OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Security & Risk Analysis
wordpress.org/plugins/origisafe-advanced-image-optimizerConvert JPG/PNG uploads (and existing library) to WebP, move originals to /uploads/_originals/, and update Media Library metadata - WP serves .webp
Is OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Safe to Use in 2026?
Generally Safe
Score 100/100OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'origisafe-advanced-image-optimizer' plugin version 0.0.122 exhibits a generally good security posture with several strengths. The code analysis reveals that all SQL queries utilize prepared statements, and all output is properly escaped, which are crucial best practices. Furthermore, the plugin demonstrates diligent use of nonce and capability checks for many of its entry points, and importantly, there is no known vulnerability history, indicating a potentially stable and secure past. However, there are notable areas of concern. The plugin exposes a significant attack surface with 12 entry points, two of which, AJAX handlers, lack any authentication checks. This directly creates a pathway for potential unauthorized actions. The presence of the 'unserialize' function is also a significant risk if it processes untrusted user input, as it can lead to remote code execution vulnerabilities. While the taint analysis found no current critical or high severity flows, the latent danger of unserialize cannot be overlooked.
Key Concerns
- AJAX handlers without auth checks
- Dangerous function: unserialize
OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Security Vulnerabilities
OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Attack Surface
AJAX Handlers 11
REST API Routes 1
WordPress Hooks 7
Maintenance & Trust
OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Maintenance & Trust
Maintenance Signals
Community Trust
OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Alternatives
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF
imagify
Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN
wp-smushit
Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.
Converter for Media – Optimize images | Convert WebP & AVIF
webp-converter-for-media
Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
shortpixel-image-optimiser
Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.
Optimole – Optimize Images in Real Time
optimole-wp
Automatically optimize images: bulk compression, lazy loading, WebP/AVIF conversion. With CloudFront image CDN to boost Core Web Vitals & conversions!
OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe Developer Profile
4 plugins · 160 total installs
How We Detect OrigiSafe — Advanced Image Optimizer (WebP) — Keep Originals Safe
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/origisafe-advanced-image-optimizer/css/style.css/wp-content/plugins/origisafe-advanced-image-optimizer/css/responsive.css/wp-content/plugins/origisafe-advanced-image-optimizer/js/admin.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/bulk.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/job.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/log.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/revert.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/sweep.js+1 more/wp-content/plugins/origisafe-advanced-image-optimizer/js/admin.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/bulk.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/job.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/log.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/revert.js/wp-content/plugins/origisafe-advanced-image-optimizer/js/sweep.js+1 moreorigisafe-advanced-image-optimizer/css/style.css?ver=origisafe-advanced-image-optimizer/css/responsive.css?ver=origisafe-advanced-image-optimizer/js/admin.js?ver=origisafe-advanced-image-optimizer/js/bulk.js?ver=origisafe-advanced-image-optimizer/js/job.js?ver=origisafe-advanced-image-optimizer/js/log.js?ver=origisafe-advanced-image-optimizer/js/revert.js?ver=origisafe-advanced-image-optimizer/js/sweep.js?ver=origisafe-advanced-image-optimizer/js/repair.js?ver=HTML / DOM Fingerprints
hsbc-webp-bulk-wraphsbc-webp-bulk-progresshsbc-webp-repair-wraphsbc-webp-sweep-wraphsbc-webp-job-status-wraphsbc-webp-log-wraphsbc-webp-log-entryhsbc-webp-revert-wrap+1 more<!-- OrigiSafe --<!-- OrigiSafe Debug -->data-hsbc-actiondata-hsbc-paramsdata-hsbc-log-tail-urldata-hsbc-job-state-urldata-hsbc-bulk-urldata-hsbc-repair-url+5 moreHSBC_WebP_Datahsbc_webp_bulk_paramshsbc_webp_repair_paramshsbc_webp_sweep_paramshsbc_webp_job_paramshsbc_webp_log_params+1 more/wp-json/hsbc-webp-only/v1/job/start/wp-json/hsbc-webp-only/v1/job/stop/wp-json/hsbc-webp-only/v1/job/status/wp-json/hsbc-webp-only/v1/log/tail/wp-json/hsbc-webp-only/v1/log/reset/wp-json/hsbc-webp-only/v1/bulk/wp-json/hsbc-webp-only/v1/repair/wp-json/hsbc-webp-only/v1/sweep/wp-json/hsbc-webp-only/v1/revert