_noticesthirds\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:91
actionaction_scheduler_deleted_actionthirds\action-scheduler\classes\data-stores\ActionScheduler_DBLogger.php:112
actionaction_scheduler/created_tablethirds\action-scheduler\classes\data-stores\ActionScheduler_HybridStore.php:56
filtercomments_clausesthirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:102
actionaction_scheduler_before_process_queuethirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:219
actionaction_scheduler_after_process_queuethirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:220
actionpre_get_commentsthirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:224
actionwp_count_commentsthirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:225
actioncomment_feed_wherethirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:226
actionwp_insert_commentthirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:229
actionwp_set_comment_statusthirds\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:230
filterwp_insert_post_datathirds\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:81
filterpre_wp_unique_post_slugthirds\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:82
filterpre_wp_unique_post_slugthirds\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:518
filterwp_insert_post_datathirds\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:989
filterpre_wp_unique_post_slugthirds\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:990
filteraction_scheduler_migration_dependencies_metthirds\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:1077
actionadmin_noticesthirds\action-scheduler\classes\migration\Controller.php:155
filteraction_scheduler_store_classthirds\action-scheduler\classes\migration\Controller.php:169
filteraction_scheduler_logger_classthirds\action-scheduler\classes\migration\Controller.php:170
actioninitthirds\action-scheduler\classes\migration\Controller.php:171
actionwp_loadedthirds\action-scheduler\classes\migration\Controller.php:172
actionload-tools_page_action-schedulerthirds\action-scheduler\classes\migration\Controller.php:175
actionload-woocommerce_page_wc-statusthirds\action-scheduler\classes\migration\Controller.php:176
actionaction_scheduler_before_schema_updatethirds\action-scheduler\classes\schema\ActionScheduler_LoggerSchema.php:28
actionaction_scheduler_before_schema_updatethirds\action-scheduler\classes\schema\ActionScheduler_StoreSchema.php:33
actionaction_scheduler_before_executethirds\action-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:79
actionaction_scheduler_after_executethirds\action-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:80
actionaction_scheduler_failed_executionthirds\action-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:81
actionaction_scheduler/migrate_action_dry_runthirds\action-scheduler\classes\WP_CLI\Migration_Command.php:126
actionaction_scheduler/no_action_to_migratethirds\action-scheduler\classes\WP_CLI\Migration_Command.php:129
actionaction_scheduler/migrate_action_failedthirds\action-scheduler\classes\WP_CLI\Migration_Command.php:132
actionaction_scheduler/migrate_action_incompletethirds\action-scheduler\classes\WP_CLI\Migration_Command.php:135
actionaction_scheduler/migrated_actionthirds\action-scheduler\classes\WP_CLI\Migration_Command.php:138
actionaction_scheduler/migration_batch_startingthirds\action-scheduler\classes\WP_CLI\Migration_Command.php:141
actionaction_scheduler/migration_batch_completethirds\action-scheduler\classes\WP_CLI\Migration_Command.php:144
Maintenance & Trust

Image SEO – AI-Driven Image SEO Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version7.0
Downloads89K

Community Trust

Rating68/100
Number of ratings58
Active installs1K
Alternatives

Image SEO – AI-Driven Image SEO Optimizer Alternatives

Wincher Rank Tracker

Wincher Rank Tracker

wincher-rank-tracker

A
85

Wincher is a Google search engine rank tracking plugin which enables you to keep an eye on your keywords.

3K No CVEs
SEO Image Toolbox

SEO Image Toolbox

seo-image-alt-tags

A
85

THIS WILL SAVE YOU HOURS. Alt tags are dynamically generated and saved to the database automatically any time an image is uploaded, and improves your &hellip;

1K No CVEs
Cloudimage

Cloudimage

cloudimage

A
100

The easiest way to resize, compress, optimise and deliver lightning fast images to your users on any device via CDN.

300 No CVEs
Answer Engine Optimization – AEO, AIO, AISEO, AI SEO, GEO Audit

Answer Engine Optimization – AEO, AIO, AISEO, AI SEO, GEO Audit

answer-engine-optimization-aeo-audit

A
100

Audit & Fix your website for Answer Engine / AI Optimization (AEO / AIO), AI SEO, AISEO, GEO for Google Zero position, ChatGPT, suggestion & improve.

100 No CVEs
MAIO – ChatGPT SEO Tracking & AI Search Optimization for WordPress

MAIO – ChatGPT SEO Tracking & AI Search Optimization for WordPress

maio-the-new-ai-geo-seo-tool

A
100

MAIO is a ChatGPT SEO tracking plugin for WordPress that helps you track, monitor, and optimize your website’s visibility in ChatGPT and AI search eng &hellip;

100 No CVEs
Developer Profile

Image SEO – AI-Driven Image SEO Optimizer Developer Profile

watermelon-joy

1 plugin · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect Image SEO – AI-Driven Image SEO Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/imageseo/dist/css/imageseo.css/wp-content/plugins/imageseo/dist/js/imageseo.js/wp-content/plugins/imageseo/dist/js/settings.js/wp-content/plugins/imageseo/dist/js/bulk.js/wp-content/plugins/imageseo/dist/js/bulk-image-optimizer.js/wp-content/plugins/imageseo/dist/js/bulk-media.js
Script Paths
/wp-content/plugins/imageseo/dist/js/imageseo.js/wp-content/plugins/imageseo/dist/js/settings.js/wp-content/plugins/imageseo/dist/js/bulk.js/wp-content/plugins/imageseo/dist/js/bulk-image-optimizer.js/wp-content/plugins/imageseo/dist/js/bulk-media.js
Version Parameters
imageseo/dist/css/imageseo.css?ver=imageseo/dist/js/imageseo.js?ver=imageseo/dist/js/settings.js?ver=imageseo/dist/js/bulk.js?ver=imageseo/dist/js/bulk-image-optimizer.js?ver=imageseo/dist/js/bulk-media.js?ver=

HTML / DOM Fingerprints

CSS Classes
imageseo-pageimage-seo-wp-settingsimageseo-bulk-optimizerimage-seo-bulk-media-tableimage-seo-bulk-settingsimage-seo-bulk-image-optimizerimageseo-bulk-optimizer-formimageseo-plugin-container+1 more
HTML Comments
<!-- ImageSEO Alt Tag Settings --><!-- ImageSEO Bulk Optimizer --><!-- ImageSEO Bulk Media Optimizer --><!-- ImageSEO Bulk Settings -->+2 more
Data Attributes
data-imageseo-altdata-imageseo-bulk-optimizer-noncedata-imageseo-bulk-media-noncedata-imageseo-bulk-settings-noncedata-imageseo-image-id
JS Globals
ImageSeoImageSeoBulkOptimizerImageSeoBulkMediaImageSeoSettings
REST Endpoints
/wp-json/imageseo/v1/settings/wp-json/imageseo/v1/bulk-optimizer/wp-json/imageseo/v1/bulk-media-optimizer/wp-json/imageseo/v1/update-alt-tag
FAQ

Frequently Asked Questions about Image SEO – AI-Driven Image SEO Optimizer