WP-Safety

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Security & Risk Analysis

wordpress.org/plugins/all-in-one-performance-accelerator

Find plugins that are slowing down your site. Create performance reports, Monitor, Optimize, Compress, and debug your site.

10 active installs v1.3 PHP 7.4+ WP 5.0+ Updated Jun 30, 2025
developeroptimizeperformanceprofilerspeed
78
B · Generally Safe
CVEs total2
Unpatched1
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is AIO Performance Profiler, Monitor, Optimize, Compress & Debug Safe to Use in 2026?

Mostly Safe

Score 78/100

AIO Performance Profiler, Monitor, Optimize, Compress & Debug is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Apr 1, 2025Updated 9mo ago
Risk Assessment

The All-in-One Performance Accelerator plugin exhibits a mixed security posture. On the positive side, it has a well-defined attack surface with all identified AJAX entry points secured by authorization checks. The majority of SQL queries are prepared, and there's a substantial number of capability checks, indicating an awareness of security best practices in these areas.

However, several concerning signals emerge from the static analysis. The presence of dangerous functions like `shell_exec`, `unserialize`, and `popen`, even if not directly exploitable in current taint flows, represents potential vectors for future vulnerabilities if not handled with extreme care. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, which is a noteworthy concern. Furthermore, the output escaping is only moderately effective at 62%, leaving room for cross-site scripting (XSS) vulnerabilities.

The vulnerability history is a significant red flag. With two known CVEs, one of which remains unpatched, and both being medium severity, it suggests a recurring pattern of security oversights. The historical vulnerability types, specifically "Exposure of Sensitive Information to an Unauthorized Actor" and "Missing Authorization," are critical weaknesses that need immediate attention. The last vulnerability being dated April 1st, 2025, indicates recent issues, further emphasizing the need for vigilance. While the plugin has strengths, the combination of dangerous functions, unsanitized paths, and a history of unpatched vulnerabilities points to a moderate to high-risk profile.

Key Concerns

  • Unpatched CVE
  • Flows with unsanitized paths
  • Dangerous functions present (shell_exec, unserialize, popen)
  • Output escaping only 62% properly
  • Bundled library (Guzzle)
  • Low nonce checks
Vulnerabilities
2

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-31788medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 - Unauthenticated Sensitive Information Exposure

Apr 1, 2025Unpatched
CVE-2025-22647medium · 4.3Missing Authorization

AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 - Missing Authorization

Feb 3, 2025 Patched in 1.3 (149d)
Code Analysis
Analyzed Mar 17, 2026

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Code Analysis

Dangerous Functions
13
Raw SQL Queries
36
134 prepared
Unescaped Output
104
167 escaped
Nonce Checks
3
Capability Checks
87
File Operations
93
External Requests
11
Bundled Libraries
1

Dangerous Functions Found

shell_exec$response = shell_exec( 'wmic cpu get LoadPercentage' );profiler\profiler.php:144
shell_exec$response = shell_exec( 'wmic memorychip get capacity' );profiler\profiler.php:162
shell_exec$response = shell_exec( 'awk \'/MemTotal/ { print $2 }\' /proc/meminfo' );profiler\profiler.php:167
shell_exec$response = shell_exec( 'wmic OS get FreePhysicalMemory /Value' );profiler\profiler.php:178
shell_exec$free = shell_exec( 'free' );profiler\profiler.php:186
shell_exec$free = shell_exec( 'free' );profiler\profiler.php:219
unserialize$add_page= unserialize($ex_page->current_page);reduce-code\asset-view.php:164
unserialize$add_page= unserialize($ex_page->current_page);reduce-code\asset-view.php:204
unserialize$dequeue_page = unserialize($dequeue_plugin->current_page);reduce-code\asset-view.php:287
unserialize$dequeue_page = unserialize($dequeue_plugin->current_page);reduce-code\asset-view.php:300
unserialize$array = unserialize($table->current_page);reduce-code\reduce-code.php:86
unserialize$array = unserialize($table->current_page);reduce-code\reduce-code.php:102
popen$io = popen ( '/usr/bin/du -sk ' . $directory, 'r' );siteinfo\siteinfo.php:518

Bundled Libraries

Guzzle

SQL Query Safety

79% prepared170 total queries

Output Escaping

62% escaped271 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

25 flows2 with unsanitized paths
get_tabs_and_page (Admin.php:263)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Attack Surface

Entry Points77
Unprotected0

AJAX Handlers 77

authwp_ajax_get_tabs_and_pageAdmin.php:237
authwp_ajax_save_preload_optionscachePreload\preload-cache.php:37
authwp_ajax_get_preload_optionscachePreload\preload-cache.php:38
authwp_ajax_get_preload_selected_tabcachePreload\preload-cache.php:39
authwp_ajax_save_cdn_optionscdn\enable-CDN.php:48
authwp_ajax_get_cdn_optionscdn\enable-CDN.php:49
authwp_ajax_smack_clear_cache_dashboardclasses\adminbarFunction.php:32
authwp_ajax_smack_preload_dashboardclasses\adminbarFunction.php:33
authwp_ajax_smack_purge_opcache_dashboardclasses\adminbarFunction.php:34
authwp_ajax_save_changescloudfare\cloudfare.php:82
authwp_ajax_save_changecloudfare\cloudfare.php:83
authwp_ajax_save_valuescloudfare\cloudfare.php:84
authwp_ajax_save_cloudflare_cache_optionscloudfare\cloudfare.php:85
authwp_ajax_save_database_optimization_optionsdatabase\database-optimization.php:37
authwp_ajax_get_database_optimization_optionsdatabase\database-optimization.php:38
authwp_ajax_get_data_selected_tabdatabase\database-optimization.php:39
authwp_ajax_get_orphan_tables_optionsdatabase\orphan-tables.php:39
authwp_ajax_get_orphan_view_listdatabase\orphan-tables.php:40
authwp_ajax_delete_orphan_listdatabase\orphan-tables.php:41
authwp_ajax_get_modified_tablesdatabase\orphan-tables.php:42
authwp_ajax_get_orphant_selected_tabdatabase\orphan-tables.php:43
authwp_ajax_get_sacn_resultdatabase-cleanup\database-cleanup.php:36
authwp_ajax_delete_single_tabledatabase-cleanup\database-cleanup.php:37
authwp_ajax_delete_all_tabledatabase-cleanup\database-cleanup.php:38
authwp_ajax_save_heart_beart_optionsheartbeat\control-heartbeat.php:41
authwp_ajax_get_heart_beart_optionsheartbeat\control-heartbeat.php:42
authwp_ajax_save_image_optimization_optionsimage-optimization\image-optimization.php:38
authwp_ajax_get_image_optimization_optionsimage-optimization\image-optimization.php:39
authwp_ajax_get_image_selected_tabimage-optimization\image-optimization.php:40
authwp_ajax_get_processed_image_optionsimage-optimization\image-optimization.php:41
authwp_ajax_get_maximum_image_sizeimage-optimization\image-optimization.php:42
authwp_ajax_save_advanced_rules_optionsincludes\browser-cache.php:72
authwp_ajax_get_advanced_rules_optionsincludes\browser-cache.php:73
authwp_ajax_get_advancerule_selected_tabincludes\browser-cache.php:74
authwp_ajax_save_cache_optionsincludes\clear-cache.php:70
authwp_ajax_get_cache_selected_tabincludes\clear-cache.php:71
authwp_ajax_get_cache_optionsincludes\clear-cache.php:72
authwp_ajax_save_media_optionslazyload\lazy-load.php:38
authwp_ajax_get_media_optionslazyload\lazy-load.php:39
authwp_ajax_delete_orphan_imageslazyload\lazy-load.php:40
authwp_ajax_delete_all_orphan_imageslazyload\lazy-load.php:41
authwp_ajax_get_page_countlazyload\lazy-load.php:42
authwp_ajax_get_media_selected_tablazyload\lazy-load.php:43
authwp_ajax_save_file_optimization_optionsminify\minify-css.php:105
authwp_ajax_get_file_optimization_optionsminify\minify-css.php:106
authwp_ajax_save_gzip_optionsminify\minify-css.php:107
authwp_ajax_get_file_selected_tabminify\minify-css.php:108
authwp_ajax_get_hardware_detailsprofiler\profiler.php:49
authwp_ajax_get_profile_selected_tabprofiler\profiler.php:50
authwp_ajax_get_display_urlprofiler\profiler.php:51
authwp_ajax_stop_scaningprofiler\profiler.php:52
authwp_ajax_get_latest_profileprofiler\profiler.php:53
authwp_ajax_send_Mail_Reportprofiler\profiler.php:54
authwp_ajax_send_Mailprofiler\profiler.php:55
authwp_ajax_get_history_detailsprofiler\profiler.php:56
authwp_ajax_clear_logprofiler\profiler.php:57
authwp_ajax_download_error_logprofiler\profiler.php:58
authwp_ajax_view_scan_detailsprofiler\profiler.php:59
authwp_ajax_delete_scan_detailsprofiler\profiler.php:60
authwp_ajax_delete_all_scan_detailsprofiler\profiler.php:61
authwp_ajax_set_debug_valueprofiler\profiler.php:62
authwp_ajax_set_query_displayQuery-moniter\query-info.php:47
authwp_ajax_get_query_selected_tabQuery-moniter\query-info.php:48
authwp_ajax_get_query_informationsQuery-moniter\query-moniter.php:41
authwp_ajax_get_collect_assetsreduce-code\reduce-code.php:38
authwp_ajax_dequeue_stylesreduce-code\reduce-code.php:39
authwp_ajax_get_asset_selected_tabreduce-code\reduce-code.php:40
authwp_ajax_get_site_status_detailssiteinfo\site-recommendations.php:44
authwp_ajax_get_sitestatus_selected_tabsiteinfo\site-recommendations.php:45
authwp_ajax_get_site_info_detailssiteinfo\siteinfo.php:39
authwp_ajax_get_siteinfo_selected_tabsiteinfo\siteinfo.php:40
authwp_ajax_get_json_detailstools\download-settings.php:40
authwp_ajax_send_json_filetools\download-settings.php:41
authwp_ajax_save_drop_optionstools\download-settings.php:42
authwp_ajax_get_drop_optionstools\download-settings.php:43
authwp_ajax_get_optimized_detailstools\download-settings.php:44
authwp_ajax_get_tools_selected_tabtools\download-settings.php:45
WordPress Hooks 128
actioninitAdmin.php:102
actionadmin_enqueue_scriptsAdmin.php:134
filterheartbeat_settingsAdmin.php:135
actionadmin_initAdmin.php:151
actionadmin_menuAdmin.php:224
actionwp_enqueue_scriptsAdmin.php:225
actionadmin_enqueue_scriptsAdmin.php:226
actioninitAdmin.php:227
actionadmin_bar_menuAdmin.php:229
actionadmin_post_clear_cache_allAdmin.php:231
actionadmin_post_smack_preloadAdmin.php:232
actionadmin_post_smack_purge_opcacheAdmin.php:233
actionadmin_post_smack_stop_preloadAdmin.php:234
actionadmin_post_smack_cloudflare_cacheAdmin.php:235
actionadmin_noticesAdmin.php:236
actionplugins_loadedall-in-one-performance-accelerator.php:36
actionplugins_loadedall-in-one-performance-accelerator.php:43
filterwp_handle_uploadall-in-one-performance-accelerator.php:56
filtercron_schedulesall-in-one-performance-accelerator.php:179
actionprofile_enhancer_schedule_hookall-in-one-performance-accelerator.php:205
actionsmack_preload_schedule_eventall-in-one-performance-accelerator.php:206
actionsmack_cache_schedule_eventall-in-one-performance-accelerator.php:207
actioninitcdn\enable-CDN.php:28
actionwp_headcdn\enable-CDN.php:29
actioninitcdn\enable-CDN.php:31
actiontemplate_redirectcdn\enable-CDN.php:33
filterhome_urlclasses\adminbarFunction.php:599
actionwp_footerclasses\delay_js.php:23
actioninitclasses\disable-embeds.php:26
actioninitclasses\disable-embeds.php:27
filterembed_oembed_discoverclasses\disable-embeds.php:58
filterrest_endpointsclasses\disable-embeds.php:61
filterrewrite_rules_arrayclasses\disable-embeds.php:64
actionwp_default_scriptsclasses\disable-embeds.php:67
filtertiny_mce_pluginsclasses\disable-embeds.php:70
filteroembed_response_dataclasses\disable-embeds.php:75
actioninitclasses\disable-emoji.php:24
filtertiny_mce_pluginsclasses\disable-emoji.php:25
filteremoji_svg_urlclasses\disable-emoji.php:50
actionwp_enqueue_scriptsclasses\disable-googlefonts.php:26
actionwp_print_stylesclasses\disable-googlefonts.php:27
filterelementor/frontend/print_google_fontsclasses\disable-googlefonts.php:32
actionadmin_initclasses\Gzip-compression.php:30
filtersmack_optimize_css_individual_stylecombine\combineCSS\combineCSS.php:46
filtersmack_optimize_css_after_minifycombine\combineCSS\combineCSS.php:47
filtersmack_optimize_js_individual_scriptcombine\combineJS\combineJS.php:106
filtersmack_optimize_js_after_minifycombine\combineJS\combineJS.php:107
actionwp_loadedcombine\enhancerBase.php:18
actionadmin_enqueue_scriptscombine\enhancerBase.php:143
actionwp_enqueue_scriptscombine\enhancerBase.php:145
actionadmin_bar_menucombine\enhancerBase.php:149
actionshutdowncombine\enhancerCache.php:415
actionsmack_optimize_action_cachepurgedcombine\enhancerCache.php:416
actionheartbeat_settingsheartbeat\control-heartbeat.php:23
filterheartbeat_settingsheartbeat\control-heartbeat.php:25
filterwp_get_attachment_urlimage-optimization\image-optimization.php:43
filterimage_strip_metaimage-optimization\image-optimization.php:510
actionadmin_noticesincludes\browser-cache.php:174
actionadmin_noticesincludes\browser-cache.php:177
actionactivated_pluginincludes\clear-cache.php:39
actiondeactivated_pluginincludes\clear-cache.php:40
actionpre_comment_approvedincludes\clear-cache.php:43
actionsave_postincludes\clear-cache.php:46
actionadmin_noticesincludes\clear-cache.php:76
actioninitincludes\smack_cache_enhancer.php:43
actioninitincludes\smack_cache_enhancer.php:44
actioninitincludes\smack_cache_enhancer.php:45
actioninitincludes\smack_cache_enhancer.php:46
actionpermalink_structure_changedincludes\smack_cache_enhancer.php:50
actionadd_option_cache_enablerincludes\smack_cache_enhancer.php:51
actionupdate_option_cache_enablerincludes\smack_cache_enhancer.php:52
actionce_clear_post_cacheincludes\smack_cache_enhancer.php:55
actionce_clear_cacheincludes\smack_cache_enhancer.php:56
action_core_updated_successfullyincludes\smack_cache_enhancer.php:57
actionupgrader_process_completeincludes\smack_cache_enhancer.php:58
actionswitch_themeincludes\smack_cache_enhancer.php:59
actionactivated_pluginincludes\smack_cache_enhancer.php:60
actiondeactivated_pluginincludes\smack_cache_enhancer.php:61
actionsave_postincludes\smack_cache_enhancer.php:62
actionpost_updatedincludes\smack_cache_enhancer.php:63
actionwp_trash_postincludes\smack_cache_enhancer.php:64
actiontransition_post_statusincludes\smack_cache_enhancer.php:65
actionpre_comment_approvedincludes\smack_cache_enhancer.php:66
actionpermalink_structure_changedincludes\smack_cache_enhancer.php:67
actionautoptimize_action_cachepurgedincludes\smack_cache_enhancer.php:69
actionadmin_bar_menuincludes\smack_cache_enhancer.php:75
actionwp_initialize_siteincludes\smack_cache_enhancer.php:80
actionwp_uninitialize_siteincludes\smack_cache_enhancer.php:81
actionadmin_initincludes\smack_cache_enhancer.php:83
actiontransition_comment_statusincludes\smack_cache_enhancer.php:85
actioncomment_postincludes\smack_cache_enhancer.php:86
actionedit_commentincludes\smack_cache_enhancer.php:87
filterdashboard_glance_itemsincludes\smack_cache_enhancer.php:89
actionadmin_noticesincludes\smack_cache_enhancer.php:92
actionadmin_noticesincludes\smack_cache_enhancer.php:93
actionnetwork_admin_noticesincludes\smack_cache_enhancer.php:94
filterstyle_loader_tagminify\minify-css.php:30
filterstyle_loader_tagminify\minify-css.php:34
filterscript_loader_tagminify\minify-css.php:37
filterscript_loader_srcminify\minify-css.php:41
filterstyle_loader_srcminify\minify-css.php:42
filterscript_loader_tagminify\minify-js.php:29
filterget_terms_orderbyprofiler\profiler.php:251
actioninitQuery-moniter\Backtrace.php:337
actionwp_after_admin_bar_renderQuery-moniter\query-info.php:52
actioninitQuery-moniter\query-moniter.php:51
filterwp_xmlrpc_server_classQuery-moniter\query-moniter.php:54
filterrest_send_nocache_headersQuery-moniter\query-moniter.php:55
actionadmin_initQuery-moniter\query-moniter.php:91
actionadmin_footerQuery-moniter\query-moniter.php:93
actionwp_loadedQuery-moniter\query-moniter.php:96
actionwp_footerQuery-moniter\query-moniter.php:98
actionplugins_loadedQuery-moniter\query-moniter.php:690
actioninitreduce-code\asset-view.php:37
actionwp_print_scriptsreduce-code\asset-view.php:41
filterscript_loader_srcreduce-code\asset-view.php:42
filterstyle_loader_srcreduce-code\asset-view.php:43
actionplugins_loadedreduce-code\asset-view.php:317
actionpre_http_requestsiteinfo\checkupdates-status.php:119
actionpre_http_requestsiteinfo\checkupdates-status.php:120
actionhttp_request_argssiteinfo\checkupdates-status.php:147
actionhttp_request_argssiteinfo\checkupdates-status.php:148
actionpre_http_requestsiteinfo\checkupdates-status.php:149
actionpre_http_requestsiteinfo\checkupdates-status.php:293
actionpre_http_requestsiteinfo\checkupdates-status.php:294
actionhttp_request_argssiteinfo\checkupdates-status.php:321
actionhttp_request_argssiteinfo\checkupdates-status.php:322
actionpre_http_requestsiteinfo\checkupdates-status.php:323

Scheduled Events 3

smack_preload_schedule_event
profile_enhancer_schedule_hook
smack_cache_schedule_event
Maintenance & Trust

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 30, 2025
PHP min version7.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Alternatives

Profiling Tool For WP

Profiling Tool For WP

profiling-tool-for-wp

A
100

A plugin for testing the performance of the themes, plugins and scripts of your Wordpress site.

40 No CVEs
LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

B
82

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
W3 Total Cache

W3 Total Cache

w3-total-cache

B
75

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 28 CVEs
Developer Profile

AIO Performance Profiler, Monitor, Optimize, Compress & Debug Developer Profile

Smackcoders Inc.,

20 plugins · 40K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
958 days
View full developer profile
Detection Fingerprints

How We Detect AIO Performance Profiler, Monitor, Optimize, Compress & Debug

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/all-in-one-performance-accelerator/minify/minify-css.php/wp-content/plugins/all-in-one-performance-accelerator/minify/minify-js.php/wp-content/plugins/all-in-one-performance-accelerator/database/database-optimization.php/wp-content/plugins/all-in-one-performance-accelerator/heartbeat/control-heartbeat.php/wp-content/plugins/all-in-one-performance-accelerator/classes/disable-embeds.php/wp-content/plugins/all-in-one-performance-accelerator/classes/disable-emoji.php/wp-content/plugins/all-in-one-performance-accelerator/lazyload/lazy-load.php/wp-content/plugins/all-in-one-performance-accelerator/classes/Gzip-compression.php+17 more

HTML / DOM Fingerprints

JS Globals
window.smack_aioacc_helper
FAQ

Frequently Asked Questions about AIO Performance Profiler, Monitor, Optimize, Compress & Debug