Does ResizeFly have any unpatched vulnerabilities?

No. All known vulnerabilities in ResizeFly have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ResizeFly compatible with WordPress 5.6.17?

According to WordPress.org data, ResizeFly 3.2.6 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is ResizeFly compatible with PHP 5.6+?

ResizeFly requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ResizeFly updated?

ResizeFly was last updated on Dec 17, 2020. Frequent updates are generally a positive security signal.

What is ResizeFly's security score?

ResizeFly has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ResizeFly Security & Risk Analysis

wordpress.org/plugins/resizefly

Dynamically resize your WordPress images on the fly. Upload them once and don't worry about missing or new image sizes.

10 active installs v3.2.6 PHP 5.6+ WP 4.7.0+ Updated Dec 17, 2020

dynamicdynamic-imagesimagejpgpng

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ResizeFly Safe to Use in 2026?

Generally Safe

Score 85/100

ResizeFly has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "resizefly" v3.2.6 plugin exhibits a mixed security posture. On one hand, the static analysis shows a remarkably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. This is a positive indicator of well-designed entry points. Additionally, the plugin demonstrates good practice with a high number of nonce checks and capability checks, suggesting an effort to secure operations. The complete absence of known CVEs is also a significant strength, implying a history of responsible development or a lack of past vulnerabilities.

However, there are notable concerns within the code analysis. The single SQL query is not using prepared statements, posing a risk of SQL injection. Furthermore, the exceptionally low percentage of properly escaped output (19%) is a significant weakness, creating a high likelihood of cross-site scripting (XSS) vulnerabilities. The taint analysis also flagged two flows with unsanitized paths, even though they were not categorized as critical or high severity, they warrant attention. The plugin also performs file operations and external HTTP requests, which are common areas for security vulnerabilities if not handled carefully.

In conclusion, while "resizefly" v3.2.6 benefits from a small, seemingly well-protected attack surface and a clean vulnerability history, the lack of prepared statements for its SQL query and the extremely poor output escaping practices introduce significant risks. The presence of unsanitized paths in taint flows further reinforces the need for code review and sanitization. The strengths in attack surface reduction and vulnerability history are overshadowed by the critical code-level weaknesses in SQL and output handling.

Key Concerns

SQL queries not using prepared statements
Low percentage of properly escaped output
Unsanitized paths in taint analysis flows

Vulnerabilities

None known

ResizeFly Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ResizeFly Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

19% escaped99 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

show_changelog (src\Addon\EddAddonUpdater.php:329)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ResizeFly Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 59

actionafter_setup_themeapp\actions\after-setup-theme.php:11

filtermedia_send_to_editorapp\actions\media-send-to-editor.php:10

actiontemplate_redirectapp\actions\template-redirect.php:18

actionupgrader_process_completeapp\actions\upgrader-process-complete.php:8

filterwp_get_attachment_image_srcapp\actions\wp-get-attachment-src.php:3

actionplugins_loadedapp\bootstrap.php:22

filterwp_image_editorsapp\bootstrap.php:77

filterpre_set_site_transient_update_pluginssrc\Addon\EddAddonUpdater.php:58

filterplugins_apisrc\Addon\EddAddonUpdater.php:59

actionadmin_initsrc\Addon\EddAddonUpdater.php:62

filterpre_set_site_transient_update_pluginssrc\Addon\EddAddonUpdater.php:201

actionadmin_initsrc\Admin\AbstractOption.php:58

actionadmin_initsrc\Admin\AbstractOption.php:59

actionadmin_initsrc\Admin\AbstractOptionsSection.php:54

actionadmin_initsrc\Admin\Cache\PathField.php:103

actionadmin_enqueue_scriptssrc\Admin\Cache\PurgeSingle.php:28

actiondelete_attachmentsrc\Admin\Cache\PurgeSingle.php:31

filtermedia_row_actionssrc\Admin\Cache\PurgeSingle.php:33

filterattachment_fields_to_editsrc\Admin\Cache\PurgeSingle.php:34

actionadmin_initsrc\Admin\Licenses\LicenseField.php:58

filterresizefly/admin/sectionssrc\Admin\Licenses\LicensesSection.php:29

actionadmin_menusrc\Admin\OptionsPage.php:61

actionadmin_enqueue_scriptssrc\Admin\OptionsPage.php:62

actionafter_setup_themesrc\Admin\Sizes\SizesField.php:83

actionadmin_noticessrc\Admin\Sizes\SizesField.php:90

actionafter_switch_themesrc\Admin\Sizes\SizesField.php:93

actionupgrader_process_completesrc\Admin\Sizes\SizesField.php:94

actionactivated_pluginsrc\Admin\Sizes\SizesField.php:95

actiondeactivated_pluginsrc\Admin\Sizes\SizesField.php:96

actionwp_handle_replacesrc\Compatibles\EnableMediaReplace.php:17

actionwp_handle_uploadsrc\Compatibles\EnableMediaReplace.php:21

filterwpml_get_home_urlsrc\Compatibles\WPML.php:15

filterresizefly/home_urlsrc\Compatibles\WPML.php:16

filterwp_generate_attachment_metadatasrc\Upload\DuplicateOriginal.php:62

actiondelete_attachmentsrc\Upload\DuplicateOriginal.php:65

filterbig_image_size_thresholdsrc\Upload\DuplicateOriginal.php:125

actionadmin_initsrc\Upload\DuplicateOriginal.php:217

actionadmin_noticessrc\Upload\DuplicateOriginal.php:219

filterintermediate_image_sizes_advancedsrc\Upload\Fake.php:33

filterwp_generate_attachment_metadatasrc\Upload\Fake.php:34

filterresizefly/filter/urlsrc\Upload\Filter.php:51

filterresizefly/filter/add_cachesrc\Upload\Filter.php:52

filterresizefly/filter/metadata_filesrc\Upload\Filter.php:53

filterresizefly/filter/metadata_basenamesrc\Upload\Filter.php:54

filterwp_prepare_attachment_for_jssrc\Upload\Filter.php:57

filterwp_get_attachment_image_srcsrc\Upload\Filter.php:68

filterthe_contentsrc\Upload\Filter.php:75

filterpost_thumbnail_htmlsrc\Upload\Filter.php:76

filterget_header_image_tagsrc\Upload\Filter.php:77

filteradmin_post_thumbnail_htmlsrc\Upload\Filter.php:78

filtermedia_send_to_editorsrc\Upload\Filter.php:81

filtercontent_edit_presrc\Upload\Filter.php:82

filtercontent_save_presrc\Upload\Filter.php:83

filterupload_dirsrc\Upload\Uploads.php:26

filterupload_dirsrc\Upload\Uploads.php:27

actionadmin_noticesversion-check.php:33

actionplugins_loadedversion-check.php:34

actionadmin_initversion-check.php:35

actioninitversion-check.php:36

Maintenance & Trust

ResizeFly Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedDec 17, 2020

PHP min version5.6

Downloads9K

Community Trust

Rating100/100

Number of ratings5

Active installs10

Alternatives

ResizeFly Alternatives

Upload Converter for WebP

upload-converter-webp

100

Convert JPG, JPEG, and PNG images to WebP automatically or manually with bulk actions and Media Library buttons.

300 No CVEs

Auto Cloudinary

auto-cloudinary

100

Super simple Cloudinary auto-upload implementation for WordPress.

200 No CVEs

Dynamic Image Resizer

dynamic-image-resizer

Make your images change sizes dynamically.

200 No CVEs

Image Format Converter

image-format-converter

100

Convert images between JPG, PNG, WebP, and AVIF in WordPress admin with a modern UI. Requires GD or Imagick.

100 No CVEs

Flickr Photo Post

flickr-photo-post

The Flickr Wordpress Plugin allows you to add flickr images to your wordpress posts incl. a simple crop function.

50 No CVEs

Developer Profile

ResizeFly Developer Profile

alpipego

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ResizeFly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/resizefly/js/resizefly-purge-single.js/wp-content/plugins/resizefly/js/resizefly-purge-single.min.js/wp-content/plugins/resizefly/js/resizefly-admin.js/wp-content/plugins/resizefly/js/resizefly-admin.min.js/wp-content/plugins/resizefly/css/resizefly-admin.css

Script Paths

Version Parameters

resizefly/js/resizefly-purge-single.resizefly/js/resizefly-admin.

HTML / DOM Fingerprints

CSS Classes

rzf-purge-single

Data Attributes

data-noncedata-postid

JS Globals

resizefly

FAQ