isShrinker Security & Risk Analysis
wordpress.org/plugins/isshrinkerWhen uploading, it will shrink the image automatically. The feature is keeping the aspect ratio and maximum file size can be specified.
Is isShrinker Safe to Use in 2026?
Generally Safe
Score 85/100isShrinker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The static analysis of the isshrinker v1.52 plugin reveals a generally strong security posture in several key areas. The absence of known CVEs, coupled with no recorded vulnerabilities in its history, is a positive indicator. The code also shows a complete absence of dangerous functions and SQL queries, with 100% of queries utilizing prepared statements. Furthermore, there are no external HTTP requests, which eliminates a common attack vector.
However, significant concerns arise from the output escaping and capability checks. With 0% of the 6 total outputs being properly escaped, this plugin is highly vulnerable to Cross-Site Scripting (XSS) attacks. Any user-supplied data that is reflected in the output without proper sanitization poses a direct risk. Additionally, the complete lack of nonce and capability checks across all entry points (even though the attack surface appears to be zero in this analysis, which is unusual) suggests that if any entry points were to be discovered or introduced in future versions, they would likely be unprotected, leading to potential unauthorized actions or information disclosure.
In conclusion, while the plugin demonstrates good practices in database interaction and avoids known vulnerabilities, the critical flaw in output escaping represents a severe security weakness. The lack of capability checks, although not directly actionable with the current zero attack surface, is a concerning omission that could become a problem if the plugin evolves. Addressing the unescaped output is paramount for improving the plugin's security.
Key Concerns
- Output escaping is not implemented
- No capability checks detected
- No nonce checks detected
isShrinker Security Vulnerabilities
isShrinker Release Timeline
isShrinker Code Analysis
Output Escaping
isShrinker Attack Surface
WordPress Hooks 3
Maintenance & Trust
isShrinker Maintenance & Trust
Maintenance Signals
Community Trust
isShrinker Alternatives
Image Optimizer – Optimize Images and Convert to WebP or AVIF
image-optimization
Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF
imagify
Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance
wp-optimize
Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.
Smush – Image Optimization, Compression, Lazy Load, WebP & CDN
wp-smushit
Compress and optimize images, enable lazy load, serve WebP & AVIF, and speed up your site with a global image CDN.
Autoptimize
autoptimize
Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.
isShrinker Developer Profile
2 plugins · 30 total installs
How We Detect isShrinker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/isshrinker/isshrinker_admin.css/wp-content/plugins/isshrinker/isshrinker.jsHTML / DOM Fingerprints
name="is_config_jpeg"name="is_config_png"name="is_config_muki"name="is_config_fsize"name="is_config_is_lmax"name="is_config_is_fs"+6 moreisshrinker_admin_params