WP-Safety

Image Compressor & Optimizer – iLoveIMG Security & Risk Analysis

wordpress.org/plugins/iloveimg

Optimize your website images and improve your page load speed. Reduce the size of your photos and gain maximum compression while keeping sharp images.

100 active installs v2.2.13 PHP 7.4+ WP 5.3+ Updated Aug 27, 2025
compressimageimage-optimizeroptimizeperformance
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 13, 2023
Plugin page Download
Safety Verdict

Is Image Compressor & Optimizer – iLoveIMG Safe to Use in 2026?

Generally Safe

Score 99/100

Image Compressor & Optimizer – iLoveIMG has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 13, 2023Updated 7mo ago
Risk Assessment

The iloveimg plugin version 2.2.13 exhibits a mixed security posture. While it has a relatively small attack surface with only 5 entry points, two of these AJAX handlers lack authentication checks, presenting a direct vulnerability to unauthorized actions. The presence of dangerous functions like `unserialize` is concerning, especially when combined with the taint analysis revealing 5 flows with unsanitized paths and 4 of high severity. This strongly suggests potential for deserialization vulnerabilities if untrusted data can reach these flows.

The plugin's vulnerability history, marked by a single high-severity CVE related to deserialization, reinforces these concerns. The fact that this CVE is now patched is a positive sign, but the recurring pattern of deserialization issues and the current taint analysis findings indicate that this remains a critical area of weakness. Although the plugin shows strengths in areas like a reasonable number of nonces and capability checks (though only one is present), and a majority of outputs are escaped, the identified vulnerabilities in authentication, sanitization, and historical patterns warrant significant caution.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function 'unserialize' used
  • SQL queries not using prepared statements
  • High severity taint flows
  • Flows with unsanitized paths
  • Bundled library Guzzle
  • Low number of capability checks
Vulnerabilities
1

Image Compressor & Optimizer – iLoveIMG Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-501e9cd1-1187-4d01-a3cc-5edba64c391f-iloveimghigh · 7.2Deserialization of Untrusted Data

Image Compressor & Optimizer - iLoveIMG <= 1.0.5 - Authenticated (Administrator+) PHP Object Injection

Nov 13, 2023 Patched in 1.0.6 (71d)
Code Analysis
Analyzed Mar 16, 2026

Image Compressor & Optimizer – iLoveIMG Code Analysis

Dangerous Functions
1
Raw SQL Queries
5
0 prepared
Unescaped Output
40
109 escaped
Nonce Checks
4
Capability Checks
1
File Operations
5
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$old_data_serialize = unserialize( get_option( 'iloveimg_options_compress' ) ); // phpcs:ignore Wordilove-img-compress.php:135

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared5 total queries

Output Escaping

73% escaped149 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
async_compress (admin\Ilove_Img_Compress_Plugin.php:292)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Image Compressor & Optimizer – iLoveIMG Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 5

authwp_ajax_ilove_img_compress_libraryadmin\Ilove_Img_Compress_Plugin.php:88
authwp_ajax_ilove_img_compress_library_is_compressedadmin\Ilove_Img_Compress_Plugin.php:89
authwp_ajax_ilove_img_compress_restore_alladmin\Ilove_Img_Compress_Plugin.php:90
authwp_ajax_ilove_img_compress_clear_backupadmin\Ilove_Img_Compress_Plugin.php:91
authwp_ajax_ilove_img_compress_restoreadmin\Ilove_Img_Compress_Plugin.php:92
WordPress Hooks 15
actionadmin_initadmin\Ilove_Img_Compress_Plugin.php:61
actionadmin_enqueue_scriptsadmin\Ilove_Img_Compress_Plugin.php:78
filtermanage_media_columnsadmin\Ilove_Img_Compress_Plugin.php:81
filtermanage_media_custom_columnadmin\Ilove_Img_Compress_Plugin.php:82
filterbulk_actions-uploadadmin\Ilove_Img_Compress_Plugin.php:83
filterhandle_bulk_actions-uploadadmin\Ilove_Img_Compress_Plugin.php:84
filterquery_varsadmin\Ilove_Img_Compress_Plugin.php:85
filterwp_generate_attachment_metadataadmin\Ilove_Img_Compress_Plugin.php:95
filterdelete_attachmentadmin\Ilove_Img_Compress_Plugin.php:96
actionattachment_submitbox_misc_actionsadmin\Ilove_Img_Compress_Plugin.php:99
actionadmin_noticesadmin\Ilove_Img_Compress_Plugin.php:102
actioniloveimg_watermarked_completedadmin\Ilove_Img_Compress_Plugin.php:105
actionadmin_post_update_compressadmin\Ilove_Img_Compress_Serializer.php:17
actionadmin_menuadmin\Ilove_Img_Compress_Submenu.php:34
actionplugins_loadedilove-img-compress.php:52
Maintenance & Trust

Image Compressor & Optimizer – iLoveIMG Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 27, 2025
PHP min version7.4
Downloads25K

Community Trust

Rating64/100
Number of ratings5
Active installs100
Alternatives

Image Compressor & Optimizer – iLoveIMG Alternatives

Kraken.io Image Optimizer

Kraken.io Image Optimizer

kraken-image-optimizer

B
77

This plugin allows you to optimize your WordPress images through the Kraken.io API, the world's most advanced image optimization and resizing API.

10K 1 unpatched
Cloudinary – Deliver Images and Videos at Scale

Cloudinary – Deliver Images and Videos at Scale

cloudinary-image-management-and-manipulation-in-the-cloud-cdn

B
78

Boost the performance of your WordPress site by optimizing your images and videos with the Cloudinary WordPress Plugin. WordPress developers, content &hellip;

5K 1 unpatched
WP Compress for MainWP

WP Compress for MainWP

wp-compress-mainwp

B
74

Install, activate and connect WP Compress across all of your MainWP Child Sites.

800 1 unpatched
Image Optimizer PRO – Optimize Images, Convert AVIF & WebP

Image Optimizer PRO – Optimize Images, Convert AVIF & WebP

image-optimizer-pro

A
100

Optimize and serve your images in AVIF or webp format on-the-fly, boosting site performance and decreasing load times with our network distribution.

100 No CVEs
Zara 4 Image Compression

Zara 4 Image Compression

zara-4

C
63

Compress your images by up to 90% and make your website load faster. Improve your SEO. Reduce your bandwidth.

100 1 unpatched
Developer Profile

Image Compressor & Optimizer – iLoveIMG Developer Profile

iLovePDF

3 plugins · 710 total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
71 days
View full developer profile
Detection Fingerprints

How We Detect Image Compressor & Optimizer – iLoveIMG

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/iloveimg/dist/main.css/wp-content/plugins/iloveimg/dist/main.js/wp-content/plugins/iloveimg/dist/vendors.js
Script Paths
/wp-content/plugins/iloveimg/dist/main.js/wp-content/plugins/iloveimg/dist/vendors.js
Version Parameters
iloveimg/dist/main.css?ver=iloveimg/dist/main.js?ver=iloveimg/dist/vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes
iloveimg-containeriloveimg-modaliloveimg-btniloveimg-loader
Data Attributes
data-iloveimg-compress-options
JS Globals
iloveimg_compress_settingsiloveimg_compress_obj
REST Endpoints
/wp-json/iloveimg-compress/v1/settings/wp-json/iloveimg-compress/v1/bulk-optimize
FAQ

Frequently Asked Questions about Image Compressor & Optimizer – iLoveIMG