WP-Safety

Swift Offload Security & Risk Analysis

wordpress.org/plugins/swift-offload

Offload WordPress media to Amazon S3, Wasabi, DigitalOcean Spaces, or MinIO. Serve files via CloudFront CDN for faster delivery.

0 active installs v1.0.3 PHP 7.4+ WP 5.6+ Updated Feb 27, 2026
amazon-s3cdncloud-storagemedia-offloads3
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Swift Offload Safe to Use in 2026?

Generally Safe

Score 100/100

Swift Offload has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin "swift-offload" v1.0.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and output being properly escaped. The plugin also boasts a clean vulnerability history with no known CVEs, suggesting a generally well-maintained codebase.

However, several significant concerns arise from the static analysis. The presence of one AJAX handler without any authentication checks presents a direct attack vector. Furthermore, the taint analysis reveals two critical severity flows with unsanitized paths, indicating potential for remote code execution or sensitive data leakage if these flows can be exploited. The use of dangerous functions like `shell_exec` and `exec` also warrants caution, especially when combined with unsanitized inputs.

In conclusion, while the plugin's developers seem to adhere to some security best practices and have a clean CVE record, the identified critical taint flows and the unprotected AJAX endpoint are serious weaknesses that elevate the risk profile. Addressing these specific code-level vulnerabilities is crucial to improve the plugin's overall security.

Key Concerns

  • AJAX handler without auth check
  • Critical severity taint flow with unsanitized paths (x2)
  • Use of dangerous functions: shell_exec, exec
Vulnerabilities
None known

Swift Offload Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Swift Offload Code Analysis

Dangerous Functions
2
Raw SQL Queries
11
48 prepared
Unescaped Output
8
115 escaped
Nonce Checks
12
Capability Checks
17
File Operations
13
External Requests
15
Bundled Libraries
0

Dangerous Functions Found

shell_exec$result = @shell_exec( $which_cmd . ' ' . escapeshellarg( $binary_name ) . ' 2>/dev/null' );Libs\class-image-optimizer.php:797
execexec( $cmd, $output, $return_code );Libs\class-image-optimizer.php:838

SQL Query Safety

81% prepared59 total queries

Output Escaping

93% escaped123 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
ajax_save_settings (Libs\class-image-optimizer.php:338)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Swift Offload Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 11

authwp_ajax_swift_offload_save_image_optimizer_settingsLibs\class-image-optimizer.php:52
authwp_ajax_swift_offload_update_optimizer_statsLibs\class-image-optimizer.php:53
authwp_ajax_swift_offload_reset_optimizer_statsLibs\class-image-optimizer.php:54
authwp_ajax_swift_offload_save_attachment_optimizationLibs\class-image-optimizer.php:55
authwp_ajax_swift_offload_bulk_optimize_attachmentLibs\class-image-optimizer.php:56
authwp_ajax_swift_offload_convert_attachmentLibs\class-image-optimizer.php:57
authwp_ajax_swift_offload_optimize_single_attachmentLibs\class-image-optimizer.php:58
authwp_ajax_swift_offload_get_unoptimized_attachmentsLibs\class-image-optimizer.php:59
authwp_ajax_swift_offload_restore_originalLibs\class-image-optimizer.php:83
authwp_ajax_swift_offload_delete_originalLibs\class-image-optimizer.php:84
authwp_ajax_swift_offload_dismiss_list_view_noticeLibs\class-image-optimizer.php:87
WordPress Hooks 42
actionplugins_loadedclass-swift-offload.php:51
filteradmin_body_classclass-swift-offload.php:52
actionplugins_loadedincludes\bootstrap.php:60
actionplugins_loadedincludes\bootstrap.php:72
actionadmin_menuincludes\class-admin.php:43
actionadmin_initincludes\class-admin.php:44
filtermanage_media_columnsincludes\class-admin.php:199
actionmanage_media_custom_columnincludes\class-admin.php:200
actionadmin_enqueue_scriptsincludes\class-assets.php:24
actionwp_enqueue_scriptsincludes\class-assets.php:25
filterwp_handle_uploadincludes\class-media-hooks.php:34
actionadd_attachmentincludes\class-media-hooks.php:35
actionwp_generate_attachment_metadataincludes\class-media-hooks.php:36
actiondelete_attachmentincludes\class-media-hooks.php:39
filterwp_get_attachment_urlincludes\class-media-hooks.php:42
filterwp_calculate_image_srcsetincludes\class-media-hooks.php:43
filterwp_get_attachment_metadataincludes\class-media-hooks.php:46
actionwp_image_editor_after_changeincludes\class-media-hooks.php:49
actioninitincludes\class-plugin.php:77
actionrest_api_initincludes\class-plugin.php:78
actionwp_loadedincludes\class-plugin.php:79
actionswift_offload_process_jobsincludes\class-plugin.php:82
actionwp_enqueue_scriptsLibs\Assets.php:30
actionadmin_enqueue_scriptsLibs\Assets.php:31
actionadmin_enqueue_scriptsLibs\class-image-optimizer.php:46
actionadmin_enqueue_scriptsLibs\class-image-optimizer.php:49
filterintermediate_image_sizesLibs\class-image-optimizer.php:62
filterbig_image_size_thresholdLibs\class-image-optimizer.php:63
filterattachment_fields_to_editLibs\class-image-optimizer.php:66
filterwp_prepare_attachment_for_jsLibs\class-image-optimizer.php:67
actionadmin_noticesLibs\class-image-optimizer.php:70
actionadmin_enqueue_scriptsLibs\class-image-optimizer.php:73
filtermanage_media_columnsLibs\class-image-optimizer.php:76
actionmanage_media_custom_columnLibs\class-image-optimizer.php:77
filtermedia_row_actionsLibs\class-image-optimizer.php:80
actionattachment_submitbox_misc_actionsLibs\class-image-optimizer.php:90
filterwp_get_attachment_urlLibs\class-image-optimizer.php:93
filterwp_get_attachment_image_srcLibs\class-image-optimizer.php:94
filterwp_calculate_image_srcsetLibs\class-image-optimizer.php:95
filterwp_get_attachment_image_attributesLibs\class-image-optimizer.php:98
actionadmin_noticesswift-offload.php:38
actionadmin_noticesswift-offload.php:58

Scheduled Events 4

swift_offload_offload_attachment
swift_offload_reoffload_attachment
swift_offload_remove_local_file
swift_offload_process_jobs
Maintenance & Trust

Swift Offload Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.4
Downloads153

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Swift Offload Alternatives

Advanced Media Manager

Advanced Media Manager

advanced-media-manager

A
85

Automatically copies wp media files to Amazon S3 or DigitalOcean.

10 No CVEs
Ultimate Media On The Cloud Lite

Ultimate Media On The Cloud Lite

ultimate-media-on-the-cloud-lite

A
85

With Ultimate Media On The Cloud plugin, you can easy migrate/ move and mange wordpress medias on the Cloud Storage Platforms like Amazon S3, Google C …

10 No CVEs
WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage

WP Offload Media Lite for Amazon S3, DigitalOcean Spaces, and Google Cloud Storage

amazon-s3-and-cloudfront

A
100

Copies files to Amazon S3, DigitalOcean Spaces or Google Cloud Storage as they are uploaded to the Media Library. Optionally configure Amazon CloudFro …

30K 1 CVE
Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

ilab-media-tools

A
92

Automatically store media on Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces + others. Serve CSS/JS assets through CDNs.

7K 1 CVE
WP-Stateless – Google Cloud Storage

WP-Stateless – Google Cloud Storage

wp-stateless

A
98

Upload and serve your WordPress media files from Google Cloud Storage.

4K 2 CVEs
Developer Profile

Swift Offload Developer Profile

swiftplugins

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Swift Offload

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/swift-offload/assets/admin.css/wp-content/plugins/swift-offload/app/dist/main.css/wp-content/plugins/swift-offload/assets/css/swift-offload-frontend.css/wp-content/plugins/swift-offload/assets/js/swift-offload-frontend.js/wp-content/plugins/swift-offload/assets/css/swift-offload-admin.css/wp-content/plugins/swift-offload/assets/js/swift-offload-admin.js
Script Paths
/wp-content/plugins/swift-offload/app/dist/main.js
Version Parameters
swift-offload/assets/admin.css?ver=swift-offload/app/dist/main.css?ver=swift-offload/assets/css/swift-offload-frontend.css?ver=swift-offload/assets/js/swift-offload-frontend.js?ver=swift-offload/assets/css/swift-offload-admin.css?ver=swift-offload/assets/js/swift-offload-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
swift-offload-admin-wrapper
Data Attributes
data-swift-offload-noncedata-swift-offload-rest-urldata-swift-offload-plugin-urldata-swift-offload-versiondata-swift-offload-is-multisitedata-swift-offload-user-id+1 more
JS Globals
swiftOffloadAdminSWIFT_OFFLOAD_CORE
REST Endpoints
/swift-offload/v1/
FAQ

Frequently Asked Questions about Swift Offload