Vulnerabilities and security researches forrobin-image-optimizer robin-image-optimizer

Aug 12, 2024

CVE, Research URL: CVE-2024-43122
Home page URL: Security reports for Robin image optimizer — save money on image compression
Application: Robin image optimizer — save money on image compression
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9.
Affected versions: max 1.7.0.
Status: vulnerable

Apr 15, 2026

CVE, Research URL: CVE-2026-1319
Home page URL: Security reports for Robin image optimizer — save money on image compression
Application: Robin image optimizer — save money on image compression
Date: Feb 05, 2026
Research Description: The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.0.3.
Status: vulnerable