All in one Minifier Security & Risk Analysis
wordpress.org/plugins/all-in-one-minifierReduce your page load by minify your HTML source on page with all the CSS and JS code present in your page.
Is All in one Minifier Safe to Use in 2026?
Mostly Safe
Score 76/100All in one Minifier is generally safe to use. 1 past CVE were resolved. Keep it updated.
The all-in-one-minifier v3.3 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping and a relatively low number of SQL queries without prepared statements, there are significant concerns stemming from its vulnerability history and taint analysis. The presence of an unpatched high-severity CVE, specifically an SQL injection vulnerability, is a major red flag. This indicates a recurring or persistent security weakness that has not been adequately addressed. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, suggesting potential avenues for malicious input to be processed without proper sanitization, which could lead to security breaches, especially when combined with SQL operations. The absence of any capability checks on its entry points, although the attack surface is reported as zero, is a weakness that could become a concern if future versions introduce new entry points without proper authorization checks. Overall, while the plugin has strengths in code hygiene for output, the unpatched SQL injection vulnerability and the high-severity taint flows present a substantial risk that requires immediate attention.
Key Concerns
- Unpatched high severity CVE (SQL Injection)
- High severity taint flows with unsanitized paths
- No capability checks on entry points
- SQL queries without prepared statements
All in one Minifier Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
All in one Minifier <= 3.2 - Unauthenticated SQL Injection
All in one Minifier Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
All in one Minifier Attack Surface
WordPress Hooks 8
Maintenance & Trust
All in one Minifier Maintenance & Trust
Maintenance Signals
Community Trust
All in one Minifier Alternatives
LWS Optimize – All-in-One Speed Booster & Cache Tools
lws-optimize
All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!
Mega Addons For WPBakery Page Builder
mega-addons-for-visual-composer
34+ Addons WPBakery extension, Beautifully designed unique elements, Includes Premium quality addons For WPBakery Page Builder.
Foxtool All-in-One: Contact chat button, Custom login, Media optimize images
foxtool
Summarize the essential functions for managing a WordPress website
Cart All In One For WooCommerce
woo-cart-all-in-one
Cart All In One For WooCommerce helps your customers view cart effortlessly.
All-in-one contact buttons – WPSHARE247
all-in-one-contact-buttons-wpshare247
Floating click to contact buttons All-In-One Tạo nút liên hệ gôm tất cả vào trong một nút duy nhất bao gồm: số hotline, zalo, facebook, messenger, ema …
All in one Minifier Developer Profile
4 plugins · 130 total installs
How We Detect All in one Minifier
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/all-in-one-minifier/assets/images/icons/logo.svg/wp-content/plugins/all-in-one-minifier/assets/js/admin/script.js/wp-content/plugins/all-in-one-minifier/assets/js/minifier.jsall-in-one-minifier/assets/js/admin/script.js?ver=all-in-one-minifier/assets/css/admin/style.css?ver=all-in-one-minifier/assets/js/minifier.js?ver=HTML / DOM Fingerprints
alone-disabled-optionsalone-disabledaloneProgress<!-- The core plugin class that is used to define internationalization
* admin-specific hooks and public-facing site hooks --><!-- Prevent file to be called directly --><!-- Begins execution of the plugin --><!-- Plugin Name: All in one Minifier -->+12 moreid="all-in-one-minifier-inline-script"id="all-in-one-minifier-inline-style"allPostData_buildCache_runCache