Does DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images have any unpatched vulnerabilities?

No. All known vulnerabilities in DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images compatible with WordPress 6.9.4?

According to WordPress.org data, DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images 1.2.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images compatible with PHP 7.4+?

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Security & Risk Analysis

wordpress.org/plugins/dropavif-media-optimizer

The Ultimate Image Optimization Suite for WordPress. WebP & AVIF conversion, Smart Format Selection, Watermarking, and Lazy Load. Zero server load.

30 active installs v1.2.4 PHP 7.4+ WP 6.0+ Updated Jan 28, 2026

compress-imagesconvert-webpimage-optimizationoptimize-imageswebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Safe to Use in 2026?

Generally Safe

Score 100/100

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin 'dropavif-media-optimizer' v1.2.4 exhibits a generally strong security posture, with all identified entry points (AJAX handlers and REST API routes) correctly implementing authentication and permission checks. The code demonstrates good practices by utilizing prepared statements for the vast majority of its SQL queries and properly escaping a high percentage of its output. The absence of any recorded vulnerabilities in its history further reinforces this positive assessment, indicating a commitment to secure development or effective maintenance. However, the presence of the 'exec' dangerous function warrants attention, as it represents a potential avenue for command injection if not handled with extreme care and strict input validation. While taint analysis did not reveal any exploitable flows, the inherent risk associated with 'exec' remains a notable concern. Overall, the plugin is well-secured in terms of common web vulnerabilities, but the explicit use of a dangerous function requires vigilance.

Key Concerns

Use of dangerous function 'exec'

Vulnerabilities

None known

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Code Analysis

Dangerous Functions

Raw SQL Queries

76 prepared

Unescaped Output

341 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec@exec( $command, $output, $return_var );src\Converter.php:316

exec$path = @exec('which cwebp');src\Converter.php:428

exec@exec( $cmd, $output, $return_var );src\ScannerManager.php:135

SQL Query Safety

92% prepared83 total queries

Output Escaping

81% escaped420 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

handle_settings_actions (src\Admin.php:1545)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 5

authwp_ajax_dropavifmo_media_library_actionsrc\ActionsManager.php:10

authwp_ajax_dropavifmo_send_deactivation_feedbacksrc\Admin\DeactivationManager.php:16

authwp_ajax_dropavifmo_dismiss_conflict_noticesrc\Admin\NoticeManager.php:26

authwp_ajax_dropavifmo_validate_api_keysrc\Admin.php:29

authwp_ajax_dropavifmo_get_remaining_imagessrc\Admin.php:30

REST API Routes 7

GET/wp-json/media-optimizer/v1/get-imagessrc\Api.php:22

POST/wp-json/media-optimizer/v1/convert-batchsrc\Api.php:32

POST/wp-json/media-optimizer/v1/check-remote-statussrc\Api.php:42

GET/wp-json/media-optimizer/v1/stats-datasrc\Api.php:52

POST/wp-json/media-optimizer/v1/start-scansrc\Api.php:61

POST/wp-json/media-optimizer/v1/process-scan-batchsrc\Api.php:71

POST/wp-json/media-optimizer/v1/process-queuesrc\Api.php:84

WordPress Hooks 71

actionadmin_initsrc\ActionsManager.php:9

actionadd_meta_boxes_attachmentsrc\Admin\AttachmentMetaBox.php:21

actionadmin_enqueue_scriptssrc\Admin\DeactivationManager.php:14

actionadmin_footer-plugins.phpsrc\Admin\DeactivationManager.php:15

filtermanage_media_columnssrc\Admin\MediaLibraryStats.php:33

actionmanage_media_custom_columnsrc\Admin\MediaLibraryStats.php:34

actionadmin_enqueue_scriptssrc\Admin\MediaLibraryStats.php:36

filterbulk_actions-uploadsrc\Admin\MediaLibraryStats.php:38

filterhandle_bulk_actions-uploadsrc\Admin\MediaLibraryStats.php:39

actionadmin_footer-upload.phpsrc\Admin\MediaLibraryStats.php:91

actionadmin_noticessrc\Admin\NoticeManager.php:21

actionadmin_noticessrc\Admin\NoticeManager.php:22

actionadmin_noticessrc\Admin\NoticeManager.php:23

actionadmin_noticessrc\Admin\NoticeManager.php:24

actionadmin_noticessrc\Admin\NoticeManager.php:35

actionadmin_bar_menusrc\Admin\QueueIndicator.php:13

actionadmin_enqueue_scriptssrc\Admin\QueueIndicator.php:14

actionwp_enqueue_scriptssrc\Admin\QueueIndicator.php:15

actionadmin_menusrc\Admin.php:21

actionadmin_menusrc\Admin.php:22

actionadmin_initsrc\Admin.php:23

actionadmin_enqueue_scriptssrc\Admin.php:24

actionadmin_noticessrc\Admin.php:25

actionadmin_initsrc\Admin.php:28

actionrest_api_initsrc\Api.php:18

filterai1wm_exclude_content_from_exportsrc\BackupExcluder.php:14

filterupdraftplus_exclude_directorysrc\BackupExcluder.php:15

filtercron_schedulessrc\Cron.php:15

actiontemplate_redirectsrc\FrontendManager.php:54

filterupload_mimessrc\Hooks.php:14

filterwp_check_filetype_and_extsrc\Hooks.php:15

filterwp_update_attachment_metadatasrc\Hooks.php:18

filterwp_handle_upload_prefiltersrc\Hooks.php:19

actionadd_attachmentsrc\Hooks.php:20

actiondelete_attachmentsrc\Hooks.php:21

actiondropavifmo_image_convertedsrc\Hooks.php:25

actionshutdownsrc\Hooks.php:27

actionadmin_initsrc\HtaccessManager.php:17

actiondropavifmo_image_convertedsrc\Integration\CloudflareManager.php:52

actionshutdownsrc\Integration\CloudflareManager.php:54

actionadmin_initsrc\Integration\CloudflareManager.php:58

filterelementor/frontend/builder_content_datasrc\Integration\ElementorManager.php:16

actiongform_after_submissionsrc\Integration\GravityFormsManager.php:16

actionngg_added_new_imagesrc\Integration\NextGenManager.php:24

actionngg_delete_imagesrc\Integration\NextGenManager.php:25

filterngg_manage_images_columnssrc\Integration\NextGenManager.php:26

filterngg_manage_images_column_shutter_contentsrc\Integration\NextGenManager.php:27

filterwpseo_xml_sitemap_imgsrc\Integration\SitemapManager.php:48

filterrank_math/sitemap/urlimagessrc\Integration\SitemapManager.php:54

actiondropavifmo_image_convertedsrc\Integration\SitemapManager.php:57

actionshutdownsrc\Integration\SitemapManager.php:58

filterwp_sitemaps_posts_entrysrc\Integration\SitemapManager.php:62

filterwp_sitemaps_taxonomies_entrysrc\Integration\SitemapManager.php:63

filterwoocommerce_rest_prepare_product_objectsrc\Integration\WooCommerceManager.php:13

filterwoocommerce_rest_prepare_product_variation_objectsrc\Integration\WooCommerceManager.php:14

filterimage_make_intermediate_sizesrc\Integration\WpBakeryManager.php:14

actionwpml_after_duplicate_attachmentsrc\Integration\WpmlManager.php:13

actiondropavifmo_image_convertedsrc\Integration\YoastSeoManager.php:19

actionwp_enqueue_scriptssrc\LazyLoadManager.php:25

actionwp_enqueue_scriptssrc\LazyLoadManager.php:28

actiontemplate_redirectsrc\PassThruManager.php:117

actioninitsrc\Plugin.php:46

actionadmin_initsrc\Plugin.php:47

actionplugins_loadedsrc\Plugin.php:48

actionplugins_loadedsrc\Plugin.php:49

actionactivated_pluginsrc\Plugin.php:51

actiondeactivated_pluginsrc\Plugin.php:52

actionupgrader_process_completesrc\Plugin.php:54

filterwp_get_attachment_image_attributessrc\ResponsiveManager.php:18

filterwp_calculate_image_sizessrc\ResponsiveManager.php:22

actiondropavifmo_image_convertedsrc\StatsManager.php:17

Maintenance & Trust

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 28, 2026

PHP min version7.4

Downloads646

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Alternatives

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 6 CVEs

Squeeze – Image Optimization & Compression, WEBP Conversion

squeeze

Unlimited. Private. Instant. Squeeze compresses and converts your images directly in your browser — no external servers and no upload limits.

1K 3 CVEs

Developer Profile

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images Developer Profile

Dropavif

1 plugin · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dropavif-media-optimizer/assets/css/admin-media-library.css/wp-content/plugins/dropavif-media-optimizer/assets/js/admin-media-library.js/wp-content/plugins/dropavif-media-optimizer/assets/css/vendor/twentytwenty.css/wp-content/plugins/dropavif-media-optimizer/assets/js/vendor/jquery.event.move.js/wp-content/plugins/dropavif-media-optimizer/assets/js/vendor/jquery.twentytwenty.js

Script Paths

/wp-content/plugins/dropavif-media-optimizer/assets/js/admin-media-library.js/wp-content/plugins/dropavif-media-optimizer/assets/js/vendor/jquery.event.move.js/wp-content/plugins/dropavif-media-optimizer/assets/js/vendor/jquery.twentytwenty.js

Version Parameters

dropavif-media-optimizer/assets/css/admin-media-library.css?ver=dropavif-media-optimizer/assets/js/admin-media-library.js?ver=dropavif-media-optimizer/assets/css/vendor/twentytwenty.css?ver=dropavif-media-optimizer/assets/js/vendor/jquery.event.move.js?ver=dropavif-media-optimizer/assets/js/vendor/jquery.twentytwenty.js?ver=

HTML / DOM Fingerprints

CSS Classes

mo-media-col-statsmo-media-col-listmo-stat-originalmo-stat-webpmo-stat-avifmo-media-col-comparisonmo-media-col-notice

Data Attributes

data-attachment-id

JS Globals

dropavifmoMediaLibrary

FAQ