Does Kraken.io Image Optimizer have any unpatched vulnerabilities?

Yes — Kraken.io Image Optimizer currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Kraken.io Image Optimizer compatible with WordPress 6.7.5?

According to WordPress.org data, Kraken.io Image Optimizer 2.7.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Kraken.io Image Optimizer compatible with PHP 5.6+?

Kraken.io Image Optimizer requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Kraken.io Image Optimizer updated?

Kraken.io Image Optimizer was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Kraken.io Image Optimizer's security score?

Kraken.io Image Optimizer has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Kraken.io Image Optimizer Security & Risk Analysis

wordpress.org/plugins/kraken-image-optimizer

This plugin allows you to optimize your WordPress images through the Kraken.io API, the world's most advanced image optimization and resizing API.

10K active installs v2.7.0 PHP 5.6+ WP 4.9+ Updated Mar 5, 2026

anigifcompress-imageexifimage-optimizerimage-resize

B · Generally Safe

CVEs total3

Unpatched1

Last CVEFeb 1, 2023

Plugin page Download

Safety Verdict

Is Kraken.io Image Optimizer Safe to Use in 2026?

Mostly Safe

Score 77/100

Kraken.io Image Optimizer is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Feb 1, 2023Updated 29d ago

Risk Assessment

The kraken-image-optimizer plugin v2.7.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (95%) of properly escaped outputs. It also incorporates nonce and capability checks, which are fundamental security measures. However, the presence of two flows with unsanitized paths in the taint analysis, even without critical or high severity, indicates potential risks related to file operations or external interactions where user input might not be fully validated.

The vulnerability history is a significant concern. With three known CVEs and one currently unpatched high-severity vulnerability, this plugin has a history of significant security flaws. The common vulnerability types being Missing Authorization and Cross-Site Request Forgery (CSRF) suggest a pattern of weaknesses in how the plugin handles user actions and permissions. The last vulnerability being in early 2023 is also a recent enough concern to warrant attention.

In conclusion, while kraken-image-optimizer v2.7.0 implements some good security practices, its past and current vulnerability status, coupled with the presence of unsanitized paths, presents a notable risk. Users should exercise caution and prioritize updating to a patched version if available, as the unpatched high-severity vulnerability and historical patterns indicate a recurring susceptibility to security issues.

Key Concerns

Unpatched high severity CVE
Flows with unsanitized paths
Medium severity CVEs (2)
Unpatched CVE history (3 total)

Vulnerabilities

Kraken.io Image Optimizer Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

2 CVEs in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2023-0619medium · 6.5Missing Authorization

Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

Feb 1, 2023Unpatched

CVE-2023-22708medium · 5.4Missing Authorization

Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

Jan 17, 2023 Patched in 2.6.8 (371d)

CVE-2022-38454high · 8.8Cross-Site Request Forgery (CSRF)

Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery

Sep 23, 2022 Patched in 2.6.6 (487d)

Code Analysis

Analyzed Mar 16, 2026

Kraken.io Image Optimizer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

107 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped113 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

create_options_page (includes\class-kraken-io-settings.php:132)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Kraken.io Image Optimizer Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_kraken_reset_imageincludes\class-kraken-io-ajax.php:22

authwp_ajax_kraken_reset_allincludes\class-kraken-io-ajax.php:23

authwp_ajax_kraken_optimize_imageincludes\class-kraken-io-ajax.php:24

authwp_ajax_kraken_get_unoptimized_imagesincludes\class-kraken-io-ajax.php:25

WordPress Hooks 19

actionadd_attachmentincludes\class-kraken-io-optimization.php:32

filterwp_generate_attachment_metadataincludes\class-kraken-io-optimization.php:33

actionwp_delete_fileincludes\class-kraken-io-optimization.php:36

filtermod_rewrite_rulesincludes\class-kraken-io-optimization.php:37

filterbulk_actions-uploadincludes\class-kraken-io-settings.php:55

filteradmin_footerincludes\class-kraken-io-settings.php:56

actionadmin_menuincludes\class-kraken-io-settings.php:57

filtermanage_media_columnsincludes\class-kraken-io-stats.php:29

actionmanage_media_custom_columnincludes\class-kraken-io-stats.php:30

filterattachment_fields_to_editincludes\class-kraken-io-stats.php:31

actioninitincludes\class-kraken-io.php:133

actionadmin_enqueue_scriptsincludes\class-kraken-io.php:134

actionngg_added_new_imageincludes\supported-plugins\class-kraken-io-support-nextgen-gallery.php:20

actionngg_delete_imageincludes\supported-plugins\class-kraken-io-support-nextgen-gallery.php:21

filteras3cf_object_metaincludes\supported-plugins\class-kraken-io-support-wp-offload-media.php:20

filteras3cf_attachment_file_pathsincludes\supported-plugins\class-kraken-io-support-wp-offload-media.php:21

filteras3cf_remove_attachment_pathsincludes\supported-plugins\class-kraken-io-support-wp-offload-media.php:22

actionwr2x_retina_file_addedincludes\supported-plugins\class-kraken-io-support-wp-retina-2x.php:20

actionwr2x_retina_file_removedincludes\supported-plugins\class-kraken-io-support-wp-retina-2x.php:21

Maintenance & Trust

Kraken.io Image Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 5, 2026

PHP min version5.6

Downloads397K

Community Trust

Rating90/100

Number of ratings119

Active installs10K

Alternatives

Kraken.io Image Optimizer Alternatives

Zara 4 Image Compression

zara-4

Compress your images by up to 90% and make your website load faster. Improve your SEO. Reduce your bandwidth.

100 1 unpatched

OptiPic images optimization

optipic

Automatic optimize images on your site according to the recommendations of Google PageSpeed Insights. Automatic convert all site images to WebP if vis …

80 No CVEs

WPOptimizers – Image Optimizer Lite

wpoptimizers-image-optimizer-lite

100

Lightweight image optimizer for WordPress. Compress images with one click for faster, better-performing websites.

70 No CVEs

Toolszu Image Optimizer

toolszu-image-optimizer

100

Toolszu Image Optimizer is a lightweight WordPress image compression, resizing, and WebP conversion plugin designed for content writers, bloggers, and …

0 No CVEs

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

Developer Profile

Kraken.io Image Optimizer Developer Profile

karim79

1 plugin · 10K total installs

trust score

Avg Security Score

77/100

Avg Patch Time

429 days

View full developer profile

Detection Fingerprints

How We Detect Kraken.io Image Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kraken-image-optimizer/assets/dist/kraken.css/wp-content/plugins/kraken-image-optimizer/assets/dist/kraken.js

Script Paths

/wp-content/plugins/kraken-image-optimizer/assets/dist/kraken.js

Version Parameters

kraken-image-optimizer/assets/dist/kraken.css?ver=kraken-image-optimizer/assets/dist/kraken.js?ver=

HTML / DOM Fingerprints

CSS Classes

kraken-settings-wrap

Data Attributes

data-kraken-options

JS Globals

kraken_options

FAQ