Does Zara 4 Image Compression have any unpatched vulnerabilities?

Yes — Zara 4 Image Compression currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Zara 4 Image Compression compatible with WordPress 5.1.22?

According to WordPress.org data, Zara 4 Image Compression 1.2.17.2 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

How often is Zara 4 Image Compression updated?

Zara 4 Image Compression was last updated on Mar 13, 2019. Frequent updates are generally a positive security signal.

What is Zara 4 Image Compression's security score?

Zara 4 Image Compression has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zara 4 Image Compression Security & Risk Analysis

wordpress.org/plugins/zara-4

Compress your images by up to 90% and make your website load faster. Improve your SEO. Reduce your bandwidth.

100 active installs v1.2.17.2 PHP + WP 3.0.1+ Updated Mar 13, 2019

compress-imageimage-compressionimage-optimizeroptimize-imagessmaller-images

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is Zara 4 Image Compression Safe to Use in 2026?

Use With Caution

Score 63/100

Zara 4 Image Compression has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 7yr ago

Risk Assessment

The "zara-4" plugin version 1.2.17.2 exhibits a significant security risk due to its completely unprotected attack surface. All 15 identified AJAX handlers lack any form of authentication or capability checks, meaning any unauthenticated user can trigger these functions. While the static analysis shows no dangerous functions, SQL queries are prepared, and output is escaped, these are overshadowed by the severe lack of authorization. The plugin has a history of a medium severity vulnerability related to Missing Authorization, and it is currently unpatched. This pattern, coupled with the current findings of numerous unprotected entry points, strongly suggests a recurring and fundamental flaw in the plugin's security design and implementation regarding access control.

Key Concerns

All AJAX handlers lack auth checks
Unpatched CVE (Medium Severity)
Missing capability checks
Missing nonce checks

Vulnerabilities

Zara 4 Image Compression Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49969medium · 4.3Missing Authorization

Zara 4 Image Compression <= 1.2.17.2 - Missing Authorization

Jun 19, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Zara 4 Image Compression Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

15 unprotected

Zara 4 Image Compression Attack Surface

Entry Points15

Unprotected15

AJAX Handlers 15

authwp_ajax_zara4_compresszara-4.php:164

authwp_ajax_zara4_compress_sizeszara-4.php:165

authwp_ajax_zara4_restore_backupzara-4.php:168

authwp_ajax_zara4_restore_backup_for_sizeszara-4.php:169

authwp_ajax_zara4_delete_backupzara-4.php:172

authwp_ajax_zara4_delete_backup_for_sizeszara-4.php:173

authwp_ajax_zara4_exclude_from_bulk_compressionzara-4.php:176

authwp_ajax_zara4_include_in_bulk_compressionzara-4.php:177

authwp_ajax_zara4_exclude_all_uncompressed_images_from_bulk_compressionzara-4.php:178

authwp_ajax_zara4_include_all_uncompressed_images_in_bulk_compressionzara-4.php:179

authwp_ajax_zara4_uncompressed_imageszara-4.php:182

authwp_ajax_zara4_image_classification_countszara-4.php:183

authwp_ajax_zara4_compression_infozara-4.php:184

authwp_ajax_zara4_images_with_backupzara-4.php:187

authwp_ajax_zara4_delete_all_backupszara-4.php:188

WordPress Hooks 10

actionplugins_loadedzara-4.php:95

actionadmin_menuzara-4.php:102

actionwp_loadedzara-4.php:108

actionadmin_enqueue_scriptszara-4.php:123

actionadmin_noticeszara-4.php:132

actionwp_dashboard_setupzara-4.php:141

filtermanage_media_columnszara-4.php:151

actionmanage_media_custom_columnzara-4.php:154

filterwp_generate_attachment_metadatazara-4.php:199

actiondelete_attachmentzara-4.php:203

Maintenance & Trust

Zara 4 Image Compression Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedMar 13, 2019

PHP min version

Downloads25K

Community Trust

Rating82/100

Number of ratings7

Active installs100

Alternatives

Zara 4 Image Compression Alternatives

Squeeze – Image Optimization & Compression, WEBP Conversion

squeeze

Unlimited. Private. Instant. Squeeze compresses and converts your images directly in your browser — no external servers and no upload limits.

1K 3 CVEs

Image Optimizer PRO – Optimize Images, Convert AVIF & WebP

image-optimizer-pro

100

Optimize and serve your images in AVIF or webp format on-the-fly, boosting site performance and decreasing load times with our network distribution.

100 No CVEs

OptiPic images optimization

optipic

Automatic optimize images on your site according to the recommendations of Google PageSpeed Insights. Automatic convert all site images to WebP if vis …

80 No CVEs

WPOptimizers – Image Optimizer Lite

wpoptimizers-image-optimizer-lite

100

Lightweight image optimizer for WordPress. Compress images with one click for faster, better-performing websites.

70 No CVEs

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs

Developer Profile

Zara 4 Image Compression Developer Profile

Zara 4

1 plugin · 100 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Zara 4 Image Compression

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zara-4/assets/css/backend.css/wp-content/plugins/zara-4/assets/css/frontend.css/wp-content/plugins/zara-4/assets/css/images.css/wp-content/plugins/zara-4/assets/css/settings.css/wp-content/plugins/zara-4/assets/css/style.css/wp-content/plugins/zara-4/assets/js/backend.js/wp-content/plugins/zara-4/assets/js/backend/attachment.js/wp-content/plugins/zara-4/assets/js/backend/bulk.js+6 more

Script Paths

/wp-content/plugins/zara-4/assets/js/backend.js/wp-content/plugins/zara-4/assets/js/backend/attachment.js/wp-content/plugins/zara-4/assets/js/backend/bulk.js/wp-content/plugins/zara-4/assets/js/backend/images.js/wp-content/plugins/zara-4/assets/js/backend/settings.js/wp-content/plugins/zara-4/assets/js/frontend.js+3 more

Version Parameters

zara-4/style.css?ver=zara-4/backend.css?ver=zara-4/frontend.css?ver=zara-4/images.css?ver=zara-4/settings.css?ver=zara-4/backend.js?ver=zara-4/backend/attachment.js?ver=zara-4/backend/bulk.js?ver=zara-4/backend/images.js?ver=zara-4/backend/settings.js?ver=zara-4/frontend.js?ver=zara-4/images.js?ver=zara-4/settings.js?ver=zara-4/style.js?ver=

HTML / DOM Fingerprints

CSS Classes

zara4zara4-bulk-action-wrapperzara4-media-columnszara4-settings-sectionzara4-spinner

HTML Comments

Data Attributes

data-zara4-iddata-zara4-compressed

JS Globals

zara4_backend_paramszara4_images_params

REST Endpoints

/wp-json/zara4/v1/compress/wp-json/zara4/v1/restore_backup/wp-json/zara4/v1/delete_backup/wp-json/zara4/v1/uncompressed_images

FAQ