Does WP Squish have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Squish compatible with WordPress 6.6.5?

According to WordPress.org data, WP Squish 1.0.1 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Squish updated?

WP Squish was last updated on Aug 12, 2024. Frequent updates are generally a positive security signal.

What is WP Squish's security score?

WP Squish has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Squish Security & Risk Analysis

wordpress.org/plugins/wp-squish

Reduce the amount of storage space consumed by your WordPress installation through the application of user-definable JPEG compression levels and image …

100 active installs v1.0.1 PHP + WP 3.5+ Updated Aug 12, 2024

compresscompressionimagesmediasize

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Squish Safe to Use in 2026?

Generally Safe

Score 92/100

WP Squish has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "wp-squish" v1.0.1 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface, with no identified AJAX handlers, REST API routes, or shortcodes that are exposed without authentication or permission checks. Furthermore, there are no known vulnerabilities (CVEs) associated with this plugin, which suggests a history of stable and secure development, or at least a lack of publicly disclosed issues.

However, several concerns arise from the static code analysis. The significant percentage of SQL queries that do not use prepared statements is a major red flag, indicating a high risk of SQL injection vulnerabilities. The presence of unsanitized paths in the taint analysis, although not resulting in critical or high severity flows in this specific analysis, still points to potential path traversal or file inclusion vulnerabilities if the inputs are not rigorously validated elsewhere. Additionally, the low percentage of properly escaped output suggests a risk of Cross-Site Scripting (XSS) vulnerabilities.

While the absence of past vulnerabilities is encouraging, it doesn't negate the risks identified in the current codebase. The plugin's strengths lie in its limited attack surface and lack of known exploits, but the identified weaknesses in SQL query preparation, output escaping, and potential unsanitized paths require attention. Improvements in these areas are crucial for enhancing the plugin's overall security.

Key Concerns

SQL queries not using prepared statements
Unsanitized paths in taint analysis
Low percentage of properly escaped output
Lack of capability checks

Vulnerabilities

None known

WP Squish Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Squish Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

WP Squish Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

38% escaped21 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

template_redirect (includes\pro\pro.php:106)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Squish Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 16

actiontemplate_redirectincludes\pro\pro.php:14

filterpp_wpsq_make_imageincludes\pro\pro.php:15

actionpp_wpsq_admin_page_optionsincludes\pro\pro.php:17

actionpp_wpsq_image_resizedincludes\pro\pro.php:18

actionpp_wpsq_admin_page_extra_sectionsincludes\pro\pro.php:19

filtercron_schedulesincludes\pro\pro.php:20

actionpp_wpsq_api_runincludes\pro\pro.php:21

actionpp_wpsq_image_sizes_table_header_rowincludes\pro\pro.php:22

actionpp_wpsq_image_sizes_table_body_rowincludes\pro\pro.php:23

filterintermediate_image_sizes_advancedincludes\pro\pro.php:136

filterpp_wpsq_make_imageincludes\pro\pro.php:137

actionadmin_enqueue_scriptswp-squish.php:43

actionadmin_menuwp-squish.php:44

filterwp_image_editorswp-squish.php:45

filterwp_generate_attachment_metadatawp-squish.php:46

filterpp_wpsq_make_imagewp-squish.php:263

Scheduled Events 1

pp_wpsq_api_run

Maintenance & Trust

WP Squish Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 12, 2024

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

WP Squish Alternatives

TinyPNG – JPEG, PNG & WebP image compression

tiny-compress-images

Speed up your website. Optimize your JPEG, PNG, and WebP images automatically with TinyPNG.

100K 1 CVE

Mass Resizer

mass-resizer

100

Mass Resizer allows bulk image resizing, safe WebP conversion, and automatic metadata preservation — improving page speed and optimizing media librari …

30 No CVEs

Smart Image Editor

smart-image-editor

100

Resize, crop, and compress images directly in the Media Library — with manual crop frame, zoom & pan, WebP export, and live preview.

30 No CVEs

DMN (Image Compression)

dmn-image-compression

100

The DMN Image Compression plugin automatically compresses and optimizes images uploaded to your WordPress site using a self-hosted compression gateway …

0 No CVEs

Resizeer

resizeer

Optimize your images automatically and forget about resizing and compressing them manually before uploading to your WordPress site.

0 No CVEs

Developer Profile

WP Squish Developer Profile

WP Zone

22 plugins · 40K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect WP Squish

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-squish/css/admin.css/wp-content/plugins/wp-squish/css/rangeslider.css/wp-content/plugins/wp-squish/js/admin.js/wp-content/plugins/wp-squish/js/rangeslider.min.js

Script Paths

/wp-content/plugins/wp-squish/js/admin.js/wp-content/plugins/wp-squish/js/rangeslider.min.js

Version Parameters

wp-squish/css/admin.css?ver=wp-squish/css/rangeslider.css?ver=wp-squish/js/admin.js?ver=wp-squish/js/rangeslider.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

pp-wpsq-adminpp-wpsq-intropp-wpsq-form-sectionpp-wpsq-form-rowpp-wpsq-cb-descriptionpp-wpsq-image-sizes-tablepp-wpsq-alignleftpp-wpsq-aligncenter+4 more

HTML Comments

<!-- 
	This plugin contains code copied from WordPress. WordPress code is
	copyright by the WordPress contributors and released under the GNU
	General Public License version 2 or later, licensed under the GNU
	General Public License version 3 or later.
 -->

+1 more

Data Attributes

id="pp-wpsq-admin"id="pp-wpsq-intro"class="pp-wpsq-form-section"class="pp-wpsq-form-row"class="description pp-wpsq-cb-description"id="pp-wpsq-image-sizes-table"+6 more

JS Globals

window.jQuery

FAQ