Checked on February 14, 2025
Possible Issues Detected:
- The plugin may allow arbitrary WordPress options (settings) to be updated based on user input.
- The plugin may allow arbitrary WordPress options (settings) to be deleted based on user input.
- User input is being directly output, which could lead to reflected cross-site scripting (XSS).
- The plugin may use user input to specify a URL to be redirected to, which could allow for an open redirect.
- This plugin may be vulnerable to host header injection due to use of server variables that can rely on the user specified Host header.
Subscribers of our service are able to see the details of the possible issues identified above. Alongside that, any issues that we have already checked on will be noted. You can sign up for the service for free here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.
You should not be contacting the developer of the plugin with these results as they only indicate a possible issues. Instead, someone with the proper expertise should review the plugin to determine if there is in fact an issue before contacting the developer about a confirmed issue, so their time is not taken up unnecessarily.
Plugin Information
- Slug: wp-compress-image-optimizer
- Version: 6.30.07
Get a Professional Security Review
Once you become a paying subscriber of our service you can suggest/vote for the WP Compress to receive a review from us.
If you want to get a review done right away, our price to do that for version 6.30.07 of WP Compress is $1500 USD.
Check Plugin in WordPress Plugin Directory
Check Plugin in ClassicPress Plugin Directory
Check Other Plugin
Subscribers of our service can submit ZIP files of other plugins to have them checked. You can sign up for a free trial of the service here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.
The results of these scans will not be logged.