Maintained by Stealths Works · Repository · Support: support@stealths.works
This is a hardened fork, not the upstream plugin.
Forked from: Resize Image Before Upload by TMM Technology, v1.0.4 (GPLv3).
Why we forked: the upstream plugin (even at its latest version) bundles Swiper 8.2.4, which carries CVE-2026-27212 (CRITICAL). Swiper is used only to render the vendor's promotional "drip notifications" carousel — an ad feed pulled hourly from
wpplugins-midlayer.tmm-technology.comand shown viaadmin_notices. The upstream author has not refreshed the library, so the only way to clear the CRITICAL was to fork and remove the vulnerable code.What this fork changes:
- Disabled the
Notificationsclass — removes all ads/promotions and the remote notification feed (no more hourly external request, no admin_notices ads).- Removed the Swiper registration + enqueue dependencies.
- Deleted the bundled Swiper library (
vendor/tmmtech/wp-plugins-core/libs/swiper).- Set
Update URI: falseso WordPress never overwrites this fork from wp.org.The core feature — client-side image resize before upload — is unchanged. Full record: see
SECURITY-vuln-exceptions.mdat the repository root.
A WordPress plugin for client-side uploaded images resize (to do it client-side instead of backend-side and make the life of backend easier).
| Name | Description |
|---|---|
| Plupload v 2.2.1 | Plupload v. 2.2.1 to replace the 2.1.9 used in WP that has the bad resizing algorithm. |