Try our new Security Scorecard plugin to see if your site has security issues that should be addressed.

Plugin Security Checker Results of WP Compress Plugin for WordPress

Checked on February 14, 2025


Possible Issues Detected:


  • The plugin may allow arbitrary WordPress options (settings) to be updated based on user input.

  • The plugin may allow arbitrary WordPress options (settings) to be deleted based on user input.

  • User input is being directly output, which could lead to reflected cross-site scripting (XSS).

  • The plugin may use user input to specify a URL to be redirected to, which could allow for an open redirect.

  • This plugin may be vulnerable to host header injection due to use of server variables that can rely on the user specified Host header.

Subscribers of our service are able to see the details of the possible issues identified above. Alongside that, any issues that we have already checked on will be noted. You can sign up for the service for free here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.

You should not be contacting the developer of the plugin with these results as they only indicate a possible issues. Instead, someone with the proper expertise should review the plugin to determine if there is in fact an issue before contacting the developer about a confirmed issue, so their time is not taken up unnecessarily.

The plugin may contain security issues that cannot be found by this tool. Paying subscribers of our service can suggest/vote for the plugin to receive a thought security review from us for no additional cost. If you want to get a review done right away, our price to do that for version 6.30.07 of the plugin would be $1500 USD.


Plugin Security Scorecard Grade:

D+

Plugin Information

  • Slug: wp-compress-image-optimizer
  • Version: 6.30.07




Check Plugin in WordPress Plugin Directory


Check Plugin in ClassicPress Plugin Directory



Check Other Plugin

Subscribers of our service can submit ZIP files of other plugins to have them checked. You can sign up for a free trial of the service here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.

The results of these scans will not be logged.