WP-Safety

AATI WP Finetuning Security & Risk Analysis

wordpress.org/plugins/aati-wp-finetuning

Fine tuning a WP setup by removing or adding options , just for easy updating setting on all my personal sites. If useful for someone else , use it :- …

30 active installs v0.9.2 PHP 8.0+ WP 6.2.2+ Updated Nov 17, 2024
aati-finetuning-fail2ban-login-logon-security-cronjob
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AATI WP Finetuning Safe to Use in 2026?

Generally Safe

Score 92/100

AATI WP Finetuning has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "aati-wp-finetuning" v0.9.2 exhibits a mixed security posture. On the positive side, it has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and the plugin does not make external HTTP requests. This indicates good practices in preventing common web vulnerabilities.

However, there are significant concerns. The presence of the dangerous function `shell_exec` is a major red flag, as it can allow for arbitrary command execution if not handled with extreme caution and strict input validation, which is not evident from the provided data. The lack of nonce checks on AJAX handlers (though there are none, this signals a potential gap if any were to be added) and the moderate rate of unescaped output (67% is not ideal) also represent potential weaknesses that could be exploited.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a strength, but it does not negate the risks identified in the code analysis. The combination of a small attack surface with a dangerous function and some output escaping issues suggests that while the plugin might be relatively safe in its current form due to limited entry points, a single flaw in the handling of `shell_exec` could lead to severe consequences. Developers should prioritize sanitizing inputs to `shell_exec` and ensuring all output is properly escaped.

Key Concerns

  • Dangerous function detected (shell_exec)
  • Moderate rate of unescaped output
  • No nonce checks (if AJAX existed)
Vulnerabilities
None known

AATI WP Finetuning Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AATI WP Finetuning Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

AATI WP Finetuning Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
2
4 escaped
Nonce Checks
0
Capability Checks
1
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

shell_exec$output = shell_exec('crontab -l');includes\admin\aatiwpf_cron.php:23

Output Escaping

67% escaped6 total outputs
Attack Surface

AATI WP Finetuning Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 26
actionplugins_loadedaati-wp-finetuning.php:45
actionadmin_noticesincludes\admin\aatiwpf_cron.php:35
actionadmin_noticesincludes\admin\aatiwpf_cron.php:50
actionadmin_noticesincludes\admin\aatiwpf_cron.php:61
actionadmin_noticesincludes\admin\aatiwpf_cron.php:65
actionadmin_noticesincludes\admin\aatiwpf_cron.php:72
actionadmin_menuincludes\admin\aatiwpf_settings.php:19
actionwp_login_failedincludes\shared\aatiwpf_anti-logon_f2b.php:7
filterwpcf7_before_send_mailincludes\shared\aatiwpf_anti-spam_cf7.php:21
actionwsf_action_tagincludes\shared\aatiwpf_anti-spam_wsform.php:8
filterwp_sitemaps_enabledincludes\shared\aatiwpf_core.php:7
filterwp_is_application_passwords_availableincludes\shared\aatiwpf_core.php:10
filterallow_major_auto_core_updatesincludes\shared\aatiwpf_core.php:12
filterxmlrpc_enabledincludes\shared\aatiwpf_core.php:16
actiontemplate_redirectincludes\shared\aatiwpf_core.php:40
filterrest_endpointsincludes\shared\aatiwpf_functions.php:29
actioninitincludes\shared\aatiwpf_functions.php:36
actioninitincludes\shared\aatiwpf_functions.php:65
actionadmin_initincludes\shared\aatiwpf_functions.php:79
filterlogin_headerurlincludes\shared\aatiwp_logon.php:12
filterlogin_headertextincludes\shared\aatiwp_logon.php:17
actionlogin_enqueue_scriptsincludes\shared\aatiwp_logon.php:21
actionlogin_enqueue_scriptsincludes\shared\aatiwp_logon.php:28
actionwp_logoutincludes\shared\aatiwp_logon.php:35
actioncustomize_registerincludes\shared\aatiwp_logon.php:43
actionlogin_enqueue_scriptsincludes\shared\aatiwp_logon.php:64
Maintenance & Trust

AATI WP Finetuning Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 17, 2024
PHP min version8.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

AATI WP Finetuning Alternatives

No alternatives data available yet.

Developer Profile

AATI WP Finetuning Developer Profile

jseutens

2 plugins · 60 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AATI WP Finetuning

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aati-wp-finetuning/assets/css/aatiwpf-admin.css/wp-content/plugins/aati-wp-finetuning/assets/js/aatiwpf-admin.js
Script Paths
/wp-content/plugins/aati-wp-finetuning/assets/js/aatiwpf-admin.js
Version Parameters
aati-wp-finetuning/assets/css/aatiwpf-admin.css?ver=aati-wp-finetuning/assets/js/aatiwpf-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-aatiwpf-cron-status
JS Globals
aatiwpf_admin_params
FAQ

Frequently Asked Questions about AATI WP Finetuning