WP-Safety

Webp Converter Security & Risk Analysis

wordpress.org/plugins/webp-converter

Convert Media Library images in next-gen format and speed up your website

100 active installs v2.0.0 PHP + WP 2.0.2+ Updated Jun 30, 2025
converterimageimagesnextgenwebp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Webp Converter Safe to Use in 2026?

Generally Safe

Score 100/100

Webp Converter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The "webp-converter" v2.0.0 plugin presents a mixed security posture. While it demonstrates good practices by not using dangerous functions and employing prepared statements for all SQL queries, there are significant areas of concern regarding its attack surface and input sanitization. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical security weakness that could allow unauthenticated users to trigger potentially harmful actions. Furthermore, the taint analysis revealed three flows with unsanitized paths, although no critical or high-severity vulnerabilities were identified in this regard. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting a generally stable codebase or diligent maintenance. However, the presence of unprotected entry points and unsanitized path flows in the static analysis overshadows this positive history. The plugin needs immediate attention to implement proper authentication and authorization on its AJAX handlers and to thoroughly sanitize any user-controlled input used in file operations.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths (3)
  • Capability checks missing (0 detected)
  • Output escaping (28% unescaped)
Vulnerabilities
None known

Webp Converter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Webp Converter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
33 escaped
Nonce Checks
1
Capability Checks
0
File Operations
14
External Requests
2
Bundled Libraries
0

Output Escaping

72% escaped46 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
apwebp_do_convert (includes\class-settings.php:116)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Webp Converter Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_webpDoConvertincludes\class-settings.php:9
authwp_ajax_webpPluginStatusincludes\class-settings.php:10
WordPress Hooks 12
actionapwebp_save_settingsincludes\class-htserve.php:20
filterwebp_msg_filterincludes\class-htserve.php:36
filterwebp_msg_filterincludes\class-htserve.php:40
filterwebp_msg_filterincludes\class-htserve.php:63
filterwebp_msg_filterincludes\class-htserve.php:86
actionadmin_enqueue_scriptsincludes\class-scripts.php:8
actionadmin_menuincludes\class-settings.php:8
actionadmin_initincludes\class-settings.php:11
filterset-screen-optionincludes\class-settings.php:12
filterwp_get_attachment_image_srcwebp-converter.php:65
filterwp_get_attachment_urlwebp-converter.php:66
actionplugins_loadedwebp-converter.php:67
Maintenance & Trust

Webp Converter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 30, 2025
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Webp Converter Alternatives

Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

robin-image-optimizer

A
98

Unlimited automatic image optimization for WordPress. Compress images, convert to WebP, and improve site speed without losing image quality.

100K 2 CVEs
WebP Images

WebP Images

webp-images

A
85

Convert and compress images to WebP format easily. Speed ​​up your website.

200 No CVEs
Webp Transformer

Webp Transformer

webp-transformer

A
92

Convert images from library to webp and resize them during upload

200 No CVEs
Force WebP

Force WebP

force-webp

A
100

Say goodbye to JPG and PNG – make your site run on fast, modern WebP images.

80 No CVEs
Erdo Image Optimizer – Image SEO, Audit & Speed

Erdo Image Optimizer – Image SEO, Audit & Speed

erdo-image-optimizer

A
100

Next-Gen WebP/AVIF Converter, Image SEO & Auditor. Professional Image Management for your WordPress Media Library.

10 No CVEs
Developer Profile

Webp Converter Developer Profile

aviplugins.com

9 plugins · 8K total installs

62
trust score
Avg Security Score
76/100
Avg Patch Time
617 days
View full developer profile
Detection Fingerprints

How We Detect Webp Converter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/webp-converter/css/jquery-ui.css/wp-content/plugins/webp-converter/css/webp-admin.css/wp-content/plugins/webp-converter/js/ap.cookie.js/wp-content/plugins/webp-converter/js/ap-tabs.js/wp-content/plugins/webp-converter/js/webp.js
Script Paths
/wp-content/plugins/webp-converter/js/ap.cookie.js/wp-content/plugins/webp-converter/js/ap-tabs.js/wp-content/plugins/webp-converter/js/webp.js

HTML / DOM Fingerprints

CSS Classes
apwebp_enableapwebp_dont_conv_image_sizesapwebp_image_quality
HTML Comments
|||||<(`0_0`)>()(afo)()()-()
Data Attributes
data-tabdata-content
JS Globals
apwebp_ajaxapwebp_api_base
REST Endpoints
/wp-json/webpDoConvert/wp-json/webpPluginStatus
FAQ

Frequently Asked Questions about Webp Converter