WP-Safety

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Security & Risk Analysis

wordpress.org/plugins/wp-retina-2x

Optimize image sizes, regenerate thumbnails, enable retina, convert to WebP/AVIF, or use cloud optimization. An essential image toolkit.

70K active installs v7.1.4 PHP 7.4+ WP 6.0+ Updated Mar 10, 2026
avifregenerateretinathumbnailswebp
99
A · Safe
CVEs total3
Unpatched0
Last CVENov 28, 2023
Plugin page Download
Safety Verdict

Is Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Safe to Use in 2026?

Generally Safe

Score 99/100

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 28, 2023Updated 24d ago
Risk Assessment

The "wp-retina-2x" plugin v7.1.4 presents a mixed security posture. While the attack surface appears minimal with no apparent unprotected entry points such as AJAX handlers, REST API routes, or shortcodes, there are significant underlying concerns. The presence of dangerous functions like `exec` and `unserialize` in the codebase warrants careful attention, as these can be exploited if not handled with extreme caution and proper sanitization. The taint analysis, although limited to one flow, indicated an unsanitized path, which is a direct security risk. The plugin also exhibits a history of known vulnerabilities, with three medium-severity CVEs primarily related to information exposure and cross-site scripting. The recentness of the last vulnerability (November 2023) suggests that while past issues may have been patched, ongoing vigilance is crucial. The lack of any nonce checks across the entire plugin is a notable weakness, especially concerning as the plugin interacts with files. While capability checks are present, the absence of nonce verification on potential AJAX or other interactive elements leaves it open to certain types of attacks.

Key Concerns

  • Dangerous functions (exec, unserialize) found
  • Flows with unsanitized paths found
  • 3 medium severity CVEs in history
  • No nonce checks implemented
  • SQL queries not fully prepared (31% not)
  • Some output not properly escaped (12%)
Vulnerabilities
3

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2018
2018
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2023-44982medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP Retina 2x <= 6.4.5 - Sensitive Information Exposure

Nov 28, 2023 Patched in 6.4.6 (56d)
CVE-2018-20983medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Perfect Images <= 5.2.2 - Cross-Site Scripting

Jan 14, 2018 Patched in 5.2.3 (2200d)
CVE-2018-0511medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Retina 2x <= 5.2.0 - Cross-Site Scripting

Nov 27, 2017 Patched in 5.2.2 (2248d)
Code Analysis
Analyzed Mar 16, 2026

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Code Analysis

Dangerous Functions
4
Raw SQL Queries
5
11 prepared
Unescaped Output
4
29 escaped
Nonce Checks
0
Capability Checks
15
File Operations
55
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

execexec( 'whereis whereis', $test_output, $test_result_code );classes\rest.php:287
execexec( 'which whereis', $which_output, $which_result_code );classes\rest.php:295
execexec( $command, $output, $result_code );classes\rest.php:466
unserialize$entry->metadata = unserialize( $entry->metadata );classes\rest.php:663

SQL Query Safety

69% prepared16 total queries

Output Escaping

88% escaped33 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<wr2x_image> (wr2x_image.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 44
actionadmin_menuclasses\admin.php:14
actionadmin_noticesclasses\admin.php:15
actionadmin_enqueue_scriptsclasses\admin.php:16
actionplugins_loadedclasses\core.php:35
actionwp_enqueue_scriptsclasses\core.php:50
filtergenerate_rewrite_rulesclasses\core.php:51
filterretina_validate_srcclasses\core.php:52
filterwp_calculate_image_srcsetclasses\core.php:53
filterwp_calculate_image_srcsetclasses\core.php:55
filterwp_get_attachment_image_srcclasses\core.php:56
actionafter_setup_themeclasses\core.php:58
filtermedia_row_actionsclasses\core.php:61
filterattachment_fields_to_editclasses\core.php:64
actionadd_meta_boxesclasses\core.php:65
filterbig_image_size_thresholdclasses\core.php:68
filterintermediate_image_sizes_advancedclasses\core.php:72
filterintermediate_image_sizes_advancedclasses\core.php:76
filterintermediate_image_sizes_advancedclasses\core.php:80
actionwp_headclasses\core.php:94
actionwp_footerclasses\core.php:95
actionwp_headclasses\core.php:103
actionwp_footerclasses\core.php:104
filterimage_size_names_chooseclasses\core.php:229
filterintermediate_image_sizes_advancedclasses\core.php:230
actionadmin_menuclasses\dashboard.php:9
filterwp_generate_attachment_metadataclasses\engine.php:9
actiondelete_attachmentclasses\engine.php:10
actionadmin_noticesclasses\init.php:7
filtermanage_media_columnsclasses\library.php:9
actionmanage_media_custom_columnclasses\library.php:10
actionrest_api_initclasses\rest.php:22
actionadmin_noticescommon\admin.php:72
filterplugin_row_metacommon\admin.php:77
filteredd_sl_api_request_verify_sslcommon\admin.php:78
actioninitcommon\admin.php:96
actionadmin_menucommon\admin.php:153
filteradmin_footer_textcommon\admin.php:158
actionadmin_footercommon\admin.php:218
actionadmin_headcommon\admin.php:456
actionadmin_noticescommon\news.php:43
filtersafe_style_csscommon\news.php:44
actionadmin_noticescommon\ratings.php:33
filtersafe_style_csscommon\ratings.php:34
actionrest_api_initcommon\rest.php:14
Maintenance & Trust

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads5.9M

Community Trust

Rating96/100
Number of ratings278
Active installs70K
Alternatives

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

A
99

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

A
100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs
Force Regenerate Thumbnails

Force Regenerate Thumbnails

force-regenerate-thumbnails

A
100

Delete and REALLY force thumbnail regeneration.

200K No CVEs
Modern Image Formats

Modern Image Formats

webp-uploads

A
100

Converts images to more modern formats such as WebP or AVIF during upload.

100K No CVEs
reGenerate Thumbnails Advanced

reGenerate Thumbnails Advanced

regenerate-thumbnails-advanced

A
100

Regenerate thumbnails quickly and easily, including forced regeneration; very useful when changing a theme or adding new thumbnail sizes.

70K No CVEs
Developer Profile

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF Developer Profile

Jordy Meow

27 plugins · 371K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
372 days
View full developer profile
Detection Fingerprints

How We Detect Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-retina-2x/app/vendor.js/wp-content/plugins/wp-retina-2x/app/index.js
Script Paths
/wp-content/plugins/wp-retina-2x/app/vendor.js/wp-content/plugins/wp-retina-2x/app/index.js
Version Parameters
wp-retina-2x/app/vendor.js?ver=wp-retina-2x/app/index.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-wr2x-admin
JS Globals
wr2x_retina
REST Endpoints
/wp-retina-2x/v1/
FAQ

Frequently Asked Questions about Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF