WP-Safety

OptiFlow WebP Media Security & Risk Analysis

wordpress.org/plugins/optiflow-webp-media

Convert and serve WebP images to optimize WordPress media performance.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Jan 6, 2026
convertimagespagespeedperformancewebp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is OptiFlow WebP Media Safe to Use in 2026?

Generally Safe

Score 100/100

OptiFlow WebP Media has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The optiflow-webp-media plugin version 1.0.0 exhibits a strong security posture based on the provided static analysis. The code demonstrates excellent adherence to secure coding practices, with all SQL queries utilizing prepared statements and all output being properly escaped. The absence of file operations and external HTTP requests further reduces the attack surface. Crucially, all identified entry points, such as the single AJAX handler, are protected by nonce and capability checks, indicating robust authorization and input validation.

The taint analysis found no unsanitized flows, which is a significant strength. The plugin also has no known historical vulnerabilities (CVEs), suggesting a history of stable and secure development. The lack of bundled libraries also means there's no risk of relying on outdated or vulnerable third-party code.

Overall, this plugin appears to be very secure. The thorough implementation of security checks on its limited attack surface is commendable. The only potential for improvement would be a continued focus on maintaining this high standard as new features are added or updates are released. Based on the current data, the risk associated with this plugin is very low.

Vulnerabilities
None known

OptiFlow WebP Media Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

OptiFlow WebP Media Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

OptiFlow WebP Media Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
51 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped51 total outputs
Attack Surface

OptiFlow WebP Media Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_ofwm_manual_convertincludes/class-ofwm-media-actions.php:13
WordPress Hooks 19
filterwp_generate_attachment_metadataincludes/class-ofwm-converter.php:18
actiondelete_attachmentincludes/class-ofwm-converter.php:22
filterthe_contentincludes/class-ofwm-display.php:28
filteracf/format_value/type=imageincludes/class-ofwm-display.php:31
filteracf/format_value/type=galleryincludes/class-ofwm-display.php:32
filterwp_get_attachment_urlincludes/class-ofwm-display.php:35
filterwp_get_attachment_image_srcincludes/class-ofwm-display.php:36
filterwp_calculate_image_srcsetincludes/class-ofwm-display.php:37
filtermanage_media_columnsincludes/class-ofwm-media-actions.php:10
actionmanage_media_custom_columnincludes/class-ofwm-media-actions.php:11
actionadmin_enqueue_scriptsincludes/class-ofwm-media-actions.php:12
filterattachment_fields_to_editincludes/class-ofwm-media-actions.php:14
filterbulk_actions-uploadincludes/class-ofwm-media-actions.php:17
filterhandle_bulk_actions-uploadincludes/class-ofwm-media-actions.php:18
actionadmin_noticesincludes/class-ofwm-media-actions.php:19
actionadmin_menuincludes/class-ofwm-settings.php:24
actionadmin_initincludes/class-ofwm-settings.php:25
actionadmin_enqueue_scriptsincludes/class-ofwm-settings.php:26
actionplugins_loadedoptiflow-webp-media.php:117
Maintenance & Trust

OptiFlow WebP Media Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 6, 2026
PHP min version7.4
Downloads149

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

OptiFlow WebP Media Alternatives

Stintlief WebP Converter

Stintlief WebP Converter

stintlief-webp-converter

A
100

Automatically convert uploaded images to optimized WebP format with safe fallbacks, optional backups, and easy restoration.

10 No CVEs
NextGenConvert

NextGenConvert

nextgenconvert

A
85

Optimise your site with plug-and-play WebP image conversion for quicker image load times via a nextgenconvert.com subscription

0 No CVEs
WEBP Format Permission

WEBP Format Permission

webp-format-permission

A
100

This plugin will allow .webp next generation image for WordPress.

0 No CVEs
WebPioneer

WebPioneer

webpioneer

A
100

Compatibility-first WebP conversion for WordPress with upload-time conversion, bulk tools, delivery safety, and local processing.

0 No CVEs
Image Optimizer – Optimize Images and Convert to WebP or AVIF

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

A
99

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE
Developer Profile

OptiFlow WebP Media Developer Profile

Dhaval Vachhani

3 plugins · 110 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect OptiFlow WebP Media

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/optiflow-webp-media/assets/css/admin-style.css/wp-content/plugins/optiflow-webp-media/assets/js/admin-script.js
Script Paths
/wp-content/plugins/optiflow-webp-media/assets/js/admin-script.js
Version Parameters
optiflow-webp-media/assets/css/admin-style.css?ver=optiflow-webp-media/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ofwm-manual-convert
Data Attributes
data-id
FAQ

Frequently Asked Questions about OptiFlow WebP Media