WP-Safety

WebPioneer Security & Risk Analysis

wordpress.org/plugins/webpioneer

Compatibility-first WebP conversion for WordPress with upload-time conversion, bulk tools, delivery safety, and local processing.

0 active installs v1.0.1 PHP 7.4+ WP 6.0+ Updated Apr 3, 2026
imagesmedia-libraryperformancewebpwebp-converter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WebPioneer Safe to Use in 2026?

Generally Safe

Score 100/100

WebPioneer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The webpioneer plugin v1.0.1 exhibits a strong security posture based on the provided static analysis. All identified entry points, including two AJAX handlers, are properly protected with nonce and capability checks, which is a significant strength. The complete absence of dangerous functions, raw SQL queries, unsanitized taint flows, and improperly escaped output further reinforces this positive assessment. The plugin also demonstrates good practices by avoiding bundled libraries and external HTTP requests, which can reduce the attack surface and potential for supply chain vulnerabilities. The lack of any recorded vulnerabilities, past or present, is a strong indicator of a well-developed and secure plugin. However, while the current analysis shows no immediate critical threats, the presence of file operations, though unanalyzed for potential risks in this report, warrants careful consideration in a more in-depth review. Overall, this plugin appears to be robustly developed with security in mind, but ongoing vigilance and occasional deeper code reviews for file operations would be prudent.

Vulnerabilities
None known

WebPioneer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WebPioneer Release Timeline

v1.0.1Current
Code Analysis
Analyzed Apr 16, 2026

WebPioneer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
436 escaped
Nonce Checks
8
Capability Checks
10
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped436 total outputs
Attack Surface

WebPioneer Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_webpioneer_bulk_stepincludes/api/class-webpioneer-api.php:33
authwp_ajax_webpioneer_convert_oneincludes/api/class-webpioneer-api.php:34
WordPress Hooks 13
actionadmin_post_webpioneer_bulk_convertincludes/api/class-webpioneer-api.php:27
actionadmin_post_webpioneer_refresh_statsincludes/api/class-webpioneer-api.php:28
actionadmin_post_webpioneer_download_audit_csvincludes/api/class-webpioneer-api.php:29
actionadmin_post_webpioneer_clear_audit_logincludes/api/class-webpioneer-api.php:30
actionadmin_post_webpioneer_save_settingsincludes/api/class-webpioneer-api.php:31
actionadmin_post_webpioneer_install_rewrite_rulesincludes/api/class-webpioneer-api.php:32
filterwp_handle_uploadwebpioneer.php:33
filterwp_generate_attachment_metadatawebpioneer.php:34
filterwp_get_attachment_urlwebpioneer.php:35
filterwp_get_attachment_image_srcwebpioneer.php:36
filterwp_calculate_image_srcsetwebpioneer.php:37
actionadmin_menuwebpioneer.php:38
actionadmin_enqueue_scriptswebpioneer.php:39
Maintenance & Trust

WebPioneer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 3, 2026
PHP min version7.4
Downloads72

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WebPioneer Alternatives

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF

ImgSmaller – Optimize Images | Compress Images | Convert WebP & AVIF

imgsmaller

A
100

Compress and optimize your WordPress media library images using the ImgSmaller API with automated backups and restore controls.

0 No CVEs
WebP Express

WebP Express

webp-express

A
95

Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP.

300K 3 CVEs
Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

robin-image-optimizer

A
98

Unlimited automatic image optimization for WordPress. Compress images, convert to WebP, and improve site speed without losing image quality.

100K 2 CVEs
Modern Image Formats

Modern Image Formats

webp-uploads

A
100

Converts images to more modern formats such as WebP or AVIF during upload.

100K No CVEs
LWS Optimize – All-in-One Speed Booster & Cache Tools

LWS Optimize – All-in-One Speed Booster & Cache Tools

lws-optimize

A
99

All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!

10K 2 CVEs
Developer Profile

WebPioneer Developer Profile

Perfecto Group

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WebPioneer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/webpioneer/assets/css/admin.css/wp-content/plugins/webpioneer/assets/js/admin.js
Script Paths
/wp-content/plugins/webpioneer/assets/js/admin.js
Version Parameters
webpioneer/assets/css/admin.css?ver=webpioneer/assets/js/admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- WebP Pioneer Admin Dashboard --><!-- WebP Pioneer Audit Log --><!-- WebP Pioneer Gallery Preview --><!-- WebP Pioneer Diagnostics Snapshot -->
Data Attributes
data-webpioneer-admin-pagedata-webpioneer-noncedata-webpioneer-total-itemsdata-webpioneer-chart-datadata-webpioneer-page-urldata-webpioneer-running-text+25 more
JS Globals
webpioneerAdmin
REST Endpoints
/wp-json/webpioneer/v1/process/wp-json/webpioneer/v1/settings/wp-json/webpioneer/v1/scan
FAQ

Frequently Asked Questions about WebPioneer