TinyPNG – JPEG, PNG & WebP image compression

Speed up your website. Optimize your JPEG, PNG, and WebP images automatically with TinyPNG.

v3.6.14TinyPNGUpdated 1 month agoAdded 11 years ago100k+ installs90% rating0% support resolved

Page Speed compress images compression image size performance

Score

196

Errors

141

Warnings

Change

Category Scores

Security0

Repo100

Performance100

Maintainability63

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

337 findings

Security

233

11 issue groups

Maintainability

104

10 issue groups

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$active['unconverted']'.130

Category: Security
Occurrences: 130
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$active['unconverted']'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active".65

Category: Maintainability
Occurrences: 65
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$details['message']'.24

Category: Security
Occurrences: 24
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$details['message']'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;22

Category: Maintainability
Occurrences: 22
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET['image_sizes_selected']19

Category: Security
Occurrences: 19
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['image_sizes_selected']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityMissing Unslash$_GET['image_sizes_selected'] not unslashed before sanitization. Use wp_unslash() or similar19

Category: Security
Occurrences: 19
Severity: warning

Sample message

$_GET['image_sizes_selected'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGSecurityMissingProcessing form data without nonce verification.13

Category: Security
Occurrences: 13
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityRecommendedProcessing form data without nonce verification.9

Category: Security
Occurrences: 9
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORSecurityregister setting MissingSanitization missing for register_setting().8

Category: Security
Occurrences: 8
Severity: error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing Reference

WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_GET['image_sizes_selected']. Check that the array index exists before using it.7

Category: Security
Occurrences: 7
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['image_sizes_selected']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Show 11 more

ERRORMaintainabilitywp function not compatible with requires wp5

Category: Maintainability
Occurrences: 5
Severity: error

Sample message

Function "mb_strlen()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 4.0.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGMaintainabilityNon Prefixed Hookname Found3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wp_ajax_' . $action".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

WARNINGMaintainabilityerror log error log2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log

ERRORSecurityUnsafe Printing Function2

Category: Security
Occurrences: 2
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

ERRORMaintainabilityfile system operations fopen2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen

ERRORMaintainabilityfile system operations is writable2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

WARNINGSecurityUnescaped DBParameter1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 69.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityDirect Query1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo Caching1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGSecuritywp redirect wp redirect1

Category: Security
Occurrences: 1
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

ERRORMaintainabilityfile system operations fclose1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

Score History

First score snapshot

2 days ago

v3.6.14

Latest

Findings: 337
Errors: 196
Warnings: 141
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	38	337	196	141	v3.6.14	2.0.0

Related Plugins

Lazy Load for Comments

2k+ active installs

Media Library File Size

6k+ active installs

QODE Optimizer

20k+ active installs

Kraken.io Image Optimizer – Compress, Convert to WebP & AVIF, Resize & Bulk Optimize

9k+ active installs

Image Optimization For SEO

3k+ active installs

Compress, Resize & Lazy Load Images – WPvivid Image Optimization

10k+ active installs