WP-Safety

Image Optimizer – Optimize Images and Convert to WebP or AVIF Security & Risk Analysis

wordpress.org/plugins/image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M active installs v1.7.3 PHP 7.4+ WP 6.6+ Updated Feb 17, 2026
convert-avifconvert-webpimage-compressionimage-optimizationperformance
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 20, 2026
Plugin page Download
Safety Verdict

Is Image Optimizer – Optimize Images and Convert to WebP or AVIF Safe to Use in 2026?

Generally Safe

Score 99/100

Image Optimizer – Optimize Images and Convert to WebP or AVIF has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 20, 2026Updated 1mo ago
Risk Assessment

The "image-optimization" plugin v1.7.3 exhibits a generally strong security posture based on the static analysis. The absence of any detected dangerous functions, raw SQL queries, or unescaped output are excellent indicators of good coding practices. Furthermore, the presence of numerous nonce and capability checks across its entry points suggests a solid effort to protect against common WordPress vulnerabilities. The taint analysis revealing zero flows with unsanitized paths is also a very positive sign, indicating that user-provided data is likely being handled securely.

However, the plugin's vulnerability history presents a notable concern. The presence of one known medium-severity CVE, even though currently patched, indicates that past vulnerabilities have existed. The identified "Missing Authorization" as a common vulnerability type in the past warrants continued vigilance. While the current version appears to be clean, this history suggests a pattern that requires attention, particularly if the plugin is not consistently updated or if future updates introduce regressions.

In conclusion, the current version of "image-optimization" v1.7.3 appears to be secure based on the provided static analysis. The developers have implemented several key security best practices. The primary weakness lies in the plugin's past vulnerability history, specifically concerning missing authorization. This historical context, coupled with the existence of a past medium-severity CVE, necessitates ongoing monitoring and prompt patching of any future vulnerabilities discovered.

Key Concerns

  • Past medium severity CVE exists
Vulnerabilities
1

Image Optimizer – Optimize Images and Convert to WebP or AVIF Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-25387medium · 4.3Missing Authorization

Image Optimizer by Elementor <= 1.7.1 - Missing Authorization

Feb 20, 2026 Patched in 1.7.2 (5d)
Code Analysis
Analyzed Mar 16, 2026

Image Optimizer – Optimize Images and Convert to WebP or AVIF Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
1
295 escaped
Nonce Checks
6
Capability Checks
5
File Operations
2
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped296 total outputs
Attack Surface

Image Optimizer – Optimize Images and Convert to WebP or AVIF Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_image_optimizer_pointer_dismissedmodules\core\components\pointers.php:49
authwp_ajax_image_optimization_deactivation_feedbackmodules\deactivation\module.php:271
WordPress Hooks 71
actionrest_api_initclasses\rest\route.php:55
actionrest_api_initclasses\route.php:52
actionplugins_loadedimage-optimization.php:57
actionadmin_noticesimage-optimization.php:209
actionplugins_loadedincludes\modules-manager.php:50
actiondelete_attachmentmodules\backups\components\handle-backups-removing.php:28
filterelementor_one/image_optimizer_connect_authorize_urlmodules\connect\module.php:64
actionplugins_loadedmodules\connect-manager\module.php:53
actionadmin_noticesmodules\core\components\conflicts.php:82
actioncurrent_screenmodules\core\components\not-connected-modal.php:92
actionadmin_noticesmodules\core\components\not-connected-modal.php:104
actioncurrent_screenmodules\core\components\not-connected.php:101
filterparent_filemodules\core\components\not-connected.php:113
actionadmin_noticesmodules\core\components\not-connected.php:123
actioncurrent_screenmodules\core\components\renewal-notice.php:118
filterparent_filemodules\core\components\renewal-notice.php:132
actionadmin_noticesmodules\core\components\renewal-notice.php:142
actioncurrent_screenmodules\core\components\user-feedback.php:246
actionadmin_noticesmodules\core\components\user-feedback.php:252
actionadmin_noticesmodules\core\components\user-feedback.php:256
filteradmin_footer_textmodules\core\components\user-feedback.php:260
actionaction_scheduler_initmodules\core\module.php:437
actionadmin_enqueue_scriptsmodules\core\module.php:439
filterplugin_action_linksmodules\core\module.php:440
actioncurrent_screenmodules\core\module.php:442
actionadmin_noticesmodules\core\module.php:448
actionadmin_noticesmodules\core\module.php:449
actionadmin_noticesmodules\core\module.php:452
actionall_admin_noticesmodules\core\module.php:456
actionin_admin_headermodules\core\module.php:462
actionadmin_enqueue_scriptsmodules\core\module.php:467
actionadmin_enqueue_scriptsmodules\core\module.php:472
actionadmin_enqueue_scriptsmodules\deactivation\module.php:269
actionadmin_footermodules\deactivation\module.php:270
actionin_admin_headermodules\oauth\components\connect-pointer.php:67
actionload-elementor_page_elementor-connectmodules\oauth\components\connect.php:376
action_admin_menumodules\oauth\components\connect.php:378
actionaction_scheduler_initmodules\optimization\components\actions-cleanup.php:150
filterbulk_actions-uploadmodules\optimization\components\admin-bulk-actions.php:33
filterhandle_bulk_actions-uploadmodules\optimization\components\admin-bulk-actions.php:34
filterrestrict_manage_postsmodules\optimization\components\admin-filter.php:113
filterparse_querymodules\optimization\components\admin-filter.php:114
filterupload_mimesmodules\optimization\components\avif-compatibility.php:75
filtermime_typesmodules\optimization\components\avif-compatibility.php:76
filtergetimagesize_mimes_to_extsmodules\optimization\components\avif-compatibility.php:77
filterfile_is_displayable_imagemodules\optimization\components\avif-compatibility.php:78
filterwp_generate_attachment_metadatamodules\optimization\components\avif-compatibility.php:80
actionaction_scheduler_failed_actionmodules\optimization\components\bulk-operation-recovery.php:88
actioncurrent_screenmodules\optimization\components\bulk-optimization.php:300
filteradmin_footer_textmodules\optimization\components\bulk-optimization.php:302
actionin_admin_headermodules\optimization\components\list-view-pointer.php:78
filtermanage_upload_columnsmodules\optimization\components\media-control.php:299
actionmanage_media_custom_columnmodules\optimization\components\media-control.php:300
actionadd_meta_boxes_attachmentmodules\optimization\components\media-control.php:302
filterattachment_fields_to_editmodules\optimization\components\media-control.php:303
actionaction_scheduler_failed_actionmodules\optimization\components\retry.php:119
actionwp_generate_attachment_metadatamodules\optimization\components\upload-optimization.php:116
actionadmin_enqueue_scriptsmodules\optimization\module.php:111
actionelementor/editor/after_enqueue_scriptsmodules\optimization\module.php:112
actionadmin_enqueue_scriptsmodules\reviews\module.php:233
actionadmin_initmodules\reviews\module.php:234
actionrest_api_initmodules\reviews\module.php:235
actionall_admin_noticesmodules\reviews\module.php:236
filterplugin_row_metamodules\reviews\module.php:237
actionin_admin_headermodules\settings\components\settings-pointer.php:109
actionadmin_initmodules\settings\module.php:215
actionrest_api_initmodules\settings\module.php:216
actionadmin_initmodules\settings\module.php:217
actionadmin_menumodules\settings\module.php:218
actionrest_pre_update_settingmodules\settings\module.php:219
actionelementor_one/switched_domainmodules\settings\module.php:229
Maintenance & Trust

Image Optimizer – Optimize Images and Convert to WebP or AVIF Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.4
Downloads13.1M

Community Trust

Rating32/100
Number of ratings72
Active installs1.0M
Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF Alternatives

Pressidium Performance

Pressidium Performance

pressidium-performance

A
100

Speed up your WordPress site, improve Core Web Vitals and enhance user experience with one-click image optimization, CSS & JavaScript minification.

100 No CVEs
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

A
100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs
QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

A
100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API &hellip;

7K No CVEs
Squeeze – Image Optimization & Compression, WEBP Conversion

Squeeze – Image Optimization & Compression, WEBP Conversion

squeeze

A
92

Unlimited. Private. Instant. Squeeze compresses and converts your images directly in your browser — no external servers and no upload limits.

1K 3 CVEs
Image to WebP Converter

Image to WebP Converter

image-to-webp-converter

A
100

Automatically convert uploaded images (PNG, JPG, JPEG) to WebP format to enhance website performance and reduce load times.

900 No CVEs
Developer Profile

Image Optimizer – Optimize Images and Convert to WebP or AVIF Developer Profile

Elementor

15 plugins · 13.2M total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
704 days
View full developer profile
Detection Fingerprints

How We Detect Image Optimizer – Optimize Images and Convert to WebP or AVIF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/image-optimization/assets/css/admin-menu.css/wp-content/plugins/image-optimization/assets/css/optimization.css/wp-content/plugins/image-optimization/assets/js/admin-menu.js/wp-content/plugins/image-optimization/assets/js/optimization.js
Script Paths
/wp-content/plugins/image-optimization/vendor/elementor/image-optimization/assets/js/image-optimization.js
Version Parameters
image-optimization/assets/css/admin-menu.css?ver=image-optimization/assets/css/optimization.css?ver=image-optimization/assets/js/admin-menu.js?ver=image-optimization/assets/js/optimization.js?ver=image-optimization/vendor/elementor/image-optimization/assets/js/image-optimization.js?ver=

HTML / DOM Fingerprints

CSS Classes
image-optimizer__noticeimage-optimizer__notice--warningimage-optimization-containerimage-optimization-empty-stateimage-optimization-image-rowimage-optimization-image-cellimage-optimization-actions-cellimage-optimization-settings-section+3 more
HTML Comments
Image Optimizer - Compress, Resize and Optimize ImagesAdd top bar placeholderAdd app placeholderImage Optimization
Data Attributes
data-elementor-image-optimizer-iddata-elementor-image-optimizer-action
JS Globals
imageOptimizationAppimageOptimizationSettings
REST Endpoints
/wp-json/image-optimization/v1/bulk-optimize/wp-json/image-optimization/v1/cancel-bulk-optimization/wp-json/image-optimization/v1/restore-all-backups/wp-json/image-optimization/v1/remove-backups/wp-json/image-optimization/v1/image-settings
FAQ

Frequently Asked Questions about Image Optimizer – Optimize Images and Convert to WebP or AVIF