Does Media Webp have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Media Webp compatible with WordPress 4.9.29?

According to WordPress.org data, Media Webp 1.0.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Media Webp compatible with PHP 7.1.0+?

Media Webp requires PHP 7.1.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Media Webp updated?

Media Webp was last updated on Oct 30, 2018. Frequent updates are generally a positive security signal.

What is Media Webp's security score?

Media Webp has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Media Webp Security & Risk Analysis

wordpress.org/plugins/media-webp

Automatically creates webp images when you upload compatible media. This plugin also manages any updates and changes to the linked attachment images.

90 active installs v1.0.3 PHP 7.1.0+ WP 4.7+ Updated Oct 30, 2018

imagesmediaoptimiseoptimizationwebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Media Webp Safe to Use in 2026?

Generally Safe

Score 85/100

Media Webp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "media-webp" v1.0.3 plugin demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection risks through prepared statements, and fully escaped output are excellent indicators of secure coding practices. The presence of nonce checks further mitigates common attack vectors for its single AJAX handler. The plugin also boasts a clean vulnerability history, with no known CVEs, suggesting a history of secure development and maintenance.

However, the lack of capability checks on the AJAX handler presents a potential concern. While nonce checks help prevent cross-site request forgery, they do not restrict access based on user roles. An authenticated attacker with lower privileges might be able to trigger the AJAX action. Despite this single area for improvement, the overall security of the plugin appears to be very good, with no critical or high-severity issues identified in the static analysis or vulnerability history.

Key Concerns

Missing capability checks on AJAX handler

Vulnerabilities

None known

Media Webp Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Media Webp Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Media Webp Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

195 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped195 total outputs

Attack Surface

Media Webp Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_media_webp_callbackclasses\class-plugin.php:154

WordPress Hooks 25

actionadmin_noticesclasses\class-forms.php:151

actionnetwork_admin_noticesclasses\class-forms.php:153

actionadmin_noticesclasses\class-plugin.php:106

actionnetwork_admin_noticesclasses\class-plugin.php:107

actionadmin_noticesclasses\class-plugin.php:114

actionnetwork_admin_noticesclasses\class-plugin.php:115

actionadmin_initclasses\class-plugin.php:152

actionadmin_enqueue_scriptsclasses\class-plugin.php:155

actionafter_plugin_rowclasses\class-plugin.php:156

filterwp_save_image_editor_fileclasses\class-plugin.php:158

filterwp_prepare_attachment_for_jsclasses\class-plugin.php:159

filterthe_titleclasses\class-plugin.php:161

filteradd_meta_boxesclasses\class-plugin.php:162

actionadmin_menuclasses\class-plugin.php:166

actionadmin_menuclasses\class-plugin.php:167

actionnetwork_admin_menuclasses\class-plugin.php:169

actionnetwork_admin_menuclasses\class-plugin.php:170

actionadmin_headclasses\class-plugin.php:175

filterwp_handle_uploadclasses\class-plugin.php:190

filterimage_make_intermediate_sizeclasses\class-plugin.php:191

filterdelete_attachmentclasses\class-plugin.php:194

actionafter_switch_themeclasses\class-plugin.php:196

actionplugins_loadedmediawebp.php:28

actionadmin_noticesmediawebp.php:38

actionnetwork_admin_noticesmediawebp.php:39

Maintenance & Trust

Media Webp Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 30, 2018

PHP min version7.1.0

Downloads5K

Community Trust

Rating98/100

Number of ratings7

Active installs90

Alternatives

Media Webp Alternatives

OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe

origisafe-advanced-image-optimizer

100

Convert JPG/PNG uploads (and existing library) to WebP, move originals to /uploads/_originals/, and update Media Library metadata - WP serves .webp

0 No CVEs

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.

1.0M No CVEs

Smush – Image Optimization, Compression, Lazy Load, WebP & CDN

wp-smushit

Compress and optimize images, enable lazy load, serve WebP & AVIF, and speed up your site with a global image CDN.

1.0M 6 CVEs

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 8 CVEs

Developer Profile

Media Webp Developer Profile

steveturner2018

1 plugin · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Media Webp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/media-webp/assets/css/tools.css/wp-content/plugins/media-webp/assets/js/tools.js

Script Paths

/wp-content/plugins/media-webp/assets/js/tools.js

Version Parameters

media-webp/assets/js/tools.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

media_wts

Data Attributes

data-mediawebp-iddata-mediawebp-webp-id

JS Globals

media_webp_object

FAQ