ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Security & Risk Analysis
wordpress.org/plugins/image-cdnAutomatically optimize and serve WEBP, AVIF and JPEGXL with ImageEngine, the global Image CDN. 60 sec setup.
Is ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Safe to Use in 2026?
Generally Safe
Score 100/100ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "image-cdn" plugin v1.2.7 exhibits a mixed security posture. While it demonstrates good practices such as 100% use of prepared statements for SQL queries and a significant percentage of properly escaped output, there are notable areas of concern. The presence of two AJAX handlers without authentication checks presents a direct attack surface that could be exploited by unauthenticated users. This is further compounded by the lack of nonce checks on these unprotected entry points, making them susceptible to Cross-Site Request Forgery (CSRF) attacks. Fortunately, the taint analysis revealed no critical or high-severity unsanitized flows, and the plugin has no recorded vulnerabilities in its history, indicating a lack of past exploitable issues. However, the unprotected AJAX endpoints are a significant weakness that warrants immediate attention and mitigation.
Key Concerns
- Unprotected AJAX handlers
- Missing nonce checks on AJAX
- Bundled outdated Guzzle library
- Unescaped output present
ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Security Vulnerabilities
ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Code Analysis
Bundled Libraries
Output Escaping
Data Flow Analysis
ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Attack Surface
AJAX Handlers 2
WordPress Hooks 21
Maintenance & Trust
ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Maintenance & Trust
Maintenance Signals
Community Trust
ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Alternatives
Modern Images WP
modern-images-wp
Modern images for WordPress.
Image Optimizer – Optimize Images and Convert to WebP or AVIF
image-optimization
Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF
imagify
Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!
Modern Image Formats
webp-uploads
Converts images to more modern formats such as WebP or AVIF during upload.
Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF
wp-retina-2x
Optimize image sizes, regenerate thumbnails, enable retina, convert to WebP/AVIF, or use cloud optimization. An essential image toolkit.
ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin Developer Profile
1 plugin · 90 total installs
How We Detect ImageEngine – Optimize the Images on Your WordPress Site Like No Other Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/image-cdn/imageengine/assets/css/image-cdn-admin.css/wp-content/plugins/image-cdn/imageengine/assets/js/image-cdn-admin.js/wp-content/plugins/image-cdn/imageengine/assets/js/image-cdn-admin.js/wp-content/plugins/image-cdn/imageengine/assets/css/image-cdn-admin.css?ver=/wp-content/plugins/image-cdn/imageengine/assets/js/image-cdn-admin.js?ver=HTML / DOM Fingerprints
image-cdn-admin-formimage-cdn-admin-wrapdata-image-cdn-urlImageCDNAdminimage_cdn_admin_params/wp-json/image-cdn/v1/settings