Does WP Compress for MainWP have any unpatched vulnerabilities?

Yes — WP Compress for MainWP currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Compress for MainWP compatible with WordPress 6.8.5?

According to WordPress.org data, WP Compress for MainWP 6.60.17 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Compress for MainWP compatible with PHP 7.0+?

WP Compress for MainWP requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Compress for MainWP updated?

WP Compress for MainWP was last updated on Jan 5, 2026. Frequent updates are generally a positive security signal.

What is WP Compress for MainWP's security score?

WP Compress for MainWP has a WP-Safety security score of 74/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Compress for MainWP Security & Risk Analysis

wordpress.org/plugins/wp-compress-mainwp

Install, activate and connect WP Compress across all of your MainWP Child Sites.

800 active installs v6.60.17 PHP 7.0+ WP 6.5+ Updated Jan 5, 2026

image-optimizationmainwpoptimizerperformancewpcompress

B · Generally Safe

CVEs total3

Unpatched1

Last CVENov 29, 2025

Download

Safety Verdict

Is WP Compress for MainWP Safe to Use in 2026?

Mostly Safe

Score 74/100

WP Compress for MainWP is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Nov 29, 2025Updated 2mo ago

Risk Assessment

The "wp-compress-mainwp" plugin v6.60.17 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by not exposing any REST API routes, shortcodes, or cron events, significantly limiting its attack surface. Furthermore, all identified SQL queries utilize prepared statements, and there are no identified dangerous functions or file operations, which are strong indicators of secure coding principles.

However, concerns arise from the vulnerability history, with three known CVEs, one of which remains unpatched. The historical prevalence of "Missing Authorization" and "Server-Side Request Forgery (SSRF)" vulnerabilities suggests potential recurring weaknesses in how the plugin handles user permissions and external requests. The static analysis also highlights that while most entry points have authorization checks, a considerable percentage (54%) of output operations are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the data originates from untrusted sources.

In conclusion, while "wp-compress-mainwp" has implemented several security best practices, the presence of an unpatched medium severity vulnerability and a history of authorization and SSRF issues necessitate immediate attention. The lack of proper output escaping on a significant portion of its output points is another area of concern. Addressing the outstanding vulnerability and improving output sanitization are critical steps to improve the overall security of this plugin.

Key Concerns

Unpatched medium severity CVE
Vulnerable to SSRF (historical pattern)
Vulnerable to Missing Authorization (historical pattern)
54% of outputs not properly escaped

Vulnerabilities

WP Compress for MainWP Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-64639medium · 5.3Missing Authorization

Compress for MainWP <= 6.50.07 - Missing Authorization

Nov 29, 2025Unpatched

CVE-2025-30932medium · 4.3Missing Authorization

WP Compress for MainWP <= 6.30.32 - Missing Authorization

Jun 5, 2025 Patched in 6.50.05 (29d)

CVE-2025-31076medium · 6.4Server-Side Request Forgery (SSRF)

WP Compress for MainWP <= 6.30.03 - Authenticated (Subscriber+) Server-Side Request Forgery

Mar 28, 2025 Patched in 6.30.06 (7d)

Code Analysis

Analyzed Mar 16, 2026

WP Compress for MainWP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

54% escaped13 total outputs

Attack Surface

WP Compress for MainWP Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_connect_wpcompressclasses\ajax.class.php:12

authwp_ajax_wpc_checkSiteConnectionclasses\ajax.class.php:13

authwp_ajax_create_apikey_wpcompressclasses\ajax.class.php:14

authwp_ajax_connect_apikey_wpcompressclasses\ajax.class.php:15

WordPress Hooks 6

filtermainwp_getsubpages_sitesclasses\settings.class.php:11

filtermainwp_getextensionswp-compress-main-wp.php:37

actionmainwp_activatedwp-compress-main-wp.php:43

actionadmin_initwp-compress-main-wp.php:46

actionadmin_enqueue_scriptswp-compress-main-wp.php:47

actionadmin_footerwp-compress-main-wp.php:48

Maintenance & Trust

WP Compress for MainWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 5, 2026

PHP min version7.0

Downloads15K

Community Trust

Rating94/100

Number of ratings3

Active installs800

Alternatives

WP Compress for MainWP Alternatives

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Everything you need for a faster website – smart optimization, advanced caching, adaptive images, WebP creation, script improvements, optional CDN del …

10K 13 CVEs

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Optimole – Optimize Images in Real Time

optimole-wp

Automatically optimize images: bulk compression, lazy loading, WebP/AVIF conversion. With CloudFront image CDN to boost Core Web Vitals & conversions!

200K 3 CVEs

reSmush.it : The original free image compressor and optimizer plugin

resmushit-image-optimizer

reSmush.it is the FREE image compressor and optimizer plugin - use it to optimize your images and improve the SEO and performance of your website.

100K 3 CVEs

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …

7K No CVEs

Developer Profile

WP Compress for MainWP Developer Profile

WP Compress

1 plugin · 800 total installs

trust score

Avg Security Score

74/100

Avg Patch Time

18 days

View full developer profile

Detection Fingerprints

How We Detect WP Compress for MainWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-compress-mainwp/assets/css/style.css/wp-content/plugins/wp-compress-mainwp/assets/js/scripts.js/wp-content/plugins/wp-compress-mainwp/assets/swal/sweetalert2.all.min.js/wp-content/plugins/wp-compress-mainwp/assets/swal/sweetalert2.min.css

Script Paths

/wp-content/plugins/wp-compress-mainwp/assets/js/scripts.js/wp-content/plugins/wp-compress-mainwp/assets/swal/sweetalert2.all.min.js

Version Parameters

/wp-content/plugins/wp-compress-mainwp/assets/css/style.css?ver=/wp-content/plugins/wp-compress-mainwp/assets/js/scripts.js?ver=/wp-content/plugins/wp-compress-mainwp/assets/swal/sweetalert2.all.min.js?ver=/wp-content/plugins/wp-compress-mainwp/assets/swal/sweetalert2.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

ic-popupic-connect-formic-form-holderic-form-loadingwps-i-disconnect

HTML Comments

Data Attributes

data-action="wpcompress_connect_action"data-nonce="wpcompress_connect_nonce"name="wpcompress[username]"name="wpcompress[password]"value="Connect"

JS Globals

wpic_mainwp_ajaxwpic_mainwp_settingsMainWPWPCompressExtensionActivatoric_mainwp_connectedmainwp_wpcompress_extension_activatedchildEnabled

FAQ