Does HEIC Support have any unpatched vulnerabilities?

No. All known vulnerabilities in HEIC Support have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HEIC Support compatible with WordPress 6.8.5?

According to WordPress.org data, HEIC Support 2.1.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is HEIC Support updated?

HEIC Support was last updated on Oct 22, 2025. Frequent updates are generally a positive security signal.

What is HEIC Support's security score?

HEIC Support has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HEIC Support Security & Risk Analysis

wordpress.org/plugins/heic-support

Allows .heic uploads to the Media Library. Creates .webp or .jpg copies of .heic images when they are uploaded.

4K active installs v2.1.4 PHP + WP 5.9+ Updated Oct 22, 2025

heiciphonewebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HEIC Support Safe to Use in 2026?

Generally Safe

Score 100/100

HEIC Support has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "heic-support" plugin version 2.1.4 exhibits a strong security posture based on the provided static analysis. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events signifies a very small attack surface. Furthermore, the code demonstrates good development practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its outputs. The lack of file operations and external HTTP requests also reduces potential vectors for compromise. The plugin's vulnerability history is clean, with no recorded CVEs, indicating a history of secure development or effective patching. However, the total absence of nonce checks and capability checks, while not immediately presenting a risk given the current attack surface, could become a concern if the plugin's functionality were to expand or if new entry points were introduced without proper security controls.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

HEIC Support Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

HEIC Support Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped7 total outputs

Attack Surface

HEIC Support Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

filterupload_mimesheic-support.php:49

actionadd_attachmentheic-support.php:52

filterwp_handle_upload_prefilterheic-support.php:55

filterwp_generate_attachment_metadataheic-support.php:58

actionadmin_initheic-support.php:61

actionadmin_initheic-support.php:64

filterplugin_action_links_heic-support/heic-support.phpheic-support.php:67

Maintenance & Trust

HEIC Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 22, 2025

PHP min version

Downloads23K

Community Trust

Rating100/100

Number of ratings3

Active installs4K

Alternatives

HEIC Support Alternatives

EWWW Image Optimizer

ewww-image-optimizer

Comprehensive image optimization that doesn't require a rocket science degree. Optimize images automatically for Faster Sites and Happy Visitors.

1.0M 6 CVEs

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs

Developer Profile

HEIC Support Developer Profile

Corey Salzano

11 plugins · 7K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect HEIC Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/heic-support/build/index.css/wp-content/plugins/heic-support/build/index.js

Script Paths

/wp-content/plugins/heic-support/build/index.js

Version Parameters

heic-support/build/index.css?ver=heic-support/build/index.js?ver=

HTML / DOM Fingerprints

Data Attributes

name="heic_support_format"id="heic_support_webp"id="heic_support_jpeg"name="heic_support_replace"id="heic_support_replace"

FAQ