cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foriloveimg iloveimg

Direction: descending
Jun 16, 2026

Image Compressor & Optimizer – iLoveIMG # 4c046dc8-48fc-4345-8a20-c2d975f67275

CVE, Research URL

4c046dc8-48fc-4345-8a20-c2d975f67275

Home page URL

Security reports for Image Compressor & Optimizer – iLoveIMG

Application

Image Compressor & Optimizer – iLoveIMG

Date
-
Research Description
iLoveIMG [iloveimg] < 1.0.6 Image Compressor &amp; Optimizer - iLoveIMG &lt; 1.0.6 - Admin+ PHP Object Injection The plugin is vulnerable to PHP Object Injection in all versions up to 1.0.6 (exclusive) via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
max 1.0.6.
Status
vulnerable

Image Compressor &amp; Optimizer &#8211; iLoveIMG # 498c6b23eb82dfde39eea2514682ce6d8b9f67b0

CVE, Research URL

498c6b23eb82dfde39eea2514682ce6d8b9f67b0

Home page URL

Security reports for Image Compressor &amp; Optimizer &#8211; iLoveIMG

Application

Image Compressor &amp; Optimizer &#8211; iLoveIMG

Date
Nov 14, 2023
Research Description
iLoveIMG [iloveimg] < 1.0.6 WordPress iLoveIMG Plugin <= 1.0.5 is vulnerable to PHP Object Injection Update the WordPress iLoveIMG plugin to the latest available version (at least 1.0.6). Unknown discovered and reported this PHP Object Injection vulnerability in WordPress iLoveIMG Plugin. This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is present. This vulnerability has been fixed in version 1.0.6.
Affected versions
max 1.0.6.
Status
vulnerable
Jun 07, 2024

Image Compressor &amp; Optimizer &#8211; iLoveIMG # fa48103c09c0ddd8196a848c2c80609bc865a71e

CVE, Research URL

fa48103c09c0ddd8196a848c2c80609bc865a71e

Home page URL

Security reports for Image Compressor &amp; Optimizer &#8211; iLoveIMG

Application

Image Compressor &amp; Optimizer &#8211; iLoveIMG

Date
Nov 13, 2023
Research Description
iLoveIMG [iloveimg] < 1.0.6 Image Compressor & Optimizer - iLoveIMG <= 1.0.5 - Authenticated (Administrator+) PHP Object Injection The Image Compressor & Optimizer – iLoveIMG plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 1.0.6 (exclusive) via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
max 1.0.6.
Status
vulnerable