cleantalk
Vulnerabilities and Security Researches

Robin image optimizer — save money on image compression, CVE-2026-1319

CVE, Research URL

CVE-2026-1319

Home page URL

Security reports for Robin image optimizer — save money on image compression

Application

Robin image optimizer — save money on image compression

Published on
Feb 05, 2026
Research Description
The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.0.3.
Status
vulnerable
Previous vulnerability researches
Robin image optimizer — save money on image compression (CVE-2024-43122) , Aug 12, 2024
Robin image optimizer — save money on image compression (CVE-2026-1319) , Apr 15, 2026
New vulnerability
Okay Toolkit (CVE-2025-68851) , Apr 15, 2026
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026