CleanerPress Security & Risk Analysis
wordpress.org/plugins/cleanerpressEvery admin wants to have their website loaded as fast as possible.CleanerPress tries to give you some more control over what is outputted to the user
Is CleanerPress Safe to Use in 2026?
Generally Safe
Score 85/100CleanerPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The cleanerpress plugin version 2.0.1 presents a mixed security posture. On the positive side, it has a very small attack surface with only one AJAX handler and no REST API routes, shortcodes, or cron events. Crucially, this single entry point appears to have authentication checks, which is a good practice. Furthermore, there are no recorded vulnerabilities (CVEs) for this plugin, and the taint analysis shows no concerning flows, suggesting a generally safe code base.
However, there are several areas for concern. The presence of the `create_function` is a significant red flag, as it can be used in insecure ways and is deprecated. The static analysis also reveals that a substantial portion of SQL queries are not using prepared statements, increasing the risk of SQL injection. Additionally, a significant issue is the complete lack of proper output escaping, meaning any data outputted by the plugin is vulnerable to cross-site scripting (XSS) attacks. While the plugin has nonce and capability checks, their application needs to be tied to the identified risks.
Given the lack of historical vulnerabilities and the small attack surface, the immediate risk might seem low. However, the identified coding issues, particularly the unescaped output and raw SQL queries, introduce tangible vulnerabilities that could be exploited. The plugin exhibits a weakness in secure coding practices despite its clean vulnerability history and limited entry points.
Key Concerns
- Dangerous function create_function used
- High percentage of SQL queries not prepared
- No output escaping detected
CleanerPress Security Vulnerabilities
CleanerPress Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
CleanerPress Attack Surface
AJAX Handlers 1
WordPress Hooks 13
Maintenance & Trust
CleanerPress Maintenance & Trust
Maintenance Signals
Community Trust
CleanerPress Alternatives
Jetpack Boost – Website Speed, Performance and Critical CSS
jetpack-boost
Speed up your WordPress site with one-click optimizations like Page Cache, Critical CSS, and Image CDN to improve Core Web Vitals.
Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
hummingbird-performance
Optimize PageSpeed Performance & Core Web Vitals, Advanced Cache, Minify CSS & JavaScript, Inline Critical CSS, Defer CSS & JS, Smush & Lazy Load, CDN
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
clearfy
Optimize and tweak WordPress by disable unused features. Improve performance, SEO and security using Clearfy — super easy, fast and zero code.
All in one Minifier
all-in-one-minifier
Reduce your page load by minify your HTML source on page with all the CSS and JS code present in your page.
Merge + Minify + Refresh Clear Caches
merge-minify-refresh-clear-caches
This plugin clears other page caches/proxies when the Merge + Minify + Refresh cache is regenerated.
CleanerPress Developer Profile
4 plugins · 110 total installs
How We Detect CleanerPress
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cleanerpress/front/head.min.js/wp-content/arevico-css-cache//wp-content/plugins/cleanerpress/front/head.min.jsHTML / DOM Fingerprints
clean_press_plugin_doscripts_headjscpr_arev_optscripts_data