cleantalk
Vulnerabilities and Security Researches

Image Compressor & Optimizer – iLoveIMG, 4c046dc8-48fc-4345-8a20-c2d975f67275

CVE, Research URL

4c046dc8-48fc-4345-8a20-c2d975f67275

Home page URL

Security reports for Image Compressor & Optimizer – iLoveIMG

Application

Image Compressor & Optimizer – iLoveIMG

Published on
-
Research Description
iLoveIMG [iloveimg] < 1.0.6 Image Compressor &amp; Optimizer - iLoveIMG &lt; 1.0.6 - Admin+ PHP Object Injection The plugin is vulnerable to PHP Object Injection in all versions up to 1.0.6 (exclusive) via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
max 1.0.6.
Status
vulnerable
Previous vulnerability researches
Wishlist and Compare for WooCommerce (ad09a648-3c34-4870-b156-097af4fd7a57) , Jun 16, 2026
Wishlist and Compare for WooCommerce (d16ff76f2758ae5cd2524881fb65080698c295c3) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026