Does ImageMagick Engine have any unpatched vulnerabilities?

No. All known vulnerabilities in ImageMagick Engine have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ImageMagick Engine compatible with WordPress 6.8.5?

According to WordPress.org data, ImageMagick Engine 1.7.14 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is ImageMagick Engine updated?

ImageMagick Engine was last updated on Oct 16, 2025. Frequent updates are generally a positive security signal.

What is ImageMagick Engine's security score?

ImageMagick Engine has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ImageMagick Engine Security & Risk Analysis

wordpress.org/plugins/imagemagick-engine

Improve the quality of re-sized images by replacing standard GD library with ImageMagick.

60K active installs v1.7.14 PHP + WP 5.0+ Updated Oct 16, 2025

gdimageimagemagickpictureregenerate

A · Safe

CVEs total3

Unpatched0

Last CVESep 20, 2024

Plugin page Download

Safety Verdict

Is ImageMagick Engine Safe to Use in 2026?

Generally Safe

Score 96/100

ImageMagick Engine has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 20, 2024Updated 5mo ago

Risk Assessment

The imagick-engine plugin v1.7.14 exhibits a mixed security posture. While it demonstrates good practices with no unprotected entry points (AJAX, REST API, shortcodes, cron) and a solid number of nonce and capability checks, significant concerns arise from the static analysis. The presence of two dangerous `exec` functions, especially without evidence of taint analysis being performed on them, is a major red flag. Coupled with only 27% of outputs being properly escaped and file operations present, this creates potential avenues for attackers if the inputs to these functions are not rigorously sanitized. The plugin's vulnerability history is a critical issue, with 3 known high-severity CVEs, all of which are surprisingly reported as currently unpatched, although the data contradicts this slightly. The common vulnerability types (OS Command Injection, Deserialization, CSRF) are particularly worrying as they often stem from improper handling of user input, which aligns with the static analysis findings regarding `exec` and output escaping. This plugin requires immediate attention to address its historical vulnerabilities and mitigate risks associated with its code signals.

Key Concerns

3 known high severity unpatched CVEs
2 dangerous functions (exec)
Only 27% of outputs properly escaped
File operations present

Vulnerabilities

ImageMagick Engine Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

3 total CVEs

CVE-2024-6486high · 7.2Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ImageMagick Engine <= 1.7.10 - Authenticated (Administrator+) Remote Code Execution

Sep 20, 2024 Patched in 1.7.11 (253d)

CVE-2022-3568high · 8.8Deserialization of Untrusted Data

ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization

Feb 9, 2023 Patched in 1.7.6 (348d)

CVE-2022-2441high · 8.8Cross-Site Request Forgery (CSRF)

ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution

Oct 17, 2022 Patched in 1.7.6 (463d)

Code Analysis

Analyzed Mar 16, 2026

ImageMagick Engine Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec@exec( '"' . $fullpath . '" --version', $output );imagemagick-engine.php:539

execexec( $cmd );imagemagick-engine.php:654

SQL Query Safety

50% prepared2 total queries

Output Escaping

27% escaped26 total outputs

Attack Surface

ImageMagick Engine Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_ime_test_im_pathimagemagick-engine.php:98

authwp_ajax_ime_process_imageimagemagick-engine.php:99

authwp_ajax_ime_regeneration_get_imagesimagemagick-engine.php:100

WordPress Hooks 8

actionplugins_loadedimagemagick-engine.php:79

actioninitimagemagick-engine.php:80

filterintermediate_image_sizes_advancedimagemagick-engine.php:85

filterwp_read_image_metadataimagemagick-engine.php:86

filterwp_generate_attachment_metadataimagemagick-engine.php:87

actionadmin_menuimagemagick-engine.php:94

filterplugin_action_linksimagemagick-engine.php:95

filtermedia_metaimagemagick-engine.php:96

Maintenance & Trust

ImageMagick Engine Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 16, 2025

PHP min version

Downloads1.3M

Community Trust

Rating88/100

Number of ratings16

Active installs60K

Alternatives

ImageMagick Engine Alternatives

Remove exif and metadata

remove-exif-and-metadata

Automatically remove exif and metadata data after uploading. Just moment supported format: JPG and PNG. Using ImageMagick

200 No CVEs

atec WebP

atec-webp

100

Auto convert all BMP, GIF, PNG & JPEG images into the much better WebP format. Supports the GD & ImageMagick libraries.

50 No CVEs

Easy Watermark

easy-watermark

Allows to add watermark to images automatically on upload or manually.

40K 1 CVE

FancyBox for WordPress

fancybox-for-wordpress

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs

ThumbPress – Image Management Suite for Performance and Optimization

image-sizes

100

Disable Thumbnails, Regenerate Thumbnails, Compress Images, Convert to WebP, Find Unused and Large Images, Edit Images, and more with ThumbPress.

30K No CVEs

Developer Profile

ImageMagick Engine Developer Profile

Rickard Westerlind

1 plugin · 60K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

355 days

View full developer profile

Detection Fingerprints

How We Detect ImageMagick Engine

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imagemagick-engine/css/ime-admin.css/wp-content/plugins/imagemagick-engine/js/ime-admin.js

Script Paths

https://cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js

Version Parameters

imagemagick-engine/css/ime-admin.css?ver=imagemagick-engine/js/ime-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ime-admin-pageime-wrapime-modalime-modal-contentime-modal-headerime-modal-bodyime-modal-footerime-btn-primary+8 more

HTML Comments

Data Attributes

x-datax-showx-initdata-ime-modal-targetdata-ime-modal-closedata-ime-modal-toggle+1 more

JS Globals

ime_admin_ajax_object

FAQ