Does Henkan – WebP & AVIF Converter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Henkan – WebP & AVIF Converter compatible with WordPress 6.9.4?

According to WordPress.org data, Henkan – WebP & AVIF Converter 2.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Henkan – WebP & AVIF Converter compatible with PHP 7.4+?

Henkan – WebP & AVIF Converter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Henkan – WebP & AVIF Converter updated?

Henkan – WebP & AVIF Converter was last updated on Mar 23, 2026. Frequent updates are generally a positive security signal.

What is Henkan – WebP & AVIF Converter's security score?

Henkan – WebP & AVIF Converter has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Henkan – WebP & AVIF Converter Security & Risk Analysis

wordpress.org/plugins/henkan-webp-avif-converter

Henkan is a high-performance plugin that automatically converts your media library images to next-generation formats like WebP and AVIF.

0 active installs v2.1.1 PHP 7.4+ WP 6.0+ Updated Mar 23, 2026

avifconverterimage-optimizationpagespeedwebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Henkan – WebP & AVIF Converter Safe to Use in 2026?

Generally Safe

Score 100/100

Henkan – WebP & AVIF Converter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "henkan-webp-avif-converter" v2.1.1 plugin demonstrates a generally strong security posture with robust use of prepared statements for SQL queries and proper output escaping, indicating good development practices in these critical areas. The absence of any recorded vulnerabilities (CVEs) in its history further supports this positive outlook, suggesting a stable and well-maintained codebase. However, the presence of 10 instances of the `exec` function, while not directly flagged as a vulnerability in static or taint analysis, represents a potential area of concern. The `exec` function can be dangerous if user-supplied data is not strictly sanitized before being passed to it, potentially leading to command injection vulnerabilities. The plugin's limited attack surface, consisting of 3 AJAX handlers, and the fact that all entry points appear to have authorization checks, are positive indicators. Despite the promising absence of known vulnerabilities and good implementation of core security features, the reliance on `exec` warrants careful monitoring and review of its usage to ensure it's not a hidden risk.

Key Concerns

Use of dangerous function 'exec'

Vulnerabilities

None known

Henkan – WebP & AVIF Converter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Henkan – WebP & AVIF Converter Release Timeline

v2.1.1Current

v2.1.0

v2.0.4

v2.0.3

Code Analysis

Analyzed Apr 16, 2026

Henkan – WebP & AVIF Converter Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

106 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec@exec( 'cwebp -version', $o, $rv );includes/process.php:150

exec@exec( $cmd, $out, $ret );includes/process.php:153

exec@exec( 'avifenc --version', $o, $rv );includes/process.php:190

exec@exec( $cmd, $out, $ret );includes/process.php:194

exec@exec( 'magick -version', $o2, $rv2 );includes/process.php:201

exec@exec( $cmd, $out2, $ret2 );includes/process.php:204

exec@exec( 'cjxl --version', $o, $rv );includes/process.php:241

exec@exec( $cmd, $out, $ret );includes/process.php:244

exec@exec( 'magick -version', $o2, $rv2 );includes/process.php:251

exec@exec( $cmd, $out2, $ret2 );includes/process.php:254

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped106 total outputs

Attack Surface

Henkan – WebP & AVIF Converter Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_henkan_scanincludes/ajax.php:4

authwp_ajax_henkan_convertincludes/ajax.php:5

authwp_ajax_henkan_clear_cacheincludes/ajax.php:6

WordPress Hooks 15

actionplugins_loadedhenkan-webp-avif-converter.php:57

actionadmin_enqueue_scriptshenkan-webp-avif-converter.php:80

filterupload_mimeshenkan-webp-avif-converter.php:114

filterext2typehenkan-webp-avif-converter.php:122

filterwp_check_filetype_and_exthenkan-webp-avif-converter.php:130

filterwp_prepare_attachment_for_jshenkan-webp-avif-converter.php:144

actionadmin_menuincludes/admin.php:4

actionadmin_initincludes/admin.php:14

filtermanage_media_columnsincludes/admin.php:26

actionmanage_media_custom_columnincludes/admin.php:32

actionwp_dashboard_setupincludes/admin.php:57

actionadmin_bar_menuincludes/admin.php:76

filterthe_contentincludes/frontend.php:4

filterwp_generate_attachment_metadataincludes/process.php:4

actiondelete_postincludes/process.php:332

Maintenance & Trust

Henkan – WebP & AVIF Converter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 23, 2026

PHP min version7.4

Downloads181

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Henkan – WebP & AVIF Converter Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.

1.0M No CVEs

Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

robin-image-optimizer

Unlimited automatic image optimization for WordPress. Compress images, convert to WebP, and improve site speed without losing image quality.

100K 2 CVEs

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

shortpixel-adaptive-images

Start serving properly sized, smart cropped & optimized images, plus CSS, JS and fonts from our CDN with a click; Automatic AVIF & WebP support.

10K 8 CVEs

Upload Converter for WebP

upload-converter-webp

100

Convert JPG, JPEG, and PNG images to WebP automatically or manually with bulk actions and Media Library buttons.

300 No CVEs

Developer Profile

Henkan – WebP & AVIF Converter Developer Profile

saguya

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Henkan – WebP & AVIF Converter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/henkan-webp-avif-converter/admin-style.css/wp-content/plugins/henkan-webp-avif-converter/admin-script.js

Script Paths

/wp-content/plugins/henkan-webp-avif-converter/admin-script.js

Version Parameters

henkan-webp-avif-converter/admin-style.css?ver=2.1.1henkan-webp-avif-converter/admin-script.js?ver=2.1.1

HTML / DOM Fingerprints

JS Globals

henkan_ajaxhenkan_ajax.ajax_urlhenkan_ajax.nonce_scanhenkan_ajax.nonce_converthenkan_ajax.batch_sizehenkan_ajax.i18n+6 more

FAQ