WP-Safety

reSmush.it : The original free image compressor and optimizer plugin Security & Risk Analysis

wordpress.org/plugins/resmushit-image-optimizer

reSmush.it is the FREE image compressor and optimizer plugin - use it to optimize your images and improve the SEO and performance of your website.

100K active installs v1.0.4 PHP 7.4+ WP 4.0.0+ Updated Dec 10, 2025
free-image-optimizationimageimage-optimizationoptimizersmush
98
A · Safe
CVEs total3
Unpatched0
Last CVEOct 26, 2022
Plugin page Download
Safety Verdict

Is reSmush.it : The original free image compressor and optimizer plugin Safe to Use in 2026?

Generally Safe

Score 98/100

reSmush.it : The original free image compressor and optimizer plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 26, 2022Updated 3mo ago
Risk Assessment

The resmushit-image-optimizer plugin v1.0.4 exhibits a mixed security posture. On the positive side, the static analysis reveals good practices in several areas, including 100% of SQL queries using prepared statements, a high percentage (92%) of properly escaped output, and robust enforcement of nonce and capability checks on its eight AJAX handlers. Furthermore, the absence of critical or high severity taint analysis findings and the fact that there are currently no unpatched CVEs are encouraging indicators. However, the presence of the `unserialize` dangerous function is a significant concern, as it can be a vector for remote code execution if used with untrusted input. The plugin's vulnerability history, with three past CVEs including two high and one medium severity, highlights a pattern of past security weaknesses. These historical issues, particularly those involving CSRF, XSS, and missing authorization, suggest a need for ongoing vigilance in code review and security testing. While the current version shows improvements, the historical context and the presence of `unserialize` warrant a cautious approach.

Key Concerns

  • Presence of dangerous function: unserialize
  • 3 total known CVEs in vulnerability history
  • 2 high severity CVEs in vulnerability history
  • 1 medium severity CVE in vulnerability history
Vulnerabilities
3

reSmush.it : The original free image compressor and optimizer plugin Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
Patched Has unpatched

Severity Breakdown

High
2
Medium
1

3 total CVEs

CVE-2022-2449high · 8.8Cross-Site Request Forgery (CSRF)

reSmush.it Image Optimizer <= 0.4.6 - Cross-Site Request Forgery

Oct 26, 2022 Patched in 0.4.7 (454d)
CVE-2022-2448medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

reSmush.it Image Optimizer <= 0.4.5 - Authenticated (Administrator+) Cross-Site Scripting

Sep 19, 2022 Patched in 0.4.6 (491d)
CVE-2022-2450high · 7.3Missing Authorization

reSmush.it <= 0.4.3 - Missing Authorization

Aug 11, 2022 Patched in 0.4.4 (530d)
Code Analysis
Analyzed Mar 16, 2026

reSmush.it : The original free image compressor and optimizer plugin Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
14 prepared
Unescaped Output
8
88 escaped
Nonce Checks
8
Capability Checks
10
File Operations
8
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$tmp['attachment_metadata'] = isset($image->file_meta) ? unserialize($image->file_meta) : array();classes\resmushit.class.php:386

SQL Query Safety

100% prepared14 total queries

Output Escaping

92% escaped96 total outputs
Attack Surface

reSmush.it : The original free image compressor and optimizer plugin Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_resmushit_bulk_process_imageclasses\Controller\AjaxController.php:32
authwp_ajax_resmushit_bulk_get_imagesclasses\Controller\AjaxController.php:33
authwp_ajax_resmushit_update_disabled_stateclasses\Controller\AjaxController.php:34
authwp_ajax_resmushit_optimize_single_attachmentclasses\Controller\AjaxController.php:35
authwp_ajax_resmushit_restore_single_attachmentclasses\Controller\AjaxController.php:36
authwp_ajax_resmushit_update_statisticsclasses\Controller\AjaxController.php:37
authwp_ajax_resmushit_remove_backup_filesclasses\Controller\AjaxController.php:38
authwp_ajax_resmushit_restore_backup_filesclasses\Controller\AjaxController.php:39
WordPress Hooks 16
actionadmin_menuclasses\Controller\AdminController.php:40
actionadmin_initclasses\Controller\AdminController.php:41
filtermanage_media_columnsclasses\Controller\AdminController.php:42
actionmanage_media_custom_columnclasses\Controller\AdminController.php:44
actionadd_meta_boxes_attachmentclasses\Controller\AdminController.php:47
actionadmin_headclasses\Controller\AdminController.php:49
actionupdate_option_resmushit_cronclasses\Controller\CronController.php:36
filtercron_schedulesclasses\Controller\CronController.php:37
actionresmushit_optimizeclasses\Controller\CronController.php:38
actionupdate_option_resmushit_remove_unsmushedclasses\Controller\CronController.php:39
filterwp_generate_attachment_metadataclasses\Controller\CronController.php:104
actiondelete_attachmentclasses\Controller\ProcessController.php:34
actionadd_attachmentclasses\Controller\ProcessController.php:38
filterwp_generate_attachment_metadataclasses\Controller\ProcessController.php:47
actionwp_loadedclasses\Plugin.php:30
actionadmin_initresmushit.php:99

Scheduled Events 1

resmushit_optimize
Maintenance & Trust

reSmush.it : The original free image compressor and optimizer plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.4
Downloads3.4M

Community Trust

Rating86/100
Number of ratings158
Active installs100K
Alternatives

reSmush.it : The original free image compressor and optimizer plugin Alternatives

ImagePilot – Save Money, Disk Space, and Bandwidth with Image Optimization

ImagePilot – Save Money, Disk Space, and Bandwidth with Image Optimization

imagepilot

A
92

Optimize images automatically with zero quality loss. Optimize images, resize images, regenerate thumbnails, and much more.

30 No CVEs
Optimole – Optimize Images in Real Time

Optimole – Optimize Images in Real Time

optimole-wp

A
96

Automatically optimize images: bulk compression, lazy loading, WebP/AVIF conversion. With CloudFront image CDN to boost Core Web Vitals & conversions!

200K 3 CVEs
Disable Bulk Smush Limit of Smush Image Optimization

Disable Bulk Smush Limit of Smush Image Optimization

wp-nonstop-smushit

A
100

Disable the bulk smush limit and unlock the premium bulk optimization feature of Smush Image Optimization — completely FREE! 🚀

3K No CVEs
WP Compress for MainWP

WP Compress for MainWP

wp-compress-mainwp

B
74

Install, activate and connect WP Compress across all of your MainWP Child Sites.

800 1 unpatched
Opti MozJpeg Guetzli WebP

Opti MozJpeg Guetzli WebP

opti-mozjpeg-guetzli-webp

A
85

WordPress Opti MozJpeg Guetzli WebP - is the FREE plugin for high quality image optimization in WordPress website. It was created to meet latest requi &hellip;

100 No CVEs
Developer Profile

reSmush.it : The original free image compressor and optimizer plugin Developer Profile

ShortPixel

8 plugins · 1.2M total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
239 days
View full developer profile
Detection Fingerprints

How We Detect reSmush.it : The original free image compressor and optimizer plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/resmushit-image-optimizer/resmushit.css/wp-content/plugins/resmushit-image-optimizer/resmushit.js
Script Paths
/wp-content/plugins/resmushit-image-optimizer/resmushit.js
Version Parameters
resmushit/style.css?ver=resmushit/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
rsmt-notice
HTML Comments
<!-- Everything to do with AdminActions / WordPress -->
Data Attributes
data-csrfdata-dismissibledata-notice
JS Globals
RESMUSHIT_BASE_URL
FAQ

Frequently Asked Questions about reSmush.it : The original free image compressor and optimizer plugin