Does Code Unloader have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Code Unloader compatible with WordPress 6.9.4?

According to WordPress.org data, Code Unloader 1.4.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Code Unloader compatible with PHP 8.0+?

Code Unloader requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Code Unloader updated?

Code Unloader was last updated on Apr 10, 2026. Frequent updates are generally a positive security signal.

What is Code Unloader's security score?

Code Unloader has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Code Unloader Security & Risk Analysis

wordpress.org/plugins/code-unloader

Per-page JavaScript & CSS asset management. Surgically dequeue scripts and styles on any page using exact, wildcard, or regex URL rules.

0 active installs v1.4.2 PHP 8.0+ WP 6.2+ Updated Apr 10, 2026

assetsdequeueperformancescriptsstyles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Code Unloader Safe to Use in 2026?

Generally Safe

Score 100/100

Code Unloader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'code-unloader' plugin v1.4.2 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs, a lack of critical or high-severity issues in the taint analysis, and the use of prepared statements for all SQL queries are significant strengths. The plugin also demonstrates good practices in implementing nonce and capability checks, as well as a high percentage of properly escaped output.

However, there are minor concerns. The presence of the 'ini_set' dangerous function warrants attention, as it could potentially be misused if not handled carefully within the plugin's logic. While the taint analysis did not reveal critical or high severity issues, a single flow with unsanitized paths, even if of lower severity, indicates a potential area for improvement in input validation. The absence of any attack surface points like AJAX handlers, REST API routes, or shortcodes is a positive sign, suggesting the plugin is not designed to be broadly interactive in ways that typically introduce vulnerabilities.

In conclusion, 'code-unloader' v1.4.2 appears to be a relatively secure plugin. The developers have implemented many security best practices. The few identified weaknesses are minor and do not suggest immediate critical threats, but they should be addressed to further harden the plugin's security. The clean vulnerability history further bolsters confidence in its current state.

Key Concerns

Dangerous function usage (ini_set)
Flow with unsanitized paths

Vulnerabilities

None known

Code Unloader Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Code Unloader Release Timeline

v1.4.2Current

v1.4.1

Code Analysis

Analyzed Apr 16, 2026

Code Unloader Code Analysis

Dangerous Functions

Raw SQL Queries

44 prepared

Unescaped Output

109 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

ini_setini_set( 'pcre.backtrack_limit', '100000' );src/Core/PatternMatcher.php:46

ini_setini_set( 'pcre.backtrack_limit', (string) $prev_limit );src/Core/PatternMatcher.php:54

SQL Query Safety

100% prepared44 total queries

Output Escaping

92% escaped118 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

render_rules_tab (src/Admin/AdminScreen.php:380)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Code Unloader Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

actionplugins_loadedcode-unloader.php:51

actionadmin_menusrc/Admin/AdminScreen.php:18

actionadmin_enqueue_scriptssrc/Admin/AdminScreen.php:19

actionadmin_initsrc/Admin/AdminScreen.php:20

actionadmin_noticessrc/Admin/AdminScreen.php:21

actioncurrent_screensrc/Admin/AdminScreen.php:22

filterset_screen_option_cdunloader_rules_per_pagesrc/Admin/AdminScreen.php:25

actionadmin_footersrc/Admin/AdminScreen.php:592

filtercloudflare_purge_everything_actionssrc/Core/CachePurger.php:187

actionwp_enqueue_scriptssrc/Core/DequeueEngine.php:14

actionwp_headsrc/Core/InlineBlocker.php:38

actionwp_headsrc/Core/InlineBlocker.php:39

actionwp_footersrc/Core/InlineBlocker.php:40

actionwp_footersrc/Core/InlineBlocker.php:41

actionadmin_bar_menusrc/Frontend/FrontendPanel.php:31

actionwp_headsrc/Frontend/FrontendPanel.php:36

actionwp_headsrc/Frontend/FrontendPanel.php:37

actionwp_enqueue_scriptssrc/Frontend/FrontendPanel.php:38

actionwp_footersrc/Frontend/FrontendPanel.php:39

actionrest_api_initsrc/Plugin.php:28

Maintenance & Trust

Code Unloader Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 10, 2026

PHP min version8.0

Downloads235

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Code Unloader Alternatives

Scripts and Styles Manager

scripts-and-styles-manager

Easily manage the scripts and styles loaded on your WordPress pages to improve performance by toggling off unnecessary assets.

0 No CVEs

Encute

encute

Fluent API for site owners to manipulate the scripts and styles on the frontend of their site.

20 No CVEs

Booster Sweeper: WordPress Asset Cleanup

booster-sweeper

100

Boost the Website speed by sweeping assets your pages do not need!

10 No CVEs

LH Dequeue Buddypress

lh-dequeue-buddypress

Dequeue the scripts and styles that buddypress adds for non logged in users.

0 No CVEs

LH Dequeue the Event Calendar

lh-dequeue-the-event-calendar

Restrict the scripts and styles that the Event Calendar adds to your site.

0 No CVEs

Developer Profile

Code Unloader Developer Profile

Dalibor

2 plugins · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Code Unloader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/code-unloader/assets/css/admin.css/wp-content/plugins/code-unloader/assets/js/admin.js

Script Paths

/wp-content/plugins/code-unloader/assets/js/admin.js

Version Parameters

code-unloader/assets/css/admin.css?ver=code-unloader/assets/js/admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-cdunloader-script-list-item-id

JS Globals

CDUNLOADER_ADMIN

REST Endpoints

/wp-json/code-unloader/v1

FAQ

Code Unloader Security & Risk Analysis

Is Code Unloader Safe to Use in 2026?

Generally Safe

Key Concerns

Code Unloader Security Vulnerabilities

Code Unloader Release Timeline

Code Unloader Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Code Unloader Attack Surface

Code Unloader Maintenance & Trust

Maintenance Signals

Community Trust

Code Unloader Alternatives

Scripts and Styles Manager

Encute

Booster Sweeper: WordPress Asset Cleanup

LH Dequeue Buddypress

LH Dequeue the Event Calendar

Code Unloader Developer Profile

How We Detect Code Unloader

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Code Unloader