WP-Safety

JPEG PNG Compressor Security & Risk Analysis

wordpress.org/plugins/jpeg-png-compressor

Speed up your website. Compress your JPEG and PNG images automatically with PNG Compressor.

50 active installs v1.1 PHP + WP 3.3.1+ Updated Apr 20, 2020
compressfasterimproveoptimizeshrink
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is JPEG PNG Compressor Safe to Use in 2026?

Generally Safe

Score 85/100

JPEG PNG Compressor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "jpeg-png-compressor" v1.1 plugin exhibits a concerning security posture, primarily due to significant weaknesses in its authentication and sanitization mechanisms. While the plugin demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerability history, these strengths are overshadowed by critical vulnerabilities in its entry points. The presence of 6 AJAX handlers, with 4 lacking authentication checks, creates a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals 7 flows with unsanitized paths, indicating potential for injection attacks or other arbitrary code execution if these paths are triggered through user-supplied input. The absence of nonce checks on AJAX handlers is a direct contributor to this risk, making it easier for attackers to forge requests.

Key Concerns

  • 4 unprotected AJAX handlers
  • 7 unsanitized path taint flows
  • No nonce checks on AJAX
  • 44% of output properly escaped
Vulnerabilities
None known

JPEG PNG Compressor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

JPEG PNG Compressor Code Analysis

Dangerous Functions
25
Raw SQL Queries
0
2 prepared
Unescaped Output
75
60 escaped
Nonce Checks
0
Capability Checks
5
File Operations
10
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_media.php:5
unserialize$get_db_data = unserialize(get_post_meta( $post_id, 'pjci_compress_images', true ));admin\pjci_admin_media.php:27
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_media.php:30
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_media.php:94
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_media.php:188
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_media.php:264
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:35
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:242
unserialize$get_db_data = unserialize(get_post_meta( $post_id, 'pjci_compress_images', true ));admin\pjci_admin_page.php:256
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:302
unserialize$get_db_data = unserialize(get_post_meta( $key, 'pjci_compress_images', true ));admin\pjci_admin_page.php:307
unserializeif(empty(unserialize(unserialize($meta->meta_value)))){admin\pjci_admin_page.php:400
unserializeif(empty(unserialize(unserialize($meta->meta_value)))){admin\pjci_admin_page.php:400
unserialize$unserialize_metaset = unserialize(unserialize($meta->meta_value));admin\pjci_admin_page.php:403
unserialize$unserialize_metaset = unserialize(unserialize($meta->meta_value));admin\pjci_admin_page.php:403
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:622
unserialize$get_db_data = unserialize(get_post_meta( $post_id, 'pjci_compress_images', true ));admin\pjci_admin_page.php:665
unserialize$get_db_data = unserialize(get_post_meta( $post_id, 'pjci_compress_images', true ));admin\pjci_admin_page.php:755
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:757
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:800
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:952
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:1074
unserialize$get_db_data = unserialize(get_post_meta( $post_id, 'pjci_compress_images', true ));admin\pjci_admin_page.php:1116
unserialize$unserialize_pjci_sizes = unserialize(get_option('pjci_sizes'));admin\pjci_admin_page.php:1275
unserialize$get_db_data = unserialize(get_post_meta( $post_id, 'pjci_compress_images', true ));admin\pjci_admin_page.php:1316

SQL Query Safety

100% prepared2 total queries

Output Escaping

44% escaped135 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
pjci_single_img_compress (admin\pjci_admin_page.php:614)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

JPEG PNG Compressor Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 6

authwp_ajax_pjci_register_accountadmin\pjci_admin_page.php:520
authwp_ajax_pjci_api_key_verifyadmin\pjci_admin_page.php:562
authwp_ajax_pjci_single_img_compressadmin\pjci_admin_page.php:613
authwp_ajax_pjci_async_optimize_upload_new_imageadmin\pjci_admin_page.php:937
authwp_ajax_pjci_bulk_img_compressadmin\pjci_admin_page.php:1055
authwp_ajax_pjci_get_fieldsadmin\pjci_admin_page.php:1216
WordPress Hooks 12
filtermanage_media_columnsadmin\pjci_admin_media.php:12
actionmanage_media_custom_columnadmin\pjci_admin_media.php:516
actionadmin_menuadmin\pjci_admin_page.php:3
filterwp_generate_attachment_metadataadmin\pjci_admin_page.php:787
actionadmin_initadmin\pjci_admin_page.php:935
actionadmin_footeradmin\pjci_admin_page.php:1244
actionload-upload.phpadmin\pjci_admin_page.php:1259
actionadmin_noticesadmin\pjci_admin_page.php:1417
actionadmin_noticesadmin\pjci_admin_page.php:1427
actiondelete_attachmentadmin\pjci_admin_page.php:1455
actionadmin_enqueue_scriptspng-compressor.php:48
actionadmin_noticespng-compressor.php:51
Maintenance & Trust

JPEG PNG Compressor Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedApr 20, 2020
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs50
Alternatives

JPEG PNG Compressor Alternatives

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

A
100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

A
93

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs
Converter for Media – Optimize images | Convert WebP & AVIF

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

A
93

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

A
95

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 7 CVEs
ThumbPress – Image Management Suite for Performance and Optimization

ThumbPress – Image Management Suite for Performance and Optimization

image-sizes

A
100

Disable Thumbnails, Regenerate Thumbnails, Compress Images, Convert to WebP, Find Unused and Large Images, Edit Images, and more with ThumbPress.

30K No CVEs
Developer Profile

JPEG PNG Compressor Developer Profile

premiumthemes

2 plugins · 250 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect JPEG PNG Compressor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jpeg-png-compressor/admin/js/admin_media.js/wp-content/plugins/jpeg-png-compressor/admin/js/pie-chart.js/wp-content/plugins/jpeg-png-compressor/admin/css/admin_style.css/wp-content/plugins/jpeg-png-compressor/admin/css/font-awesome.min.css/wp-content/plugins/jpeg-png-compressor/admin/css/style.css/wp-content/plugins/jpeg-png-compressor/admin/css/responsive.css
Script Paths
/wp-content/plugins/jpeg-png-compressor/admin/js/admin_media.js/wp-content/plugins/jpeg-png-compressor/admin/js/pie-chart.js
Version Parameters
jpeg-png-compressor/admin/js/admin_media.js?ver=jpeg-png-compressor/admin/js/pie-chart.js?ver=jpeg-png-compressor/admin/css/admin_style.css?ver=jpeg-png-compressor/admin/css/font-awesome.min.css?ver=jpeg-png-compressor/admin/css/style.css?ver=jpeg-png-compressor/admin/css/responsive.css?ver=

HTML / DOM Fingerprints

CSS Classes
pjci-noticeincompatible-plugins
FAQ

Frequently Asked Questions about JPEG PNG Compressor