Does ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF have any unpatched vulnerabilities?

No. All known vulnerabilities in ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF compatible with WordPress 6.8.5?

According to WordPress.org data, ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF 1.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Security & Risk Analysis

wordpress.org/plugins/imgsmaller

Compress and optimize your WordPress media library images using the ImgSmaller API with automated backups and restore controls.

0 active installs v1.0.1 PHP 7.4+ WP 5.8+ Updated Oct 19, 2025

avifimagesmedia-libraryperformancewebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Safe to Use in 2026?

Generally Safe

Score 100/100

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The imgsmaller v1.0.1 plugin presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A notable 17 out of 23 entry points, including a substantial portion of AJAX handlers and REST API routes, lack proper authentication and permission checks. This creates a wide opening for potential unauthorized access and manipulation. The absence of any recorded vulnerabilities or CVEs in its history is a positive indicator, suggesting diligent maintenance or a lack of past exploitation. However, this historical clean record does not mitigate the immediate risks posed by the identified unprotected entry points. In conclusion, the plugin exhibits strengths in its data handling but suffers from a critical weakness in its access control, necessitating immediate attention to secure its exposed functionalities.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes

Vulnerabilities

None known

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

115 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

96% escaped120 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<Controller> (src\Rest\Controller.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

17 unprotected

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Attack Surface

Entry Points23

Unprotected17

AJAX Handlers 19

authwp_ajax_imgsmaller_statussrc\Plugin.php:57

authwp_ajax_imgsmaller_startsrc\Plugin.php:58

authwp_ajax_imgsmaller_pausesrc\Plugin.php:59

authwp_ajax_imgsmaller_resumesrc\Plugin.php:60

authwp_ajax_imgsmaller_restoresrc\Plugin.php:61

authwp_ajax_imgsmaller_restore_stepsrc\Plugin.php:62

authwp_ajax_imgsmaller_process_nowsrc\Plugin.php:63

authwp_ajax_imgsmaller_test_connectionsrc\Plugin.php:64

authwp_ajax_imgsmaller_debug_mediasrc\Plugin.php:65

authwp_ajax_imgsmaller_media_searchsrc\Plugin.php:66

authwp_ajax_imgsmaller_cancel_restoresrc\Plugin.php:67

authwp_ajax_imgsmaller_restore_searchsrc\Plugin.php:68

authwp_ajax_imgsmaller_restore_selectedsrc\Plugin.php:69

authwp_ajax_imgsmaller_scansrc\Plugin.php:70

authwp_ajax_imgsmaller_plan_infosrc\Rest\Controller.php:83

authwp_ajax_imgsmaller_set_domainsrc\Rest\Controller.php:84

authwp_ajax_imgsmaller_tour_dismisssrc\Rest\Controller.php:86

authwp_ajax_imgsmaller_tour_completesrc\Rest\Controller.php:87

authwp_ajax_imgsmaller_failed_listsrc\Rest\Controller.php:89

REST API Routes 4

GET/wp-json/imgsmaller/v1/statussrc\Rest\Controller.php:37

GET/wp-json/imgsmaller/v1/cronsrc\Rest\Controller.php:50

GET/wp-json/imgsmaller/v1/restoresrc\Rest\Controller.php:61

GET/wp-json/imgsmaller/v1/filesrc\Rest\Controller.php:72

WordPress Hooks 15

actionplugins_loadedimgsmaller-wp.php:55

actionadmin_post_imgsmaller_save_settingssrc\Admin\DashboardPage.php:31

actionadmin_post_imgsmaller_restoresrc\Admin\DashboardPage.php:32

actionadmin_post_imgsmaller_download_backupsrc\Admin\DashboardPage.php:33

actionadmin_post_imgsmaller_import_backupsrc\Admin\DashboardPage.php:34

actionadmin_post_imgsmaller_delete_backupssrc\Admin\DashboardPage.php:35

actionadmin_post_imgsmaller_import_replacementssrc\Admin\DashboardPage.php:36

actionadmin_post_imgsmaller_reset_pluginsrc\Admin\DashboardPage.php:37

actionadmin_post_imgsmaller_regenerate_cron_tokensrc\Admin\DashboardPage.php:38

actionadmin_enqueue_scriptssrc\Admin\DashboardPage.php:72

actioninitsrc\Plugin.php:54

actionadmin_menusrc\Plugin.php:55

actionadmin_initsrc\Plugin.php:56

filtercron_schedulessrc\Plugin.php:77

actionrest_api_initsrc\Rest\Controller.php:36

Maintenance & Trust

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 19, 2025

PHP min version7.4

Downloads172

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Alternatives

Modern Image Formats

webp-uploads

100

Converts images to more modern formats such as WebP or AVIF during upload.

100K No CVEs

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

WebP Express

webp-express

Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP.

300K 3 CVEs

WebP Express Plus

webp-express-plus

Exclusion of necessary images from processing by the "WebP Express" plugin

800 No CVEs

Developer Profile

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF Developer Profile

Subarnadip Pal

2 plugins · 0 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imgsmaller/assets/css/dashboard.css/wp-content/plugins/imgsmaller/assets/js/dashboard.js

Script Paths

assets/js/dashboard.js

Version Parameters

imgsmaller/style.css?ver=imgsmaller/script.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-imgsmaller-backup-restoredata-imgsmaller-restore-formdata-imgsmaller-settings-formdata-imgsmaller-image-iddata-imgsmaller-restore-button

JS Globals

ImgSmallerDashboard

FAQ