Does QODE Optimizer have any unpatched vulnerabilities?

No. All known vulnerabilities in QODE Optimizer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is QODE Optimizer compatible with WordPress 6.9.4?

According to WordPress.org data, QODE Optimizer 1.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is QODE Optimizer compatible with PHP 8.1+?

QODE Optimizer requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is QODE Optimizer updated?

QODE Optimizer was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is QODE Optimizer's security score?

QODE Optimizer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

QODE Optimizer Security & Risk Analysis

wordpress.org/plugins/qode-optimizer

The QODE Optimizer plugin is developed to allow you to convert, compress and adjust file sizes for all the images found on your website.

20K active installs v1.2.2 PHP 8.1+ WP 6.3+ Updated Mar 9, 2026

compress-imagesconvert-imagesimage-optimizationresize-imageswebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is QODE Optimizer Safe to Use in 2026?

Generally Safe

Score 100/100

QODE Optimizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago

Risk Assessment

The qode-optimizer plugin v1.2.2 exhibits a generally strong security posture based on the static analysis. The plugin demonstrates excellent adherence to secure coding practices, with a very high percentage of SQL queries using prepared statements and output being properly escaped. The presence of numerous nonce and capability checks on its 17 AJAX handlers indicates a robust effort to protect these entry points from unauthorized access. The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment, suggesting diligent maintenance and security awareness from the developers.

Key Concerns

Unsanitized path in taint analysis
Presence of 'exec' function

Vulnerabilities

None known

QODE Optimizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

QODE Optimizer Code Analysis

Dangerous Functions

Raw SQL Queries

66 prepared

Unescaped Output

761 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execif ( false !== exec( $tool_path . ' -O3 --careful ' . $lossy_option . ' -o ' . escapeshellarg( $tmpfclasses\class-qode-optimizer-gif.php:402

execif ( false !== exec( $tool_path . ' -lossy -q ' . $this->webp_quality . ' ' . escapeshellarg( $this-classes\class-qode-optimizer-gif.php:562

execif ( false !== exec( $tool_path . ' -quiet ' . $this->tool_create_webp_additional_options() . ' ' . classes\class-qode-optimizer-image.php:1455

execif ( false !== exec( $tool_path . ' -copy ' . $copy_option . ' -optimize ' . $progressive_option . 'classes\class-qode-optimizer-jpeg.php:427

execif ( false !== exec( $tool_path . ' -q ' . $max_quality_option . ' ' . $strip_option . ' ' . $progreclasses\class-qode-optimizer-jpeg.php:501

execif ( false !== exec( $tool_path . ' ' . $quality_option . ' -- ' . escapeshellarg( $compressed_file classes\class-qode-optimizer-png.php:441

execif ( false !== exec( $tool_path . ' -o2 -quiet ' . $strip_option . ' ' . escapeshellarg( $tmpfile ) classes\class-qode-optimizer-png.php:510

execif ( false !== exec( $tool_path . ' -k1 -q ' . escapeshellarg( $tmpfile ) ) ) {classes\class-qode-optimizer-png.php:568

execexec( $tool_path . ' -version 2>&1', $output, $return_var );classes\class-qode-optimizer-support.php:423

execexec( $tool_path . ' -version 2>&1', $output, $return_var );classes\class-qode-optimizer-support.php:454

execexec( $tool_path . ' -version 2>&1', $output );classes\class-qode-optimizer-support.php:484

execexec( $tool_path . ' --version 2>&1', $output );classes\class-qode-optimizer-support.php:514

execexec( $tool_path . ' --version 2>&1', $output );classes\class-qode-optimizer-support.php:544

execexec( $tool_path . ' -v ' . QODE_OPTIMIZER_SAMPLES_FOLDER_PATH . DIRECTORY_SEPARATOR . 'sample.jpg 2classes\class-qode-optimizer-support.php:574

execexec( $tool_path . ' -v 2>&1', $output );classes\class-qode-optimizer-support.php:605

execexec( $tool_path . ' 2>&1', $output );classes\class-qode-optimizer-support.php:635

execexec( $tool_path . ' -V 2>&1', $output );classes\class-qode-optimizer-support.php:665

SQL Query Safety

96% prepared69 total queries

Output Escaping

99% escaped765 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

ajax_init_action_buttons_and_info (classes\class-qode-optimizer-media.php:357)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

QODE Optimizer Attack Surface

Entry Points17

Unprotected0

AJAX Handlers 17

authwp_ajax_qode_optimizer_bulk_action_optimize_and_webpclasses\class-qode-optimizer-bulk.php:21

authwp_ajax_qode_optimizer_bulk_action_folders_optimize_and_webpclasses\class-qode-optimizer-bulk.php:22

authwp_ajax_qode_optimizer_issue_action_optimization_history_issues_resolveclasses\class-qode-optimizer-issue.php:21

authwp_ajax_qode_optimizer_media_init_action_buttons_and_infoclasses\class-qode-optimizer-media.php:26

authwp_ajax_qode_optimizer_media_include_action_buttonsclasses\class-qode-optimizer-media.php:27

authwp_ajax_qode_optimizer_media_action_optimize_processclasses\class-qode-optimizer-media.php:28

authwp_ajax_qode_optimizer_media_action_restoreclasses\class-qode-optimizer-media.php:29

authwp_ajax_qode_optimizer_media_action_regenerateclasses\class-qode-optimizer-media.php:30

authwp_ajax_qode_optimizer_media_action_recoverclasses\class-qode-optimizer-media.php:31

authwp_ajax_qode_optimizer_options_action_ajax_option_add_descriptionclasses\class-qode-optimizer-options.php:129

authwp_ajax_qode_optimizer_options_action_ajax_option_actionclasses\class-qode-optimizer-options.php:130

authwp_ajax_qode_optimizer_utility_action_clean_up_optimization_historyclasses\class-qode-optimizer-utility.php:21

authwp_ajax_qode_optimizer_utility_action_resolve_optimization_history_issuesclasses\class-qode-optimizer-utility.php:22

authwp_ajax_qode_optimizer_utility_action_delete_optimization_historyclasses\class-qode-optimizer-utility.php:23

authwp_ajax_qode_optimizer_utility_action_delete_webp_imagesclasses\class-qode-optimizer-utility.php:24

authwp_ajax_qode_optimizer_utility_action_delete_all_webp_imagesclasses\class-qode-optimizer-utility.php:25

authwp_ajax_qode_optimizer_deactivationinc\admin\inc\admin-notice\class-qode-optimizer-admin-notice.php:24

WordPress Hooks 86

actionqode_optimizer_action_framework_load_dependent_pluginsclass-qode-optimizer.php:31

filterqode_optimizer_filter_framework_register_admin_optionsclass-qode-optimizer.php:78

actionqode_optimizer_action_framework_populate_meta_boxclass-qode-optimizer.php:82

actioninitclass-qode-optimizer.php:85

actionplugins_loadedclass-qode-optimizer.php:94

filterbody_classclass-qode-optimizer.php:97

filteradmin_initclass-qode-optimizer.php:123

actionadmin_menuclasses\class-qode-optimizer-general.php:20

filterhandle_bulk_actions-uploadclasses\class-qode-optimizer-general.php:24

filterbulk_actions-uploadclasses\class-qode-optimizer-general.php:36

actionadmin_action_qode_optimizer_open_system_logclasses\class-qode-optimizer-log.php:53

actionadmin_action_qode_optimizer_download_system_logclasses\class-qode-optimizer-log.php:54

actionadmin_action_qode_optimizer_delete_system_logclasses\class-qode-optimizer-log.php:55

actionprint_media_templatesclasses\class-qode-optimizer-media.php:19

filtermanage_media_columnsclasses\class-qode-optimizer-media.php:20

actionmanage_media_custom_columnclasses\class-qode-optimizer-media.php:21

actiondelete_attachmentclasses\class-qode-optimizer-media.php:22

actioninitclasses\class-qode-optimizer-parser.php:43

filterqode_optimizer_modify_page_outputclasses\class-qode-optimizer-parser.php:44

actiontemplate_redirectclasses\class-qode-optimizer-parser.php:59

actionwp_after_load_templateclasses\class-qode-optimizer-parser.php:61

actionplugins_loadedinc\admin\class-qode-optimizer-framework.php:18

filterwp_kses_allowed_htmlinc\admin\helpers\helper.php:383

actionadmin_enqueue_scriptsinc\admin\inc\admin-notice\class-qode-optimizer-admin-notice.php:18

actioncurrent_screeninc\admin\inc\admin-notice\class-qode-optimizer-admin-notice.php:21

actionadmin_enqueue_scriptsinc\admin\inc\admin-notice\class-qode-optimizer-admin-notice.php:52

actionadmin_footerinc\admin\inc\admin-notice\class-qode-optimizer-admin-notice.php:56

filterplugin_row_metainc\admin\inc\admin-pages\class-qode-optimizer-admin-general-page.php:20

actioninitinc\admin\inc\admin-pages\class-qode-optimizer-admin-general-page.php:24

actionadmin_menuinc\admin\inc\admin-pages\class-qode-optimizer-admin-general-page.php:25

filteradmin_body_classinc\admin\inc\admin-pages\class-qode-optimizer-admin-general-page.php:26

actionadmin_enqueue_scriptsinc\admin\inc\admin-pages\class-qode-optimizer-admin-general-page.php:172

actionadmin_enqueue_scriptsinc\admin\inc\admin-pages\class-qode-optimizer-admin-general-page.php:173

actioninitinc\admin\inc\admin-pages\class-qode-optimizer-admin-options-custom-page-handler.php:15

filterqode_optimizer_filter_framework_custom_navinc\admin\inc\admin-pages\class-qode-optimizer-admin-options-custom-page-handler.php:39

actionadmin_enqueue_scriptsinc\admin\inc\admin-pages\class-qode-optimizer-admin-options-custom-page-handler.php:41

actionadmin_enqueue_scriptsinc\admin\inc\admin-pages\class-qode-optimizer-admin-options-custom-page-handler.php:42

actioninitinc\admin\inc\admin-pages\options-custom-pages\help\dashboard.php:25

actionqode_optimizer_action_additional_scripts_on_options_page_helpinc\admin\inc\admin-pages\options-custom-pages\help\helper.php:16

actionqode_optimizer_action_framework_before_custom_navinc\admin\inc\admin-pages\options-custom-pages\helper.php:15

actioninitinc\admin\inc\admin-pages\options-custom-pages\qode-products\dashboard.php:25

filterqode_optimizer_filter_add_sub_pageinc\admin\inc\admin-pages\sub-pages\log\class-qode-optimizer-admin-page-log.php:22

filterqode_optimizer_filter_add_sub_pageinc\admin\inc\admin-pages\sub-pages\optimization\class-qode-optimizer-admin-page-optimization.php:22

actionqode_optimizer_action_additional_scriptsinc\admin\inc\admin-pages\sub-pages\optimization\class-qode-optimizer-admin-page-optimization.php:32

filterqode_optimizer_filter_add_sub_pageinc\admin\inc\admin-pages\sub-pages\regeneration\class-qode-optimizer-admin-page-regeneration.php:22

filterqode_optimizer_filter_add_sub_pageinc\admin\inc\admin-pages\sub-pages\restoration\class-qode-optimizer-admin-page-restoration.php:22

filterqode_optimizer_filter_add_sub_pageinc\admin\inc\admin-pages\sub-pages\status\class-qode-optimizer-admin-page-status.php:22

actionqode_optimizer_action_additional_scriptsinc\admin\inc\admin-pages\sub-pages\status\class-qode-optimizer-admin-page-status.php:32

filterqode_optimizer_filter_add_sub_pageinc\admin\inc\admin-pages\sub-pages\utilities\class-qode-optimizer-admin-page-utilities.php:22

actionqode_optimizer_action_additional_scriptsinc\admin\inc\admin-pages\sub-pages\utilities\class-qode-optimizer-admin-page-utilities.php:32

actionafter_setup_themeinc\admin\inc\class-qode-optimizer-framework-root.php:16

actionafter_setup_themeinc\admin\inc\class-qode-optimizer-framework-root.php:17

actionafter_setup_themeinc\admin\inc\class-qode-optimizer-framework-root.php:18

actionadmin_enqueue_scriptsinc\admin\inc\class-qode-optimizer-framework-root.php:20

actioninitinc\admin\inc\common\modules\admin\core\class-qode-optimizer-framework-options-admin.php:22

actionadmin_menuinc\admin\inc\common\modules\admin\core\class-qode-optimizer-framework-options-admin.php:24

actionadmin_bar_menuinc\admin\inc\common\modules\admin\core\class-qode-optimizer-framework-options-admin.php:27

actionadmin_enqueue_scriptsinc\admin\inc\common\modules\admin\core\class-qode-optimizer-framework-options-admin.php:34

filteradmin_body_classinc\admin\inc\common\modules\admin\core\class-qode-optimizer-framework-options-admin.php:36

actioninitinc\admin\inc\common\modules\attachment\core\class-qode-optimizer-framework-options-attachment.php:12

actionattachment_fields_to_editinc\admin\inc\common\modules\attachment\core\class-qode-optimizer-framework-options-attachment.php:13

filterattachment_fields_to_saveinc\admin\inc\common\modules\attachment\core\class-qode-optimizer-framework-options-attachment.php:14

actionadmin_initinc\admin\inc\common\modules\attribute\core\class-qode-optimizer-framework-options-attribute.php:12

actionwoocommerce_after_add_attribute_fieldsinc\admin\inc\common\modules\attribute\core\class-qode-optimizer-framework-options-attribute.php:13

actionwoocommerce_after_edit_attribute_fieldsinc\admin\inc\common\modules\attribute\core\class-qode-optimizer-framework-options-attribute.php:14

actionwoocommerce_attribute_addedinc\admin\inc\common\modules\attribute\core\class-qode-optimizer-framework-options-attribute.php:15

actionwoocommerce_attribute_updatedinc\admin\inc\common\modules\attribute\core\class-qode-optimizer-framework-options-attribute.php:16

actionadmin_enqueue_scriptsinc\admin\inc\common\modules\attribute\core\class-qode-optimizer-framework-options-attribute.php:19

actionwp_loadedinc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:12

actionadd_meta_boxesinc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:13

actiondo_meta_boxesinc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:14

actionsave_postinc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:15

filtersanitize_post_meta_qode_optimizer_meta_optioninc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:16

actionadmin_headinc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:18

filteradmin_body_classinc\admin\inc\common\modules\meta-boxes\core\class-qode-optimizer-framework-options-meta.php:20

actioninitinc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:11

actioninitinc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:12

actioninitinc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:13

actioncreated_terminc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:15

actionedited_terminc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:16

filtersanitize_term_meta_qode_optimizer_term_optioninc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:17

actionadmin_enqueue_scriptsinc\admin\inc\common\modules\taxonomy\core\class-qode-optimizer-framework-options-taxonomy.php:20

actionqode_optimizer_action_advanced_options_initinc\general\dashboard\admin\advanced-options.php:74

actionqode_optimizer_action_conversion_options_initinc\general\dashboard\admin\conversion-options.php:21

actionqode_optimizer_action_optimization_options_initinc\general\dashboard\admin\optimization-options.php:175

actionqode_optimizer_action_webp_options_initinc\general\dashboard\admin\webp-options.php:81

Maintenance & Trust

QODE Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version8.1

Downloads79K

Community Trust

Rating0/100

Number of ratings0

Active installs20K

Alternatives

QODE Optimizer Alternatives

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 6 CVEs

Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

robin-image-optimizer

Unlimited automatic image optimization for WordPress. Compress images, convert to WebP, and improve site speed without losing image quality.

100K 2 CVEs

Developer Profile

QODE Optimizer Developer Profile

Qode

12 plugins · 321K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

47 days

View full developer profile

Detection Fingerprints

How We Detect QODE Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qode-optimizer/assets/css/qode-optimizer.css/wp-content/plugins/qode-optimizer/assets/js/qode-optimizer.js

Script Paths

/wp-content/plugins/qode-optimizer/assets/js/qode-optimizer.js

Version Parameters

qode-optimizer/assets/css/qode-optimizer.css?ver=qode-optimizer/assets/js/qode-optimizer.js?ver=

HTML / DOM Fingerprints

CSS Classes

qode-optimizer-optimizer-page

JS Globals

Qode_Optimizer

FAQ