WebP Tools Security & Risk Analysis
wordpress.org/plugins/oracast-webp-toolsConvert JPG and PNG images in your WordPress site to modern, lightweight WebP format for faster loading and better performance.
Is WebP Tools Safe to Use in 2026?
Generally Safe
Score 100/100WebP Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'oracast-webp-tools' plugin v2.0.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a relatively high percentage of properly escaped output. The absence of known CVEs and taint analysis findings with unsanitized paths is also a strong indicator of a secure development history. However, there are notable areas for improvement, primarily concerning its attack surface.
The plugin exposes five AJAX handlers, with a significant three of them lacking authentication checks. This unprotected entry point represents a potential vector for attackers to trigger plugin functionality without proper authorization, which could lead to unintended consequences depending on the handler's purpose. While there are nonce and capability checks present, their absence on these specific AJAX handlers is a clear weakness.
Overall, the plugin's lack of historical vulnerabilities and sound SQL handling practices are strengths. However, the unprotected AJAX handlers introduce a tangible risk that needs to be addressed. If these unprotected AJAX endpoints perform sensitive operations, the risk could be elevated. Until these are secured, users should be aware of this potential vulnerability.
Key Concerns
- Unprotected AJAX handlers
- 3 out of 5 AJAX handlers without auth
WebP Tools Security Vulnerabilities
WebP Tools Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WebP Tools Attack Surface
AJAX Handlers 5
WordPress Hooks 5
Maintenance & Trust
WebP Tools Maintenance & Trust
Maintenance Signals
Community Trust
WebP Tools Alternatives
Upload Converter for WebP
upload-converter-webp
Convert JPG, JPEG, and PNG images to WebP automatically or manually with bulk actions and Media Library buttons.
Image Optimizer – Optimize Images and Convert to WebP or AVIF
image-optimization
Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.
QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly
quickwebp
QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …
Image to WebP Converter
image-to-webp-converter
Automatically convert uploaded images (PNG, JPG, JPEG) to WebP format to enhance website performance and reduce load times.
Pressidium Performance
pressidium-performance
Speed up your WordPress site, improve Core Web Vitals and enhance user experience with one-click image optimization, CSS & JavaScript minification.
WebP Tools Developer Profile
1 plugin · 0 total installs
How We Detect WebP Tools
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/oracast-webp-tools/assets/css/oracast-webp-tools.css/wp-content/plugins/oracast-webp-tools/assets/js/oracast-webp-tools.js/wp-content/plugins/oracast-webp-tools/includes/vendor/bootstrap/css/bootstrap.min.css/wp-content/plugins/oracast-webp-tools/includes/vendor/bootstrap/js/bootstrap.bundle.min.js/wp-content/plugins/oracast-webp-tools/assets/js/oracast-webp-tools.jsoracast-webp-tools.css?ver=oracast-webp-tools.js?ver=bootstrap.min.css?ver=bootstrap.bundle.min.js?ver=HTML / DOM Fingerprints
oracast-webp-tools-settingsdata-bs-toggledata-bs-targetoracast_webp_tools_varsoracast_webp_tools/wp-json/oracast-webp-tools