Does Image Optimizer, Resizer and CDN – Sirv have any unpatched vulnerabilities?

No. All known vulnerabilities in Image Optimizer, Resizer and CDN – Sirv have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Image Optimizer, Resizer and CDN – Sirv compatible with WordPress 6.9.4?

According to WordPress.org data, Image Optimizer, Resizer and CDN – Sirv 8.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Image Optimizer, Resizer and CDN – Sirv compatible with PHP 5.6+?

Image Optimizer, Resizer and CDN – Sirv requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Image Optimizer, Resizer and CDN – Sirv updated?

Image Optimizer, Resizer and CDN – Sirv was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Image Optimizer, Resizer and CDN – Sirv's security score?

Image Optimizer, Resizer and CDN – Sirv has a WP-Safety security score of 81/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Image Optimizer, Resizer and CDN – Sirv Security & Risk Analysis

wordpress.org/plugins/sirv

Serve perfectly optimized images, videos, models and 360 spins. The best WordPress & WooCommerce CDN plugin for media.

1K active installs v8.2.0 PHP 5.6+ WP 3.0.1+ Updated Mar 10, 2026

cdncompressimageoptimizeresize

B · Generally Safe

CVEs total12

Unpatched0

Last CVEApr 22, 2025

Plugin page Download

Safety Verdict

Is Image Optimizer, Resizer and CDN – Sirv Safe to Use in 2026?

Mostly Safe

Score 81/100

Image Optimizer, Resizer and CDN – Sirv is generally safe to use. 12 past CVEs were resolved. Keep it updated.

12 known CVEsLast CVE: Apr 22, 2025Updated 24d ago

Risk Assessment

The "sirv" plugin version 8.2.0 presents a mixed security posture with significant areas of concern. While there are no currently unpatched CVEs, the plugin's history of 12 known vulnerabilities, including 2 critical and 3 high-severity issues, indicates a recurring pattern of exploitable flaws. The types of past vulnerabilities, such as Authorization Bypass, Cross-Site Scripting, Unrestricted Uploads, and SQL Injection, are serious and suggest a lack of robust input validation and authorization checks within the plugin's codebase.

The static analysis reveals a substantial attack surface, with 46 AJAX handlers, 45 of which lack authentication checks. This is a major security weakness that could allow unauthorized users to trigger plugin functionalities. Furthermore, the high percentage of SQL queries (81 total) that do not use prepared statements (only 19% do) and the low rate of proper output escaping (10%) are alarming, pointing towards a high risk of SQL injection and Cross-Site Scripting vulnerabilities being present. The presence of the `unserialize` dangerous function without explicit mention of sanitization also raises concerns for potential deserialization vulnerabilities.

Despite the severe findings in static analysis and historical vulnerability data, the taint analysis showed no critical or high-severity flows. This could be due to the limitations of the static analysis tool or effective sanitization for the analyzed flows. However, the sheer number of unsanitized paths (15 out of 15 flows) is concerning. In conclusion, while the absence of unpatched CVEs is positive, the plugin's historical vulnerability profile and the significant weaknesses identified in static analysis, particularly regarding the large number of unprotected AJAX endpoints and the poor handling of SQL and output, necessitate extreme caution. Users should prioritize updating to a version that has demonstrably addressed these fundamental security issues.

Key Concerns

45 unprotected AJAX handlers
Only 19% of SQL queries use prepared statements
Only 10% of outputs are properly escaped
Presence of 'unserialize' function
15 unsanitized taint flows
2 critical CVEs in history
3 high CVEs in history
7 medium CVEs in history
Missing authorization checks
Potential for XSS
Potential for SQL Injection

Vulnerabilities

Image Optimizer, Resizer and CDN – Sirv Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2022

2022

1 CVE in 2023

2023

8 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

12 total CVEs

CVE-2025-46233medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sirv <= 7.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 22, 2025 Patched in 7.5.4 (9d)

CVE-2024-10855high · 8.1Authorization Bypass Through User-Controlled Key

Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion

Nov 19, 2024 Patched in 7.3.1 (1d)

CVE-2024-8964medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 7, 2024 Patched in 7.3.0 (1d)

CVE-2024-8480high · 8.8Missing Authorization

Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload

Aug 21, 2024 Patched in 7.2.8 (15d)

CVE-2024-6392medium · 5.4Missing Authorization

Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update

Jul 11, 2024 Patched in 7.2.8 (1d)

CVE-2024-5853critical · 9.9Unrestricted Upload of File with Dangerous Type

Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload

Jun 18, 2024 Patched in 7.2.7 (1d)

CVE-2024-32959critical · 9.8Missing Authorization

Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update

Apr 23, 2024 Patched in 7.2.3 (7d)

CVE-2024-27950medium · 4.3Missing Authorization

Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Missing Authorization

Mar 1, 2024 Patched in 7.2.1 (4d)

CVE-2024-27949medium · 6.4Server-Side Request Forgery (SSRF)

Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Authenticated (Subscriber+) Server-Side Request Forgery

Mar 1, 2024 Patched in 7.2.1 (4d)

CVE-2023-50898medium · 4.3Missing Authorization

Sirv <= 7.1.2 - Missing Authorization via sirv_disconnect

Dec 26, 2023 Patched in 7.1.3 (28d)

CVE-2022-4119medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Image Optimizer, Resizer and CDN – Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 9, 2022 Patched in 6.8.1 (410d)

CVE-2016-10950high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Image Optimizer, Resizer and CDN – Sirv < 1.3.2 - SQL Injection

Nov 10, 2016 Patched in 1.3.2 (2630d)

Code Analysis

Analyzed Mar 16, 2026

Image Optimizer, Resizer and CDN – Sirv Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

383

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$items_data = unserialize($row['images']);plugdata\shortcodes.php:22

unserialize$shortcode_options = unserialize($row['shortcode_options']);plugdata\shortcodes.php:23

unserialize$storageInfo = @unserialize($cached_stat);sirv.php:4686

unserialize$row['images'] = unserialize($row['images']);sirv.php:5500

unserialize$row['shortcode_options'] = unserialize($row['shortcode_options']);sirv.php:5501

unserialize$shortcodes[$index]['images'] = unserialize($shortcode['images']);sirv.php:5553

unserialize$shortcodes[$index]['shortcode_options'] = unserialize($shortcode['shortcode_options']);sirv.php:5554

SQL Query Safety

19% prepared81 total queries

Output Escaping

10% escaped424 total outputs

Data Flows

15 unsanitized

Data Flow Analysis

15 flows15 with unsanitized paths

sirv_upload_files_callback (sirv.php:5126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

45 unprotected

Image Optimizer, Resizer and CDN – Sirv Attack Surface

Entry Points47

Unprotected45

AJAX Handlers 46

authwp_ajax_sirv_get_errors_infosirv.php:4637

authwp_ajax_sirv_get_php_ini_datasirv.php:4762

authwp_ajax_sirv_process_sync_imagessirv.php:4807

authwp_ajax_sirv_refresh_statssirv.php:4935

authwp_ajax_sirv_clear_cachesirv.php:4952

authwp_ajax_sirv_get_contentsirv.php:5005

authwp_ajax_sirv_upload_filessirv.php:5124

authwp_ajax_sirv_upload_file_by_chunkssirv.php:5213

authwp_ajax_sirv_migrate_wai_datasirv.php:5356

authwp_ajax_sirv_get_image_uploading_statussirv.php:5378

authwp_ajax_sirv_save_shortcode_in_dbsirv.php:5412

authwp_ajax_sirv_get_row_by_idsirv.php:5476

authwp_ajax_sirv_get_shortcodes_datasirv.php:5513

authwp_ajax_sirv_duplicate_shortcodes_datasirv.php:5567

authwp_ajax_sirv_delete_shortcodessirv.php:5607

authwp_ajax_sirv_update_scsirv.php:5647

authwp_ajax_sirv_add_foldersirv.php:5696

authwp_ajax_sirv_dismiss_noticesirv.php:5744

authwp_ajax_sirv_delete_filessirv.php:5792

authwp_ajax_sirv_get_profilessirv.php:5832

authwp_ajax_sirv_send_messagesirv.php:5881

authwp_ajax_sirv_init_accountsirv.php:5930

authwp_ajax_sirv_get_users_listsirv.php:5989

authwp_ajax_sirv_setup_credentialssirv.php:6081

authwp_ajax_sirv_disconnectsirv.php:6124

authwp_ajax_sirv_get_error_datasirv.php:6159

authwp_ajax_sirv_get_search_datasirv.php:6262

authwp_ajax_sirv_copy_filesirv.php:6307

authwp_ajax_sirv_rename_filesirv.php:6331

authwp_ajax_sirv_empty_view_cachesirv.php:6356

authwp_ajax_sirv_wp_media_library_sizesirv.php:6447

authwp_ajax_sirv_css_images_processingsirv.php:6613

authwp_ajax_sirv_css_images_get_datasirv.php:6630

authwp_ajax_sirv_css_images_prepare_processsirv.php:6647

authwp_ajax_sirv_css_images_proccesssirv.php:6698

authwp_ajax_sirv_thumbs_processsirv.php:7101

authwp_ajax_sirv_cancel_thumbs_processsirv.php:7181

authwp_ajax_sirv_save_prevented_sizessirv.php:7218

authwp_ajax_sirv_get_js_module_sizesirv.php:7238

authwp_ajax_sirv_save_troubleshooting_issues_statussirv.php:7366

authwp_ajax_sirv_update_smv_cachesirv.php:7392

authwp_ajax_sirv_sync_view_filessirv.php:7489

authwp_ajax_sirv_clear_old_view_files_cachesirv.php:7539

authwp_ajax_sirv_run_remote_delete_jobsirv.php:7591

authwp_ajax_sirv_check_status_remote_delete_jobsirv.php:7617

authwp_ajax_sirv_clear_smv_html_cachesirv.php:7717

Shortcodes 1

[sirv-gallery] plugdata\shortcodes.php:79

WordPress Hooks 89

actionelementor/initplugdata\htmlBuilders\elementor\Plugin.php:25

actionadmin_noticesplugdata\htmlBuilders\elementor\Plugin.php:31

actionadmin_noticesplugdata\htmlBuilders\elementor\Plugin.php:37

actionelementor/widgets/registerplugdata\htmlBuilders\elementor\Plugin.php:47

actionelementor/controls/registerplugdata\htmlBuilders\elementor\Plugin.php:48

actionelementor/frontend/after_enqueue_stylesplugdata\htmlBuilders\elementor\Plugin.php:51

actionelementor/editor/after_enqueue_stylesplugdata\htmlBuilders\elementor\Plugin.php:52

actionelementor/preview/enqueue_scriptsplugdata\htmlBuilders\elementor\Plugin.php:53

filterintermediate_image_sizes_advancedplugdata\includes\classes\resize.class.php:8

actionadd_meta_boxesplugdata\includes\classes\woo.class.php:22

actionadd_meta_boxesplugdata\includes\classes\woo.class.php:23

actionadd_meta_boxesplugdata\includes\classes\woo.class.php:24

actionsave_postplugdata\includes\classes\woo.class.php:25

actionwoocommerce_initsirv.php:84

actionadmin_headsirv.php:105

filterupload_mimessirv.php:140

actionwoocommerce_product_after_variable_attributessirv.php:179

actionwoocommerce_save_product_variationsirv.php:180

filterwoocommerce_product_export_column_namessirv.php:184

filterwoocommerce_product_export_product_default_columnssirv.php:185

filterwoocommerce_product_export_product_column_sirv_woo_all_urlssirv.php:188

filterwpseo_sitemap_urlimagessirv.php:191

filterblocksy:woocommerce:product-view:use-defaultsirv.php:198

filterwc_get_template_partsirv.php:200

filterwc_get_templatesirv.php:201

filterget_attached_filesirv.php:203

filterwoocommerce_product_get_imagesirv.php:204

filterwoocommerce_cart_item_thumbnailsirv.php:209

filterwoocommerce_order_item_thumbnailsirv.php:211

filterimage_downsizesirv.php:214

actionwoocommerce_before_single_product_summarysirv.php:235

filterposts_wheresirv.php:240

actionwoocommerce_before_shop_loop_item_titlesirv.php:244

filterjet-woo-builder/template-functions/placeholder-thumbnailsirv.php:251

filterjet-woo-builder/template-functions/product-thumbnailsirv.php:252

actionfusion_builder_before_initsirv.php:523

actionwp_insert_sitesirv.php:649

actionplugins_loadedsirv.php:722

filterwp_resource_hintssirv.php:1154

actioninitsirv.php:1214

actionadmin_noticessirv.php:1220

actionmedia_buttonssirv.php:1513

actionadmin_menusirv.php:1582

actionadmin_enqueue_scriptssirv.php:1611

actionplugins_loadedsirv.php:1767

filtermce_external_pluginssirv.php:1777

actionadmin_initsirv.php:1806

actionpre_update_option_SIRV_FOLDERsirv.php:1902

actionupdate_option_SIRV_WOO_MV_CUSTOM_OPTIONSsirv.php:1938

actionupdate_option_SIRV_CUSTOM_SMV_SH_OPTIONSsirv.php:1946

actionupdate_option_SIRV_WOO_MV_CUSTOM_CSSsirv.php:1954

actionupdate_option_SIRV_EXCLUDE_FILESsirv.php:1963

actionupdate_option_SIRV_EXCLUDE_RESPONSIVE_FILESsirv.php:1971

actionupdate_option_SIRV_EXCLUDE_PAGESsirv.php:1979

actionupdate_option_SIRV_WOO_THUMBS_SIZEsirv.php:1987

actionwp_enqueue_scriptssirv.php:2068

filterfl_builder_render_csssirv.php:2187

filterrest_request_before_callbackssirv.php:2193

actioninitsirv.php:2211

filterwp_resource_hintssirv.php:2217

filterwp_get_attachment_image_srcsirv.php:2231

filterwp_get_attachment_urlsirv.php:2233

filterwp_calculate_image_srcsetsirv.php:2234

filtervc_wpb_getimagesizesirv.php:2235

filterenvira_gallery_image_srcsirv.php:2236

filterwp_prepare_attachment_for_jssirv.php:2237

filterwp_get_attachment_image_attributessirv.php:2240

filterwordpress_prepare_outputsirv.php:2249

actionwp_loadedsirv.php:2253

actionwp_footersirv.php:2254

actionwp_enqueue_scriptssirv.php:2256

filteradt_get_product_datasirv.php:2328

actionwp_print_stylessirv.php:2400

actionwp_print_footer_scriptssirv.php:2401

actionwp_print_stylessirv.php:2405

filterwp_save_image_editor_filesirv.php:3472

filterwpseo_opengraph_imagesirv.php:4189

filterwpseo_twitter_imagesirv.php:4190

actionwp_mail_failedsirv.php:5918

actionadmin_initsirv.php:7008

filterwp_get_attachment_image_srcsirv.php:7029

filterwp_get_attachment_urlsirv.php:7031

filterwp_calculate_image_srcsetsirv.php:7032

filterwp_get_attachment_image_attributessirv.php:7038

filterattachment_fields_to_editsirv.php:7053

actiondelete_attachmentsirv.php:7069

actionadd_attachmentsirv.php:7091

actionupdated_optionsirv.php:7650

actionshutdownsirv.php:7690

Maintenance & Trust

Image Optimizer, Resizer and CDN – Sirv Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version5.6

Downloads128K

Community Trust

Rating98/100

Number of ratings265

Active installs1K

Alternatives

Image Optimizer, Resizer and CDN – Sirv Alternatives

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 6 CVEs

Kraken.io Image Optimizer

kraken-image-optimizer

This plugin allows you to optimize your WordPress images through the Kraken.io API, the world's most advanced image optimization and resizing API.

10K 1 unpatched

Compress, Resize & Lazy Load Images – WPvivid Image Optimization

wpvivid-imgoptim

100

Optimize, compress and resize images in WordPress in bulk. Lazy load images. Auto resize and optimize images upon upload.

10K No CVEs

Offload, AI & Optimize with Cloudflare Images

cf-images

Offload you media library images to the Cloudflare Images service. Store, resize, optimize and deliver images in a fast and secure manner.

1K 1 CVE

Just Image Optimizer

just-image-optimizer

Just Image Optimizer uses Google Page Speed Insights API to compress image files, improve performance and boost your SEO rank.

20 No CVEs

Developer Profile

Image Optimizer, Resizer and CDN – Sirv Developer Profile

Sirv CDN and Image Hosting

10 plugins · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

259 days

View full developer profile

Detection Fingerprints

How We Detect Image Optimizer, Resizer and CDN – Sirv

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sirv/includes/classes/logger.class.php/wp-content/plugins/sirv/includes/classes/error.class.php/wp-content/plugins/sirv/includes/classes/wc.product.helper.class.php/wp-content/plugins/sirv/includes/classes/options-service.class.php/wp-content/plugins/sirv/includes/classes/exclude.class.php/wp-content/plugins/sirv/includes/classes/resize.class.php/wp-content/plugins/sirv/shortcodes.php/wp-content/plugins/sirv/includes/classes/utils.class.php+1 more

HTML / DOM Fingerprints

CSS Classes

sirv-active-issues

Data Attributes

data-pagedata-key

JS Globals

SIRV_PLUGIN_VERSIONSIRV_PLUGIN_DIRSIRV_PLUGIN_SUBDIRSIRV_PLUGIN_PATHSIRV_PLUGIN_SUBDIR_PATHSIRV_PLUGIN_RELATIVE_SUBDIR_PATH+23 more

FAQ