WP-Safety

Image Converter & Optimizer Security & Risk Analysis

wordpress.org/plugins/image-type-converter

Easily convert any image type to another, including png, jpg, gif, webp, and avif in a single click, with support for image subsizes.

70 active installs v1.0.5 PHP 7.1.0+ WP 5.3.0+ Updated Jan 26, 2026
image-converterimage-subsizesimage-typeoptimize-imagepng
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Image Converter & Optimizer Safe to Use in 2026?

Generally Safe

Score 100/100

Image Converter & Optimizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The image-type-converter plugin, version 1.0.5, exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities in its history is a significant positive indicator. Furthermore, the code demonstrates good practices such as 100% use of prepared statements for SQL queries and a high rate of output escaping (98%). Nonce and capability checks are also present, indicating an effort to secure common entry points.

However, the static analysis did reveal two flows with unsanitized paths. While the taint analysis did not classify these as critical or high severity, and the overall attack surface is reported as zero (meaning all identified entry points have checks), these unsanitized paths warrant attention. The presence of file operations (12 total) combined with unsanitized paths could potentially lead to directory traversal or arbitrary file read/write vulnerabilities if not handled with extreme care, especially if these paths are derived from user input at any point.

In conclusion, the plugin appears well-maintained with a history of no known vulnerabilities, and it adheres to many security best practices. The primary area of concern lies in the two identified unsanitized path flows, which, although not currently flagged as severe, represent a potential risk. Future versions should aim to eliminate these unsanitized path flows entirely to further strengthen the plugin's security.

Key Concerns

  • Flows with unsanitized paths found
Vulnerabilities
None known

Image Converter & Optimizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Image Converter & Optimizer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
10
407 escaped
Nonce Checks
7
Capability Checks
4
File Operations
12
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped417 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_quick_converter (includes\QuickImageConverter.php:117)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Image Converter & Optimizer Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 22
actionplugins_loadedgpls-wicor-image-converter.php:241
filterwp_handle_uploadincludes\AutoImageConverter.php:64
filterwp_generate_attachment_metadataincludes\AutoImageConverter.php:65
actionadmin_enqueue_scriptsincludes\Core\Core.php:282
actioninitincludes\MetaBoxes\MetaBoxesBase\MetaBox.php:100
actionadd_meta_boxesincludes\MetaBoxes\MetaBoxesBase\MetaBox.php:101
actionadmin_enqueue_scriptsincludes\MetaBoxes\MetaBoxesBase\MetaBox.php:102
actioninitincludes\Pages\PagesBase\AdminPage.php:179
filterwoocommerce_settings_tabs_arrayincludes\Pages\PagesBase\AdminPage.php:250
actionadmin_menuincludes\Pages\PagesBase\AdminPage.php:325
actionadmin_enqueue_scriptsincludes\Pages\PagesBase\AdminPage.php:326
actionadmin_enqueue_scriptsincludes\QuickImageConverter.php:71
filtermanage_media_columnsincludes\QuickImageConverter.php:72
actionmanage_media_custom_columnincludes\QuickImageConverter.php:73
actionadmin_footerincludes\QuickImageConverter.php:75
actionwp_loadedincludes\Settings\SettingsBase\Settings.php:160
actioninitincludes\Settings\SettingsBase\Settings.php:175
filterwp_kses_allowed_htmlincludes\Settings\SettingsFields\FieldBase.php:335
filtergetimagesize_mimes_to_extsincludes\TypesSupport.php:49
filterwp_generate_attachment_metadataincludes\TypesSupport.php:50
filterfile_is_displayable_imageincludes\TypesSupport.php:51
filtermime_typesincludes\TypesSupport.php:60
Maintenance & Trust

Image Converter & Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 26, 2026
PHP min version7.1.0
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs70
Alternatives

Image Converter & Optimizer Alternatives

Image Format Converter

Image Format Converter

image-format-converter

A
100

Convert images between JPG, PNG, WebP, and AVIF in WordPress admin with a modern UI. Requires GD or Imagick.

100 No CVEs
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

A
100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

A
93

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs
Converter for Media – Optimize images | Convert WebP & AVIF

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

A
93

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

A
95

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 7 CVEs
Developer Profile

Image Converter & Optimizer Developer Profile

GrandPlugins

20 plugins · 9K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
160 days
View full developer profile
Detection Fingerprints

How We Detect Image Converter & Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/public/gpls-general.css/wp-content/plugins/image-type-converter/vendor/grandplugins/gpls-core/assets/dist/js/public/gpls-general.js/wp-content/plugins/image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/admin/gpls-admin.css/wp-content/plugins/image-type-converter/vendor/grandplugins/gpls-core/assets/dist/js/admin/gpls-admin.js/wp-content/plugins/image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/admin/gpls-admin-rtl.css/wp-content/plugins/image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/public/gpls-general-rtl.css
Version Parameters
image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/public/gpls-general.css?ver=image-type-converter/vendor/grandplugins/gpls-core/assets/dist/js/public/gpls-general.js?ver=image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/admin/gpls-admin.css?ver=image-type-converter/vendor/grandplugins/gpls-core/assets/dist/js/admin/gpls-admin.js?ver=image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/admin/gpls-admin-rtl.css?ver=image-type-converter/vendor/grandplugins/gpls-core/assets/dist/css/public/gpls-general-rtl.css?ver=

HTML / DOM Fingerprints

CSS Classes
gpls-generalgpls-admin
HTML Comments
<!-- GPLS -->
Data Attributes
data-gpls-modal-target
JS Globals
GPLS_LOCALIZE_DATAgpls_wicor_localize_data
FAQ

Frequently Asked Questions about Image Converter & Optimizer