Does Modern Image Formats have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Modern Image Formats compatible with WordPress 6.9.4?

According to WordPress.org data, Modern Image Formats 2.6.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Modern Image Formats compatible with PHP 7.2+?

Modern Image Formats requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Modern Image Formats updated?

Modern Image Formats was last updated on Jan 9, 2026. Frequent updates are generally a positive security signal.

What is Modern Image Formats's security score?

Modern Image Formats has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Modern Image Formats Security & Risk Analysis

wordpress.org/plugins/webp-uploads

Converts images to more modern formats such as WebP or AVIF during upload.

100K active installs v2.6.1 PHP 7.2+ WP 6.6+ Updated Jan 9, 2026

avifimagesmodern-image-formatsperformancewebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Modern Image Formats Safe to Use in 2026?

Generally Safe

Score 100/100

Modern Image Formats has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The webp-uploads v2.6.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength. Furthermore, the plugin demonstrates excellent secure coding practices by exclusively using prepared statements for all SQL queries, having no identified dangerous functions, file operations, or external HTTP requests. The high percentage of properly escaped output (89%) is also a positive indicator, minimizing the risk of cross-site scripting vulnerabilities. Taint analysis revealed no unsanitized paths, further bolstering the plugin's security. The complete lack of a vulnerability history, including any known CVEs, suggests a history of secure development and maintenance.

While the static analysis presents a very clean profile, the lack of any nonce or capability checks across the entire plugin is a notable concern, even with zero identified entry points. If future versions introduce new entry points without these essential security measures, it could create significant vulnerabilities. The absence of taint analysis flows and the limited scope of the static analysis (only 0 flows analyzed) might mean that certain complex or subtle vulnerabilities could be missed. However, based strictly on the provided data, the plugin appears to be very secure. The absence of these checks represents a potential weakness that, while not currently exploited due to the minimal attack surface, could become a critical issue if the plugin evolves.

In conclusion, webp-uploads v2.6.1 currently presents a low security risk due to its minimal attack surface and adherence to secure coding practices. The absence of vulnerabilities in its history is reassuring. The primary area for improvement, and a potential future risk, lies in implementing nonce and capability checks for any new functionalities introduced. The current score reflects a robust and well-developed plugin.

Key Concerns

No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Modern Image Formats Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Modern Image Formats Release Timeline

v2.6.1Current

v2.6.0

v2.5.1

v2.5.0

v2.4.0

v2.3.0

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.1.1

v1.1.0

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Modern Image Formats Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped18 total outputs

Attack Surface

Modern Image Formats Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 27

filterimage_editor_output_formathelper.php:182

filterwp_generate_attachment_metadatahooks.php:253

filterwp_get_missing_image_subsizeshooks.php:317

filterimage_editor_output_formathooks.php:355

actiondelete_attachmenthooks.php:540

filterpost_thumbnail_htmlhooks.php:681

filterwp_editor_set_qualityhooks.php:738

actionwp_headhooks.php:751

filterwp_content_img_taghooks.php:853

filterrender_block_core/coverhooks.php:856

filterrender_block_core/grouphooks.php:857

actioninithooks.php:859

actionplugins_loadedhooks.php:885

filterwebp_uploads_image_sizes_with_additional_mime_type_supporthooks.php:906

filterwp_handle_upload_prefilterhooks.php:971

filterwp_handle_sideload_prefilterhooks.php:972

filterwp_update_attachment_metadataimage-edit.php:138

filterimage_editor_output_formatimage-edit.php:234

filterimage_editor_output_formatimage-edit.php:246

filterwp_save_image_editor_fileimage-edit.php:265

filterwp_update_attachment_metadataimage-edit.php:318

actionadded_post_metaimage-edit.php:392

actionupdated_post_metaimage-edit.php:393

filterwp_calculate_image_srcsetpicture-element.php:147

filterrest_prepare_attachmentrest-api.php:62

actioninitsettings.php:69

actionadmin_initsettings.php:133

Maintenance & Trust

Modern Image Formats Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 9, 2026

PHP min version7.2

Downloads985K

Community Trust

Rating66/100

Number of ratings23

Active installs100K

Alternatives

Modern Image Formats Alternatives

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF

imgsmaller

100

Compress and optimize your WordPress media library images using the ImgSmaller API with automated backups and restore controls.

0 No CVEs

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.

1.0M No CVEs

WebP Express

webp-express

Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP.

300K 3 CVEs

WebP Express Plus

webp-express-plus

Exclusion of necessary images from processing by the "WebP Express" plugin

700 No CVEs

Developer Profile

Modern Image Formats Developer Profile

WordPress Performance Team

10 plugins · 690K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

336 days

View full developer profile

Detection Fingerprints

How We Detect Modern Image Formats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webp-uploads/picture-element.css/wp-content/plugins/webp-uploads/picture-element.js

Script Paths

/wp-content/plugins/webp-uploads/picture-element.js

Version Parameters

webp-uploads/picture-element.css?ver=webp-uploads/picture-element.js?ver=

HTML / DOM Fingerprints

CSS Classes

webp-uploads-picture

Data Attributes

data-webp-uploads-original-src

JS Globals

webp_uploads_settings

REST Endpoints

/wp-json/webp-uploads/v1/settings

FAQ