MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Security & Risk Analysis

wordpress.org/plugins/megaoptim-image-optimizer

Optimize JPEG, PNG, GIF, WebP, and AVIF images with smart cloud compression or local processing, convert old JPG, PNG, and GIF uploads to modern WebP …

100 active installs v1.4.24 PHP 5.3+ WP 3.6+ Updated Apr 9, 2026

avifimage-optimizerjpeg-to-webppng-to-webpwebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Safe to Use in 2026?

Generally Safe

Score 100/100

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The megaoptim-image-optimizer plugin v1.4.24 exhibits a mixed security posture. While it demonstrates several good security practices, such as the extensive use of prepared statements for SQL queries (90%) and a significant number of capability checks (17), there are notable areas of concern. The presence of two AJAX handlers without authentication checks presents a direct attack surface that could be exploited by unauthenticated users. Furthermore, the code signals reveal the use of the `unserialize` function, which, if not handled with extreme care, can be a vector for deserialization vulnerabilities. The taint analysis, while showing no critical or high severity flows with unsanitized paths, still identified flows with unsanitized paths, indicating potential, albeit perhaps lower-risk, vulnerabilities.

The plugin's vulnerability history is exceptionally clean, with zero recorded CVEs across all severities. This suggests a history of robust security or fortunate obscurity. However, the absence of past vulnerabilities should not overshadow the current findings. The plugin has a relatively large attack surface with 18 entry points, and the two unprotected AJAX handlers are significant weaknesses. The low percentage of properly escaped output (13%) is also a concern, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled correctly before output.

In conclusion, megaoptim-image-optimizer v1.4.24 has strengths in its SQL query handling and capability checks. However, the unprotected AJAX endpoints, the use of `unserialize`, and the poor output escaping practices represent significant security risks. The clean vulnerability history is positive but does not negate the identified code-level weaknesses. Addressing the unprotected AJAX handlers and improving output sanitization are critical steps to enhance the plugin's security.

Key Concerns

AJAX handlers without authentication checks
Dangerous function: unserialize used
Low percentage of properly escaped output
Flows with unsanitized paths found

Vulnerabilities

None known

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Release Timeline

v1.4.24Current

v1.4.23

v1.4.21

v1.4.20

v1.4.19

v1.4.18

v1.4.17

v1.4.16

v1.4.15

v1.4.14

v1.4.13

v1.4.12

v1.4.11

v1.4.10

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

Code Analysis

Analyzed Mar 16, 2026

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$attachment_data = @unserialize( $attachment->data );includes\classes\MGO_CLI.php:326

unserialize$metadata = unserialize( $metadata );includes\classes\Models\MGO_MediaAttachment.php:681

unserialize$data = unserialize( $data );includes\classes\Models\MGO_MediaAttachment.php:684

SQL Query Safety

90% prepared29 total queries

Output Escaping

13% escaped111 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

render_bulk_optimizer_page (includes\classes\MGO_Admin_UI.php:73)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Attack Surface

Entry Points18

Unprotected2

AJAX Handlers 18

authwp_ajax_megaoptim_set_apikeyincludes\classes\MGO_Ajax.php:37

authwp_ajax_megaoptim_instructions_dismissincludes\classes\MGO_Ajax.php:38

authwp_ajax_megaoptim_save_settingsincludes\classes\MGO_Ajax.php:39

authwp_ajax_megaoptim_save_advanced_settingsincludes\classes\MGO_Ajax.php:40

authwp_ajax_megaoptim_export_reportincludes\classes\MGO_Ajax.php:41

authwp_ajax_megaoptim_optimize_attachmentincludes\classes\MGO_Ajax.php:44

authwp_ajax_megaoptim_optimize_ld_attachmentincludes\classes\MGO_Ajax.php:45

authwp_ajax_megaoptim_directory_treeincludes\classes\MGO_Ajax.php:47

authwp_ajax_megaoptim_directory_dataincludes\classes\MGO_Ajax.php:48

authwp_ajax_megaoptim_library_dataincludes\classes\MGO_Ajax.php:50

authwp_ajax_megaoptim_empty_backup_dirincludes\classes\MGO_Ajax.php:52

authwp_ajax_megaoptim_ticker_uploadincludes\classes\MGO_Ajax.php:53

authwp_ajax_megaoptim_delete_attachment_metadataincludes\classes\MGO_Ajax.php:55

authwp_ajax_megaoptim_get_profileincludes\classes\MGO_Ajax.php:57

authwp_ajax_megaoptim_optimize_single_attachmentincludes\classes\MGO_Ajax.php:58

authwp_ajax_megaoptim_restore_single_attachmentincludes\classes\MGO_Ajax.php:59

authwp_ajax_megaoptim_api_registerincludes\classes\MGO_Ajax.php:61

authwp_ajax_megaoptim_ngg_optimize_attachmentincludes\compat\nextgen-gallery\hooks\ajax.php:53

WordPress Hooks 55

actionplugins_loadedincludes\classes\Adapters\MGO_MediaLibrary.php:48

actionadmin_initincludes\classes\MGO_Admin_Notices.php:23

actionadmin_noticesincludes\classes\MGO_Admin_Notices.php:24

actionadmin_footerincludes\classes\MGO_Admin_Notices.php:25

actionadmin_menuincludes\classes\MGO_Admin_UI.php:32

filteradmin_body_classincludes\classes\MGO_Admin_UI.php:33

actionadmin_noticesincludes\classes\MGO_Admin_UI.php:34

filtermanage_media_columnsincludes\classes\MGO_Admin_UI.php:35

actionmanage_media_custom_columnincludes\classes\MGO_Admin_UI.php:36

actionadmin_enqueue_scriptsincludes\classes\MGO_Admin_UI.php:37

actionadd_meta_boxesincludes\classes\MGO_Admin_UI.php:38

actionmegaoptim_size_optimizedincludes\compat\cloudflare\hooks.php:58

filterhttp_request_argsincludes\compat\hosting\general\hooks.php:47

actionmegaoptim_size_optimizedincludes\compat\hosting\wpengine\hooks.php:36

filtermpp_generate_metadataincludes\compat\mediapress\hooks\attachments.php:61

actionplugins_loadedincludes\compat\nextgen-gallery\classes\MGO_NGGLibrary.php:51

actionngg_after_new_images_addedincludes\compat\nextgen-gallery\hooks\attachments.php:64

filterngg_medialibrary_imported_imageincludes\compat\nextgen-gallery\hooks\attachments.php:117

actionngg_generated_imageincludes\compat\nextgen-gallery\hooks\attachments.php:129

actionngg_delete_pictureincludes\compat\nextgen-gallery\hooks\attachments.php:147

actionngg_delete_galleryincludes\compat\nextgen-gallery\hooks\attachments.php:163

filtermegaoptim_backup_dirincludes\compat\nextgen-gallery\hooks\general.php:32

actionmegaoptim_optimize_single_attachmentincludes\compat\nextgen-gallery\hooks\general.php:40

filtermegaoptim_restore_single_attachmentincludes\compat\nextgen-gallery\hooks\general.php:54

filtermegaoptim_upload_tickerincludes\compat\nextgen-gallery\hooks\general.php:77

filtermegaoptim_optimizer_viewincludes\compat\nextgen-gallery\hooks\general.php:83

filtermegaoptim_optimizer_paramsincludes\compat\nextgen-gallery\hooks\general.php:94

filtermegaoptim_is_optimizer_pageincludes\compat\nextgen-gallery\hooks\general.php:105

filtermegaoptim_library_dataincludes\compat\nextgen-gallery\hooks\general.php:114

filterngg_manage_images_number_of_columnsincludes\compat\nextgen-gallery\hooks\list.php:25

actionas3cf_initincludes\compat\wp-offload-media\MGO_As3cf.php:36

filterwp_check_filetype_and_extincludes\compat\wp-offload-media\MGO_As3cf.php:56

filteras3cf_pre_update_attachment_metadataincludes\compat\wp-offload-media\MGO_As3cf.php:58

filteras3cf_attachment_file_pathsincludes\compat\wp-offload-media\MGO_As3cf.php:59

filteras3cf_remove_attachment_pathsincludes\compat\wp-offload-media\MGO_As3cf.php:60

actionmegaoptim_attachment_optimizedincludes\compat\wp-offload-media\MGO_As3cf.php:62

actionmegaoptim_after_restore_attachmentincludes\compat\wp-offload-media\MGO_As3cf.php:63

filtermegaoptim_webp_uploads_baseincludes\compat\wp-offload-media\MGO_As3cf.php:64

filtermegaoptim_webp_file_404includes\compat\wp-offload-media\MGO_As3cf.php:65

actionwr2x_generate_retinaincludes\compat\wp-retina-2x\hooks\general.php:40

filtermegaoptim_auto_optimize_media_attachmentincludes\functions\helpers.php:956

actiondelete_attachmentincludes\hooks\attachments.php:46

filterwp_generate_attachment_metadataincludes\hooks\attachments.php:86

filterbig_image_size_thresholdincludes\hooks\attachments.php:118

actioncurrent_screenincludes\hooks\general.php:62

actionmegaoptim_before_optimizationincludes\hooks\internal.php:39

actionadmin_footerincludes\hooks\internal.php:53

actionplugins_loadedincludes\hooks\internal.php:64

filtermegaoptim_max_scan_chunk_sizeincludes\hooks\internal.php:84

actioninitincludes\hooks\notices.php:31

actioninitincludes\hooks\notices.php:63

actioninitincludes\hooks\webp.php:31

actionplugins_loadedincludes\hooks\webp.php:40

actionwp_enqueue_scriptsincludes\hooks\webp.php:52

actionadmin_noticesincludes\loader.php:33

Maintenance & Trust

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedApr 9, 2026

PHP min version5.3

Downloads13K

Community Trust

Rating100/100

Number of ratings34

Active installs100

Alternatives

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Alternatives

Image Optimizer PRO – Optimize Images, Convert AVIF & WebP

image-optimizer-pro

100

Optimize and serve your images in AVIF or webp format on-the-fly, boosting site performance and decreasing load times with our network distribution.

100 No CVEs

Hedef Image Optimizer — WebP & AVIF

hedef-image-optimizer-webp-avif

100

Converts JPEG and PNG to modern WebP and AVIF formats, with bulk optimization and smart delivery.

40 No CVEs

NaveenCodes Image Optimizer

naveencodes-image-optimizer

100

Optimize WordPress images with bulk compression, upload optimization, Media Library actions, and zero tracking.

0 No CVEs

Nish Image Optimizer

nish-image-optimizer

100

Lightweight WordPress image optimizer. Compress JPEG, PNG, WebP, and AVIF automatically for faster websites.

0 No CVEs

Shrinkify Image Compression

shrinkify-image-compression

100

High-performance image optimization using Shrinkify API. Convert to AVIF/WebP instantly.

0 No CVEs

Developer Profile

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Developer Profile

MegaOptim

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/megaoptim-image-optimizer/assets/css/admin.css/wp-content/plugins/megaoptim-image-optimizer/assets/js/admin.js/wp-content/plugins/megaoptim-image-optimizer/assets/css/style.css/wp-content/plugins/megaoptim-image-optimizer/assets/js/frontend.js

Script Paths

/wp-content/plugins/megaoptim-image-optimizer/assets/js/admin.js/wp-content/plugins/megaoptim-image-optimizer/assets/js/frontend.js

Version Parameters

megaoptim-image-optimizer/assets/css/admin.css?ver=megaoptim-image-optimizer/assets/js/admin.js?ver=megaoptim-image-optimizer/assets/css/style.css?ver=megaoptim-image-optimizer/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

megaoptim-pagemegaoptim-page-optimizer

HTML Comments

MegaOptim Image Optimizer

Data Attributes

data-megaoptim-iddata-megaoptim-status

JS Globals

megaoptim_data

FAQ

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Security & Risk Analysis

Is MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Safe to Use in 2026?

Generally Safe

Key Concerns

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Security Vulnerabilities

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Release Timeline

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Attack Surface

AJAX Handlers 18

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Maintenance & Trust

Maintenance Signals

Community Trust

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Alternatives

Image Optimizer PRO – Optimize Images, Convert AVIF & WebP

Hedef Image Optimizer — WebP & AVIF

NaveenCodes Image Optimizer

Nish Image Optimizer

Shrinkify Image Compression

MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF Developer Profile

How We Detect MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about MegaOptim Image Optimizer – Optimize Images, Compress Images, Convert to WebP & AVIF