Does Select Pakistan Image Optimizer — WebP & AVIF Converter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Select Pakistan Image Optimizer — WebP & AVIF Converter compatible with WordPress 6.9.4?

According to WordPress.org data, Select Pakistan Image Optimizer — WebP & AVIF Converter 1.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Select Pakistan Image Optimizer — WebP & AVIF Converter compatible with PHP 7.4+?

Select Pakistan Image Optimizer — WebP & AVIF Converter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Select Pakistan Image Optimizer — WebP & AVIF Converter Security & Risk Analysis

wordpress.org/plugins/selectpress-image-optimizer-webp-avif-converter

Convert images to WebP & AVIF formats for faster websites. 100% Free, no limits, bulk conversion.

10 active installs v1.0.4 PHP 7.4+ WP 5.8+ Updated Feb 22, 2026

avifconvert-imagesimage-compressionimage-optimizationwebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Select Pakistan Image Optimizer — WebP & AVIF Converter Safe to Use in 2026?

Generally Safe

Score 100/100

Select Pakistan Image Optimizer — WebP & AVIF Converter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin exhibits a mixed security posture. On one hand, it demonstrates strong adherence to secure coding practices regarding SQL queries and output escaping, with nearly all SQL statements using prepared statements and almost all output being properly escaped. The absence of known vulnerabilities and CVEs is also a positive indicator. However, a significant concern arises from the large attack surface exposed through AJAX handlers, with a vast majority lacking proper authentication checks.

Despite the positive indicators, the 14 unprotected AJAX handlers represent a substantial risk. This means that any user, potentially even unauthenticated ones, could trigger these functions, leading to unintended consequences. While no critical taint flows or vulnerabilities are currently identified, the presence of dangerous functions like `exec` and `set_time_limit` in conjunction with unprotected entry points could be exploited to execute arbitrary code or perform unauthorized file operations if a vulnerability were to be introduced or discovered later. The plugin's history of no reported vulnerabilities suggests either robust development practices or a lack of prior security scrutiny, making the current analysis critical.

In conclusion, the plugin has strengths in its data handling and escaping mechanisms. However, the substantial number of unprotected AJAX handlers is a critical weakness that significantly elevates the overall risk profile. This needs immediate attention to ensure that all entry points are secured and validated appropriately to prevent potential security breaches.

Key Concerns

Unprotected AJAX handlers
Use of dangerous functions (exec, set_time_limit)
Flows with unsanitized paths

Vulnerabilities

None known

Select Pakistan Image Optimizer — WebP & AVIF Converter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Select Pakistan Image Optimizer — WebP & AVIF Converter Release Timeline

v1.0.4Current

Code Analysis

Analyzed Apr 16, 2026

Select Pakistan Image Optimizer — WebP & AVIF Converter Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

489 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limit@set_time_limit( 60 ); // 60 seconds max per imageadmin/class-spio-admin-ajax.php:117

ini_set@ini_set( 'memory_limit', '256M' ); // Reasonable memory limitadmin/class-spio-admin-ajax.php:119

execexec( $command, $output, $return_var );includes/class-spio-cli-converter.php:109

execexec( $command, $output, $return_var );includes/class-spio-cli-converter.php:181

exec@exec( 'cwebp -version 2>&1', $output, $return_var );includes/class-spio-cli-converter.php:317

exec@exec( 'avifenc --version 2>&1', $output, $return_var );includes/class-spio-cli-converter.php:347

exec@exec( 'cwebp -version 2>&1', $output, $return_var );includes/class-spio-helper.php:119

exec@exec( 'avifenc --version 2>&1', $output, $return_var );includes/class-spio-helper.php:136

SQL Query Safety

100% prepared26 total queries

Output Escaping

99% escaped492 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

save_settings (admin/class-spio-admin.php:270)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Select Pakistan Image Optimizer — WebP & AVIF Converter Attack Surface

Entry Points15

Unprotected14

AJAX Handlers 15

authwp_ajax_spio_start_bulkadmin/class-spio-admin-ajax.php:32

authwp_ajax_spio_process_bulkadmin/class-spio-admin-ajax.php:33

authwp_ajax_spio_process_bulk_batchadmin/class-spio-admin-ajax.php:34

authwp_ajax_spio_stop_bulkadmin/class-spio-admin-ajax.php:35

authwp_ajax_spio_get_bulk_statusadmin/class-spio-admin-ajax.php:36

authwp_ajax_spio_restore_alladmin/class-spio-admin-ajax.php:37

authwp_ajax_spio_clear_logsadmin/class-spio-admin-ajax.php:38

authwp_ajax_spio_test_serveradmin/class-spio-admin-ajax.php:39

authwp_ajax_spio_convert_singleadmin/class-spio-admin-ajax.php:42

authwp_ajax_spio_restore_singleadmin/class-spio-admin-ajax.php:43

authwp_ajax_spio_get_statsadmin/class-spio-admin-ajax.php:46

authwp_ajax_spio_recalculate_statsadmin/class-spio-admin-ajax.php:47

authwp_ajax_spio_check_serveradmin/class-spio-admin-ajax.php:50

authwp_ajax_spio_get_logsadmin/class-spio-admin-ajax.php:53

authwp_ajax_spio_export_logsadmin/class-spio-admin-ajax.php:54

WordPress Hooks 38

actionadmin_menuadmin/class-spio-admin.php:61

actionadmin_enqueue_scriptsadmin/class-spio-admin.php:62

actionadmin_noticesadmin/class-spio-admin.php:63

actionadmin_initadmin/class-spio-admin.php:64

filterattachment_fields_to_editadmin/class-spio-media-library.php:32

actionadmin_enqueue_scriptsadmin/class-spio-media-library.php:35

actionspio_bulk_conversionincludes/class-spio-bulk-converter.php:59

actionspio_daily_cleanupincludes/class-spio-core.php:169

filtermanage_media_columnsincludes/class-spio-core.php:172

actionmanage_media_custom_columnincludes/class-spio-core.php:173

actiondelete_attachmentincludes/class-spio-core.php:176

filterbulk_actions-uploadincludes/class-spio-core.php:179

filterhandle_bulk_actions-uploadincludes/class-spio-core.php:180

filterthe_contentincludes/class-spio-lazy-load.php:50

filterpost_thumbnail_htmlincludes/class-spio-lazy-load.php:51

filterwp_get_attachment_imageincludes/class-spio-lazy-load.php:52

actionwp_enqueue_scriptsincludes/class-spio-lazy-load.php:55

filterwidget_textincludes/class-spio-lazy-load.php:58

filterwoocommerce_product_get_imageincludes/class-spio-lazy-load.php:61

actionrest_api_initincludes/class-spio-rest-controller.php:31

filterthe_contentincludes/class-spio-serving.php:58

filterpost_thumbnail_htmlincludes/class-spio-serving.php:59

filterwp_get_attachment_imageincludes/class-spio-serving.php:60

filterwoocommerce_single_product_image_thumbnail_htmlincludes/class-spio-serving.php:63

filterwoocommerce_product_get_imageincludes/class-spio-serving.php:64

filterwidget_text_contentincludes/class-spio-serving.php:67

actionwp_enqueue_scriptsincludes/class-spio-serving.php:70

filterwp_prepare_attachment_for_jsincludes/class-spio-serving.php:74

filterwp_get_attachment_urlincludes/class-spio-serving.php:78

filterwp_get_attachment_image_srcincludes/class-spio-serving.php:79

actionadd_attachmentincludes/class-spio-upload-handler.php:57

filterwp_update_attachment_metadataincludes/class-spio-upload-handler.php:60

actionwp_generate_attachment_metadataincludes/class-spio-upload-handler.php:63

actionspio_convert_singleincludes/class-spio-upload-handler.php:274

actionadmin_noticesselectpress-image-optimizer-webp-avif-converter.php:128

actionadmin_noticesselectpress-image-optimizer-webp-avif-converter.php:134

actionplugins_loadedselectpress-image-optimizer-webp-avif-converter.php:154

filterplugin_row_metaselectpress-image-optimizer-webp-avif-converter.php:328

Scheduled Events 2

spio_convert_single

spio_daily_cleanup

Maintenance & Trust

Select Pakistan Image Optimizer — WebP & AVIF Converter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 22, 2026

PHP min version7.4

Downloads195

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Select Pakistan Image Optimizer — WebP & AVIF Converter Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.

1.0M No CVEs

QODE Optimizer

qode-optimizer

100

The QODE Optimizer plugin is developed to allow you to convert, compress and adjust file sizes for all the images found on your website.

20K No CVEs

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

shortpixel-adaptive-images

Start serving properly sized, smart cropped & optimized images, plus CSS, JS and fonts from our CDN with a click; Automatic AVIF & WebP support.

10K 8 CVEs

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …

8K No CVEs

Developer Profile

Select Pakistan Image Optimizer — WebP & AVIF Converter Developer Profile

selectpakistan

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Select Pakistan Image Optimizer — WebP & AVIF Converter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/css/spio-admin.css/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/js/spio-admin.js/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/js/spio-frontend.js

Script Paths

/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/js/spio-admin.js/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/js/spio-frontend.js

Version Parameters

/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/css/spio-admin.css?ver=/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/js/spio-admin.js?ver=/wp-content/plugins/selectpress-image-optimizer-webp-avif-converter/assets/js/spio-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

spio-settings-wrapspio-tabspio-tab-contentspio-settings-groupspio-field-labelspio-field-inputspio-field-descriptionspio-notice+3 more

HTML Comments

+4 more

Data Attributes

data-spio-formatdata-spio-id

JS Globals

spio_admin_paramsspio_frontend_params

Shortcode Output

[spio_image_optimize]

FAQ