Code Profiler – WordPress Performance Profiling and Debugging Made Easy Security & Risk Analysis
wordpress.org/plugins/code-profilerA profiler to measure the performance of your WordPress plugins and themes.
Is Code Profiler – WordPress Performance Profiling and Debugging Made Easy Safe to Use in 2026?
Generally Safe
Score 100/100Code Profiler – WordPress Performance Profiling and Debugging Made Easy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The code-profiler plugin v1.9 exhibits a generally good security posture based on the static analysis. The plugin demonstrates strong practices by having no identified AJAX handlers, REST API routes, shortcodes, or cron events, significantly limiting its attack surface. Furthermore, all identified SQL queries utilize prepared statements, and capability checks are in place for the limited code operations. The absence of any recorded vulnerabilities or CVEs in its history is also a positive indicator.
However, there are minor areas for improvement. The output escaping is only 50% properly handled, meaning half of the plugin's outputs are not sanitized, presenting a potential risk for cross-site scripting (XSS) vulnerabilities if sensitive data is handled without proper sanitization. The complete lack of nonce checks, while not directly tied to an exposed entry point in this analysis, is a general security best practice that is missing. The taint analysis showing zero flows is positive, but this could also be due to the limited scope or complexity of the analyzed code.
Key Concerns
- 50% of outputs are not properly escaped
- No nonce checks implemented
Code Profiler – WordPress Performance Profiling and Debugging Made Easy Security Vulnerabilities
Code Profiler – WordPress Performance Profiling and Debugging Made Easy Code Analysis
SQL Query Safety
Output Escaping
Code Profiler – WordPress Performance Profiling and Debugging Made Easy Attack Surface
WordPress Hooks 2
Maintenance & Trust
Code Profiler – WordPress Performance Profiling and Debugging Made Easy Maintenance & Trust
Maintenance Signals
Community Trust
Code Profiler – WordPress Performance Profiling and Debugging Made Easy Alternatives
Profiling Tool For WP
profiling-tool-for-wp
A plugin for testing the performance of the themes, plugins and scripts of your Wordpress site.
AIO Performance Profiler, Monitor, Optimize, Compress & Debug
all-in-one-performance-accelerator
Find plugins that are slowing down your site. Create performance reports, Monitor, Optimize, Compress, and debug your site.
Speedix
speedix
Pinpoint exactly which plugins and hooks slow your site. Real-time PHP profiling with visual dashboard, health scores, and zero guesswork.
Checkout Profiler for WooCommerce
checkout-profiler-for-woocommerce
Wondering whether your WooCommerce checkout is slow? This plugin will tell you.
LiteSpeed Cache
litespeed-cache
All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...
Code Profiler – WordPress Performance Profiling and Debugging Made Easy Developer Profile
3 plugins · 11K total installs
How We Detect Code Profiler – WordPress Performance Profiling and Debugging Made Easy
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/code-profiler/static/code-profiler.css/wp-content/plugins/code-profiler/static/code-profiler.js/wp-content/plugins/code-profiler/static/vendor/chart.min.js/wp-content/plugins/code-profiler/static/vendor/jquery.tipTip.jsstatic/code-profiler.jsstatic/vendor/jquery.tipTip.jsstatic/vendor/chart.min.jscode-profiler/static/code-profiler.css?ver=code-profiler/static/code-profiler.js?ver=code-profiler/static/vendor/chart.min.js?ver=code-profiler/static/vendor/jquery.tipTip.js?ver=HTML / DOM Fingerprints
<!-- (c) Jerome Bruandet ~ https://nintechnet.com/codeprofiler/ -->code_profiler_i18n