Does Squeeze – Image Optimization & Compression, WEBP Conversion have any unpatched vulnerabilities?

No. All known vulnerabilities in Squeeze – Image Optimization & Compression, WEBP Conversion have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Squeeze – Image Optimization & Compression, WEBP Conversion compatible with WordPress 6.9.4?

According to WordPress.org data, Squeeze – Image Optimization & Compression, WEBP Conversion 1.7.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Squeeze – Image Optimization & Compression, WEBP Conversion compatible with PHP 7.3+?

Squeeze – Image Optimization & Compression, WEBP Conversion requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Squeeze – Image Optimization & Compression, WEBP Conversion Security & Risk Analysis

wordpress.org/plugins/squeeze

Unlimited. Private. Instant. Squeeze compresses and converts your images directly in your browser — no external servers and no upload limits.

1K active installs v1.7.8 PHP 7.3+ WP 6.0+ Updated Feb 16, 2026

compress-imagesconvert-webpimage-compressionimage-optimizationoptimize-images

A · Safe

CVEs total3

Unpatched0

Last CVEApr 9, 2025

Download

Safety Verdict

Is Squeeze – Image Optimization & Compression, WEBP Conversion Safe to Use in 2026?

Generally Safe

Score 92/100

Squeeze – Image Optimization & Compression, WEBP Conversion has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 9, 2025Updated 1mo ago

Risk Assessment

The 'squeeze' plugin version 1.7.8 exhibits a mixed security posture. On the positive side, the static analysis reveals no obvious critical vulnerabilities in the current code, with all identified entry points having authentication checks, prepared SQL statements used exclusively, and nonce checks present for all AJAX handlers. This indicates some good development practices in place.

However, significant concerns arise from the plugin's historical vulnerability record. The presence of 3 known CVEs, including a past critical vulnerability (Exposure of Sensitive Information to an Unauthorized Actor) and a high severity vulnerability (Unrestricted Upload of File with Dangerous Type), suggests a pattern of security weaknesses. While these may be patched in the current version, they point to a history of insecure coding practices that could resurface or be present in undiscovered flaws.

The taint analysis, while showing zero critical or high severity unsanitized flows, does indicate two flows with unsanitized paths. Coupled with the fact that 32% of output escapes are not properly handled, this presents a potential risk for cross-site scripting (XSS) vulnerabilities, especially if these unsanitized paths lead to observable output without adequate escaping. The file operations also warrant attention, as these can be entry points for attacks if not properly secured. In conclusion, while the current code shows improvements in specific security areas, the historical vulnerability data and the presence of unsanitized paths and imperfect output escaping necessitate caution and ongoing vigilance.

Key Concerns

Past critical vulnerability (Exposure of Sensitive Info)
Past high severity vulnerability (Unrestricted Upload)
Unsanitized paths in taint analysis
Significant portion of outputs not properly escaped
File operations present

Vulnerabilities

Squeeze – Image Optimization & Compression, WEBP Conversion Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Low

3 total CVEs

CVE-2025-31003low · 2.7Exposure of Sensitive Information to an Unauthorized Actor

Squeeze <= 1.6 - Authenticated (Admin+) Full Path Disclosure

Apr 9, 2025 Patched in 1.6.1 (7d)

CVE-2025-31002high · 7.2Unrestricted Upload of File with Dangerous Type

Squeeze <= 1.6 - Authenticated (Admin+) Arbitrary File Upload

Apr 9, 2025 Patched in 1.6.1 (7d)

CVE-2024-35767critical · 9.1Unrestricted Upload of File with Dangerous Type

Squeeze <= 1.4 - Authenticated (Admin+) Arbitrary File Upload

Jun 18, 2024 Patched in 1.4.1 (9d)

Code Analysis

Analyzed Mar 16, 2026

Squeeze – Image Optimization & Compression, WEBP Conversion Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

144 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

68% escaped212 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

set_options (inc\handlers.php:735)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Squeeze – Image Optimization & Compression, WEBP Conversion Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_squeeze_update_attachmentinc\handlers.php:11

authwp_ajax_squeeze_restore_attachmentinc\handlers.php:12

authwp_ajax_squeeze_get_attachmentinc\handlers.php:13

authwp_ajax_squeeze_get_attachment_by_pathinc\handlers.php:14

authwp_ajax_squeeze_get_next_attachmentsinc\handlers.php:15

authwp_ajax_squeeze_get_directoriesinc\handlers.php:16

authwp_ajax_squeeze_set_optionsinc\handlers.php:17

WordPress Hooks 36

actiondelete_attachmentinc\handlers.php:18

actiondelete_attachmentinc\handlers.php:19

filterbulk_actions-uploadinc\handlers.php:20

filterhandle_bulk_actions-uploadinc\handlers.php:21

filterimage_size_names_chooseinc\handlers.php:27

filtermod_rewrite_rulesinc\handlers.php:28

actionpre-html-upload-uiinc\handlers.php:29

actionadmin_noticesinc\handlers.php:30

actioninitinc\handlers.php:31

actionshutdowninc\handlers.php:32

filterwp_prepare_attachment_for_jsinc\handlers.php:34

filterwp_get_attachment_metadatainc\handlers.php:40

filterposts_whereinc\helpers.php:16

actionadmin_menuinc\settings.php:11

actionadmin_menuinc\settings.php:12

actionadmin_initinc\settings.php:13

actionupdate_option_squeeze_optionsinc\settings.php:14

actionupdate_option_squeeze_optionsinc\settings.php:20

filterattachment_fields_to_editinc\settings.php:26

filtermanage_media_columnsinc\settings.php:32

actionmanage_media_custom_columninc\settings.php:33

filtermanage_upload_sortable_columnsinc\settings.php:39

actionpre_get_postsinc\settings.php:40

actionrestrict_manage_postsinc\settings.php:41

actionpre_get_postsinc\settings.php:42

filterajax_query_attachments_argsinc\settings.php:43

actionadmin_footerinc\settings.php:49

actionadmin_noticesinc\settings.php:50

actionedit_form_after_titleinc\settings.php:51

actioninitsqueeze.php:91

actionplugins_loadedsqueeze.php:92

actionadmin_enqueue_scriptssqueeze.php:93

filterplugin_action_linkssqueeze.php:94

actionenqueue_block_editor_assetssqueeze.php:100

actionsqueeze_freemius_loadedsqueeze.php:101

actionadmin_initsqueeze.php:103

Maintenance & Trust

Squeeze – Image Optimization & Compression, WEBP Conversion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version7.3

Downloads13K

Community Trust

Rating100/100

Number of ratings5

Active installs1K

Alternatives

Squeeze – Image Optimization & Compression, WEBP Conversion Alternatives

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 6 CVEs

DropAvif Image Optimizer – Convert WebP & AVIF | Compress Images

dropavif-media-optimizer

100

The Ultimate Image Optimization Suite for WordPress. WebP & AVIF conversion, Smart Format Selection, Watermarking, and Lazy Load. Zero server load.

30 No CVEs

Developer Profile

Squeeze – Image Optimization & Compression, WEBP Conversion Developer Profile

Bogdan Bendziukov

7 plugins · 2K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect Squeeze – Image Optimization & Compression, WEBP Conversion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/squeeze/assets/js/script.bundle.js/wp-content/plugins/squeeze/assets/js/admin.bundle.js/wp-content/plugins/squeeze/assets/css/admin.bundle.css

Version Parameters

squeeze/assets/js/script.bundle.js?ver=squeeze/assets/js/admin.bundle.js?ver=squeeze/assets/css/admin.bundle.css?ver=

HTML / DOM Fingerprints

CSS Classes

squeeze-modal-overlaysqueeze-bulk-action-wrappersqueeze-bulk-action-btnsqueeze-btn-primary

HTML Comments

Data Attributes

data-squeeze-optionsdata-squeeze-localizedata-squeeze-bulk-options

JS Globals

squeezeOptionssqueezeBulk

FAQ