Does Opti MozJpeg Guetzli WebP have any unpatched vulnerabilities?

No. All known vulnerabilities in Opti MozJpeg Guetzli WebP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Opti MozJpeg Guetzli WebP compatible with WordPress 4.9.29?

According to WordPress.org data, Opti MozJpeg Guetzli WebP 1.16 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Opti MozJpeg Guetzli WebP compatible with PHP 5.4+?

Opti MozJpeg Guetzli WebP requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Opti MozJpeg Guetzli WebP updated?

Opti MozJpeg Guetzli WebP was last updated on Jul 31, 2018. Frequent updates are generally a positive security signal.

What is Opti MozJpeg Guetzli WebP's security score?

Opti MozJpeg Guetzli WebP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Opti MozJpeg Guetzli WebP Security & Risk Analysis

wordpress.org/plugins/opti-mozjpeg-guetzli-webp

WordPress Opti MozJpeg Guetzli WebP - is the FREE plugin for high quality image optimization in WordPress website. It was created to meet latest requi …

100 active installs v1.16 PHP 5.4+ WP 4.7+ Updated Jul 31, 2018

free-image-optimizationpagespeedpingdomseowordpress-images-optimization

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Opti MozJpeg Guetzli WebP Safe to Use in 2026?

Generally Safe

Score 85/100

Opti MozJpeg Guetzli WebP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The opti-mozjpeg-guetzli-webp plugin version 1.16 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and does not appear to have any known unpatched vulnerabilities or historical CVEs. The attack surface is also relatively small, with only two AJAX handlers and no REST API routes, shortcodes, or cron events, and importantly, no unprotected entry points were identified in the static analysis. However, there are significant concerns regarding output escaping and the use of dangerous functions. A very low percentage of outputs are properly escaped, indicating a high risk of cross-site scripting (XSS) vulnerabilities. Furthermore, the presence of dangerous functions like `exec`, `create_function`, and `unserialize` introduces potential for arbitrary code execution if input controlling these functions is not meticulously sanitized, which the taint analysis suggests could be an issue with unsanitized paths. The lack of nonce checks on AJAX handlers is also a notable weakness, potentially allowing for cross-site request forgery (CSRF) attacks.

Key Concerns

Low output escaping rate
Presence of dangerous functions (exec, create_function, unserialize)
Unsanitized paths in taint analysis
Missing nonce checks on AJAX handlers
Low capability checks count (2)

Vulnerabilities

None known

Opti MozJpeg Guetzli WebP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Opti MozJpeg Guetzli WebP Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

108

External Requests

Bundled Libraries

Dangerous Functions Found

exec$curdir = exec("pwd");class_wpmjgu_url_file.php:537

execexec($command . " 2>\"$stderr_temp_file_path\"", $shellout, $retcode);class_wpmjgu_url_file.php:547

exec$cjpeg_version = exec($cjpeg . " -version 2>&1");class_wpmjgu_validate.php:173

exec$jpegtran_version = exec($jpegtran . " -version 2>&1");class_wpmjgu_validate.php:179

create_functionreturn create_function('$_action, &$self, $_text', $init_crypt . 'if ($_action == "encrypt") { ' . $phpseclib\Crypt\Base.php:2500

unserializeextract(unserialize($partial));phpseclib\Crypt\RSA.php:597

create_function$callback = create_function('$x', 'return "\x" . bin2hex($x[0]);');phpseclib\File\X509.php:2722

SQL Query Safety

100% prepared8 total queries

Output Escaping

14% escaped94 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

the_html (class_wpmjgu_batch_optimization_dialog.php:14)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Opti MozJpeg Guetzli WebP Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_wpmjgu_batch_optimization_workeropti-mozjpeg-guetzli-webp.php:209

authwp_ajax_wpmjgu_batch_revert_workeropti-mozjpeg-guetzli-webp.php:220

WordPress Hooks 4

actionadmin_initopti-mozjpeg-guetzli-webp.php:174

actionadmin_menuopti-mozjpeg-guetzli-webp.php:185

actiondelete_attachmentopti-mozjpeg-guetzli-webp.php:251

actionadmin_noticesopti-mozjpeg-guetzli-webp.php:259

Maintenance & Trust

Opti MozJpeg Guetzli WebP Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJul 31, 2018

PHP min version5.4

Downloads7K

Community Trust

Rating88/100

Number of ratings7

Active installs100

Alternatives

Opti MozJpeg Guetzli WebP Alternatives

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

SpeedyCache – Cache, Optimization, Performance

speedycache

SpeedyCache is a WordPress cache plugin that helps you improve performance of your WordPress site by caching, minifying, and compressing your website.

600K 4 CVEs

Insights from Google PageSpeed

google-pagespeed-insights

Use Insights from Google PageSpeed to increase your sites performance, your search engine ranking, and your visitors browsing experience.

20K 2 CVEs

JCH Optimize

jch-optimize

This plugin automatically performs several front end optimizations to your site to boost performance and increase PageSpeed scores.

4K 3 CVEs

Helper Lite for PageSpeed

helper-lite-for-pagespeed

Speed up your site with attributes decoding="async" & loading="lazy" for <img> and <iframe>.

3K No CVEs

Developer Profile

Opti MozJpeg Guetzli WebP Developer Profile

ihorsl

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Opti MozJpeg Guetzli WebP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/opti-mozjpeg-guetzli-webp/style.css

HTML / DOM Fingerprints

CSS Classes

wpmjgu-titlenav-tabnav-tab-active

Data Attributes

data-settings-dialogdata-batch-optimization-dialogdata-batch-revert-dialogdata-readme-dialogclass='displaynone'

JS Globals

wpmjgu_settings_dialogwpmjgu_funcwpmjgu_batch_optimization_dialogwpmjgu_batch_revert_dialogwpmjgu_readme_dialog

FAQ