Does Erdo Image Optimizer – Image SEO, Audit & Speed have any unpatched vulnerabilities?

No. All known vulnerabilities in Erdo Image Optimizer – Image SEO, Audit & Speed have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Erdo Image Optimizer – Image SEO, Audit & Speed compatible with WordPress 6.9.4?

According to WordPress.org data, Erdo Image Optimizer – Image SEO, Audit & Speed 1.8.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Erdo Image Optimizer – Image SEO, Audit & Speed updated?

Erdo Image Optimizer – Image SEO, Audit & Speed was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is Erdo Image Optimizer – Image SEO, Audit & Speed's security score?

Erdo Image Optimizer – Image SEO, Audit & Speed has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Erdo Image Optimizer – Image SEO, Audit & Speed Security & Risk Analysis

wordpress.org/plugins/erdo-image-optimizer

Next-Gen WebP/AVIF Converter, Image SEO & Auditor. Professional Image Management for your WordPress Media Library.

10 active installs v1.8.5 PHP + WP 5.8+ Updated Feb 6, 2026

avifimage-seoimagesoptimize-imageswebp-converter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Erdo Image Optimizer – Image SEO, Audit & Speed Safe to Use in 2026?

Generally Safe

Score 100/100

Erdo Image Optimizer – Image SEO, Audit & Speed has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The erdo-image-optimizer plugin v1.8.5 exhibits a generally strong security posture based on the provided static analysis. A notable strength is the complete absence of unsanitized paths in taint analysis, indicating that user-supplied input is not being directly used in potentially dangerous operations without proper cleaning. The plugin also demonstrates good practices by ensuring all identified AJAX entry points have nonce checks and that all output is properly escaped, which significantly mitigates risks of cross-site scripting (XSS) and other injection vulnerabilities.

However, a significant concern arises from the complete lack of capability checks on its 14 AJAX handlers. While nonce checks are present, they primarily protect against cross-site request forgery (CSRF) attacks by ensuring the request originated from a legitimate WordPress session. They do not, however, verify if the logged-in user has the necessary permissions to perform the action. This means any authenticated user, regardless of their role, could potentially trigger these actions, leading to unintended consequences or unauthorized operations within the plugin's functionality.

Furthermore, the presence of 18 SQL queries, with 22% not using prepared statements, introduces a potential risk of SQL injection. While the majority are protected, any unparameterized query is a vulnerability. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. This suggests the developers have historically maintained good security. Despite the absence of critical vulnerabilities in the static analysis and a clean history, the lack of capability checks on AJAX handlers and the presence of raw SQL queries without prepared statements are notable weaknesses that warrant attention.

Key Concerns

AJAX handlers lack capability checks
SQL queries without prepared statements (4 queries)

Vulnerabilities

None known

Erdo Image Optimizer – Image SEO, Audit & Speed Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Erdo Image Optimizer – Image SEO, Audit & Speed Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

82 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared18 total queries

Output Escaping

100% escaped82 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

ajax_get_detail (includes\class-admin-page.php:365)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Erdo Image Optimizer – Image SEO, Audit & Speed Attack Surface

Entry Points14

Unprotected0

AJAX Handlers 14

authwp_ajax_erdo_get_detailincludes\class-admin-page.php:12

authwp_ajax_erdo_save_dataincludes\class-admin-page.php:13

authwp_ajax_erdo_convert_webpincludes\class-admin-page.php:14

authwp_ajax_erdo_refresh_allincludes\class-admin-page.php:15

authwp_ajax_erdo_delete_imageincludes\class-admin-page.php:16

authwp_ajax_erdo_get_bulk_listincludes\class-admin-page.php:17

authwp_ajax_erdo_bulk_stepincludes\class-admin-page.php:18

authwp_ajax_erdo_get_unused_listincludes\class-admin-page.php:19

authwp_ajax_erdo_get_settingsincludes\class-admin-page.php:20

authwp_ajax_erdo_save_settingsincludes\class-admin-page.php:21

authwp_ajax_erdo_manual_resizeincludes\class-admin-page.php:22

authwp_ajax_erdo_load_imagesincludes\class-admin-page.php:23

authwp_ajax_erdo_get_statsincludes\class-admin-page.php:24

authwp_ajax_erdo_scan_thumbnailsincludes\class-admin-page.php:25

WordPress Hooks 8

actionplugins_loadederdo-image-optimizer.php:22

actionedit_attachmenterdo-image-optimizer.php:29

actionadd_attachmenterdo-image-optimizer.php:30

filtersanitize_file_nameerdo-image-optimizer.php:44

filterwp_generate_attachment_metadataerdo-image-optimizer.php:91

actionadmin_menuincludes\class-admin-page.php:8

actionadmin_enqueue_scriptsincludes\class-admin-page.php:9

filterplugin_action_links_erdo-image-optimizer/erdo-image-optimizer.phpincludes\class-admin-page.php:28

Maintenance & Trust

Erdo Image Optimizer – Image SEO, Audit & Speed Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 6, 2026

PHP min version

Downloads136

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Erdo Image Optimizer – Image SEO, Audit & Speed Alternatives

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

SEO Image Toolbox

seo-image-alt-tags

THIS WILL SAVE YOU HOURS. Alt tags are dynamically generated and saved to the database automatically any time an image is uploaded, and improves your …

1K No CVEs

Image Optimizer PRO – Optimize Images, Convert AVIF & WebP

image-optimizer-pro

100

Optimize and serve your images in AVIF or webp format on-the-fly, boosting site performance and decreasing load times with our network distribution.

100 No CVEs

Image Ninja – Convert Images to WebP & AVIF on Upload

image-ninja

100

Automatically convert JPEG and PNG images to WebP and AVIF formats during upload to optimize your WordPress site’s performance.

40 No CVEs

SEO Auto Image Tags

seo-auto-image-tags

Auto generate clean ALT tags for your images as they are uploaded. Removes hyphens, periods and other characters to generate clean alt tag names.

40 No CVEs

Developer Profile

Erdo Image Optimizer – Image SEO, Audit & Speed Developer Profile

erdincbulat

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Erdo Image Optimizer – Image SEO, Audit & Speed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/erdo-image-optimizer/assets/css/admin.css/wp-content/plugins/erdo-image-optimizer/assets/js/admin.js

Script Paths

/wp-content/plugins/erdo-image-optimizer/assets/js/admin.js

Version Parameters

erdo-image-optimizer/assets/css/admin.css?ver=erdo-image-optimizer/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

erdo-wrappererdo-stats-containererdo-stat-cardstat-infostat-valuestat-suberdo-chart-ringstat-icon

Data Attributes

data-iddata-format

JS Globals

erdo_vars

REST Endpoints

/wp-json/erdo-image-optimizer/v1/get_detail/wp-json/erdo-image-optimizer/v1/save_data/wp-json/erdo-image-optimizer/v1/convert_webp/wp-json/erdo-image-optimizer/v1/refresh_all/wp-json/erdo-image-optimizer/v1/delete_image/wp-json/erdo-image-optimizer/v1/get_bulk_list/wp-json/erdo-image-optimizer/v1/bulk_step/wp-json/erdo-image-optimizer/v1/get_unused_list/wp-json/erdo-image-optimizer/v1/get_settings/wp-json/erdo-image-optimizer/v1/save_settings/wp-json/erdo-image-optimizer/v1/manual_resize/wp-json/erdo-image-optimizer/v1/load_images/wp-json/erdo-image-optimizer/v1/get_stats/wp-json/erdo-image-optimizer/v1/scan_thumbnails

FAQ