WP-Safety

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Security & Risk Analysis

wordpress.org/plugins/quickwebp

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …

7K active installs v3.2.7 PHP 7.4+ WP 6.0.0+ Updated Dec 26, 2025
image-compressionimage-optimizationperformanceseowebp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Safe to Use in 2026?

Generally Safe

Score 100/100

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "quickwebp" v3.2.7 plugin exhibits a significant security concern due to its entirely unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and a high percentage of output escaping, the lack of authentication checks on all six AJAX entry points creates a substantial attack surface. Any unauthenticated user could potentially trigger these AJAX actions, leading to unintended consequences or enabling further exploitation. The taint analysis shows no critical or high severity issues, and the plugin has no recorded vulnerability history, which are positive indicators. However, the sheer number of unprotected AJAX endpoints overrides these strengths, making this a pressing concern that requires immediate attention.

Key Concerns

  • AJAX handlers without authentication checks
  • Large attack surface (6 unprotected entry points)
Vulnerabilities
None known

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
16
166 escaped
Nonce Checks
6
Capability Checks
0
File Operations
10
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

91% escaped182 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

13 flows13 with unsanitized paths
image_optimizition_ajax (admin\class-image-optimizer.php:362)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_image_optimizition_ajaxincludes\class-quickwebp.php:198
authwp_ajax_single_optimizition_ajaxincludes\class-quickwebp.php:199
authwp_ajax_undo_single_optimizition_ajaxincludes\class-quickwebp.php:200
authwp_ajax_start_bulk_optimizationincludes\class-quickwebp.php:213
authwp_ajax_stop_bulk_optimizationincludes\class-quickwebp.php:214
authwp_ajax_check_bulk_optimization_progressincludes\class-quickwebp.php:215
WordPress Hooks 26
actionadmin_noticesadmin\class-settings.php:147
actionadmin_noticesadmin\class-settings.php:163
actionadmin_noticesadmin\class-settings.php:178
actionadmin_noticesadmin\class-settings.php:234
actionadmin_noticesadmin\rewrite-rules\class-rewrite-rules-abstract.php:16
actionadmin_noticesadmin\rewrite-rules\class-rewrite-rules-abstract.php:36
actioninitincludes\class-quickwebp.php:173
actionadmin_enqueue_scriptsincludes\class-quickwebp.php:187
actionadmin_menuincludes\class-quickwebp.php:188
filterplugin_action_linksincludes\class-quickwebp.php:189
actionadmin_initincludes\class-quickwebp.php:190
filtersanitize_option_quickwebp_settings_conversion_display_webp_modeincludes\class-quickwebp.php:191
filterwp_handle_upload_prefilterincludes\class-quickwebp.php:194
filterwp_generate_attachment_metadataincludes\class-quickwebp.php:195
filterbig_image_size_thresholdincludes\class-quickwebp.php:196
filterwp_editor_set_qualityincludes\class-quickwebp.php:197
actiondelete_attachmentincludes\class-quickwebp.php:201
actionwp_enqueue_mediaincludes\class-quickwebp.php:204
filterattachment_fields_to_editincludes\class-quickwebp.php:205
filtermanage_media_columnsincludes\class-quickwebp.php:206
actionmanage_media_custom_columnincludes\class-quickwebp.php:207
actionattachment_submitbox_misc_actionsincludes\class-quickwebp.php:208
filtercron_schedulesincludes\class-quickwebp.php:211
actionquickwebp_bulk_optimization_hookincludes\class-quickwebp.php:212
actiontemplate_redirectincludes\class-quickwebp.php:229
actionadmin_noticesquickwebp.php:105

Scheduled Events 1

quickwebp_bulk_optimization_hook
Maintenance & Trust

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 26, 2025
PHP min version7.4
Downloads33K

Community Trust

Rating94/100
Number of ratings17
Active installs7K
Alternatives

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

A
99

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE
Image to WebP Converter

Image to WebP Converter

image-to-webp-converter

A
100

Automatically convert uploaded images (PNG, JPG, JPEG) to WebP format to enhance website performance and reduce load times.

900 No CVEs
Soovex WebP Converter – Convert Images | Optimize & Compress | Unlimited Conversions

Soovex WebP Converter – Convert Images | Optimize & Compress | Unlimited Conversions

soovex-webp-converter

A
100

Automatically convert WordPress images to WebP format. Optimize images, boost page speed and SEO with unlimited conversions and smart backups.

80 No CVEs
Image Squeeze – Optimize WebP, Compress Images, Boost Performance

Image Squeeze – Optimize WebP, Compress Images, Boost Performance

imagesqueeze

A
100

Smart image optimization for WordPress. Compress, convert to WebP, and speed up your site while improving Core Web Vitals and SEO.

50 No CVEs
GioCompress

GioCompress

giocompress

A
100

WordPress plugin for smart image optimization. Auto-converts to WebP, includes smart lazy loading, and generates missing alt text for better SEO.

30 No CVEs
Developer Profile

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Developer Profile

Ludwig You

6 plugins · 13K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quickwebp/public/assets/build/admin-main-settings.css/wp-content/plugins/quickwebp/public/assets/build/admin-main-settings.js
Script Paths
/wp-content/plugins/quickwebp/public/assets/build/admin-main-settings.js
Version Parameters
quickwebp/public/assets/build/admin-main-settings.css?ver=quickwebp/public/assets/build/admin-main-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
quickwebp-settings-container
Data Attributes
data-quickwebp-optimizer
JS Globals
QUICKWEBP_ADMIN_SETTINGS
FAQ

Frequently Asked Questions about QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly