Browse all 4 CVE security advisories affecting Vladimir Prelovac. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vladimir Prelovac develops WordPress security tools and plugins, with core use cases focused on website protection and vulnerability management. Historically, his products have been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. Four CVEs (CVE-2021-24346, CVE-2021-24347, CVE-2021-24348, CVE-2021-24349) have been recorded, primarily affecting WordPress security plugins. These vulnerabilities allowed unauthorized attackers to execute arbitrary code, manipulate content, or gain elevated access. The incidents highlight recurring input validation and sanitization weaknesses in plugin architectures, emphasizing the need for rigorous security testing in WordPress extension development.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39665 | WordPress SEO Friendly Images plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability — SEO Friendly ImagesCWE-79 | 6.5 | Medium | 2026-04-08 |
| CVE-2025-28968 | WordPress WP Wall plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — WP WallCWE-79 | 7.1 | High | 2025-07-04 |
| CVE-2025-46439 | WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability — Plugin CentralCWE-352 | 7.4 | High | 2025-04-24 |
| CVE-2023-25475 | WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) — Smart YouTube PROCWE-352 | 4.3 | Medium | 2023-07-18 |
This page lists every published CVE security advisory associated with Vladimir Prelovac. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.