WP-Safety

Content Performance Analyzer Security & Risk Analysis

wordpress.org/plugins/content-performance-analyzer

Content Performance Analyzer: The all-in-one plugin for SEO, analytics, and AI-powered content improvement.

0 active installs v1.0.1 PHP 7.4+ WP 6.2+ Updated Apr 9, 2026
aianalyticscontentperformanceseo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Content Performance Analyzer Safe to Use in 2026?

Generally Safe

Score 100/100

Content Performance Analyzer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'content-performance-analyzer' v1.0.1 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent practices in output escaping, utilizing prepared statements for nearly all SQL queries, and implementing a significant number of nonce and capability checks. The absence of known CVEs and a clean vulnerability history further bolster this positive assessment.

However, there are specific areas for concern. The presence of dangerous functions like `set_time_limit` and `ini_set` can, in certain contexts, introduce risks if not handled with extreme care, though their specific usage here isn't detailed. More critically, the taint analysis identified one flow with unsanitized paths, categorized as high severity. While no critical taint flows were found, this high-severity issue represents a direct potential pathway for malicious input to be processed in an unsafe manner, which warrants attention.

In conclusion, the plugin is built on a foundation of good security practices, particularly in data handling and access control. The identified taint flow with unsanitized paths is the primary security weakness that needs to be addressed. The use of bundled libraries like Guzzle, while not inherently a vulnerability, implies a dependency that should be monitored for updates and security advisories, though no specific issues were flagged here. Overall, the plugin is relatively secure, but the high-severity taint flow is a notable risk.

Key Concerns

  • High severity taint flow with unsanitized paths
  • Usage of dangerous functions (set_time_limit, ini_set)
Vulnerabilities
None known

Content Performance Analyzer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Content Performance Analyzer Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Content Performance Analyzer Code Analysis

Dangerous Functions
6
Raw SQL Queries
1
108 prepared
Unescaped Output
2
536 escaped
Nonce Checks
35
Capability Checks
39
File Operations
6
External Requests
11
Bundled Libraries
1

Dangerous Functions Found

set_time_limit@set_time_limit( $time_limit );includes/class-cpa-batch-processor.php:58
ini_set@ini_set( 'max_execution_time', (string) $time_limit );includes/class-cpa-batch-processor.php:64
ini_set@ini_set( 'memory_limit', $memory_limit );includes/class-cpa-batch-processor.php:66
set_time_limit@set_time_limit( $time_limit );includes/class-cpa-data-collector.php:70
ini_set@ini_set( 'max_execution_time', (string) $time_limit );includes/class-cpa-data-collector.php:76
ini_set@ini_set( 'memory_limit', $memory_limit );includes/class-cpa-data-collector.php:78

Bundled Libraries

Guzzle

SQL Query Safety

99% prepared109 total queries

Output Escaping

100% escaped538 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
handle_url_upload (includes/class-cpa-admin.php:299)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Content Performance Analyzer Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 30

authwp_ajax_cpanalyzer_retry_missing_aiincludes/class-cpa-admin.php:73
authwp_ajax_cpanalyzer_rescan_all_urlsincludes/class-cpa-admin.php:74
authwp_ajax_cpanalyzer_sync_batch_dataincludes/class-cpa-admin.php:75
authwp_ajax_cpanalyzer_force_restart_processingincludes/class-cpa-admin.php:76
authwp_ajax_cpanalyzer_reset_all_dataincludes/class-cpa-admin.php:77
authwp_ajax_cpanalyzer_test_google_connectionincludes/class-cpa-admin.php:78
authwp_ajax_cpanalyzer_trigger_data_collectionincludes/class-cpa-admin.php:79
authwp_ajax_cpanalyzer_validate_psi_keyincludes/class-cpa-admin.php:80
authwp_ajax_cpanalyzer_test_psi_apiincludes/class-cpa-admin.php:81
authwp_ajax_cpanalyzer_inject_test_psiincludes/class-cpa-admin.php:82
authwp_ajax_cpanalyzer_check_statusincludes/class-cpa-admin.php:83
authwp_ajax_cpanalyzer_reprocess_one_urlincludes/class-cpa-admin.php:84
authwp_ajax_cpanalyzer_start_batch_processincludes/class-cpa-admin.php:109
authwp_ajax_cpanalyzer_get_batch_statusincludes/class-cpa-admin.php:110
authwp_ajax_cpanalyzer_retry_failed_urlincludes/class-cpa-admin.php:111
authwp_ajax_cpanalyzer_cancel_batchincludes/class-cpa-admin.php:112
authwp_ajax_cpanalyzer_start_batch_processincludes/class-cpa-batch-processor.php:105
authwp_ajax_cpanalyzer_get_batch_statusincludes/class-cpa-batch-processor.php:106
authwp_ajax_cpanalyzer_retry_failed_urlincludes/class-cpa-batch-processor.php:107
authwp_ajax_cpanalyzer_cancel_batchincludes/class-cpa-batch-processor.php:108
authwp_ajax_cpanalyzer_get_interlink_suggestionsincludes/class-cpa-interlinking.php:21
authwp_ajax_cpanalyzer_apply_interlinksincludes/class-cpa-interlinking.php:22
authwp_ajax_cpanalyzer_analyze_internal_linksincludes/class-cpa-internal-links.php:27
authwp_ajax_cpanalyzer_get_link_analysis_statusincludes/class-cpa-internal-links.php:28
authwp_ajax_cpanalyzer_trigger_link_analysisincludes/class-cpa-internal-links.php:29
authwp_ajax_cpanalyzer_debug_cronincludes/class-cpa-internal-links.php:30
authwp_ajax_cpanalyzer_reset_link_analysisincludes/class-cpa-internal-links.php:31
authwp_ajax_cpanalyzer_apply_internal_linksincludes/class-cpa-internal-links.php:34
authwp_ajax_cpanalyzer_apply_single_internal_linkincludes/class-cpa-internal-links.php:35
authwp_ajax_cpanalyzer_remove_suggestionincludes/class-cpa-internal-links.php:38
WordPress Hooks 23
actionplugins_loadedcontent-performance-analyzer.php:51
actionadmin_menuincludes/class-cpa-admin.php:69
actionadmin_initincludes/class-cpa-admin.php:70
actionadmin_initincludes/class-cpa-admin.php:71
actionadmin_initincludes/class-cpa-admin.php:72
actionadmin_enqueue_scriptsincludes/class-cpa-admin.php:85
actionadmin_initincludes/class-cpa-admin.php:91
actionadmin_initincludes/class-cpa-admin.php:94
actionadmin_initincludes/class-cpa-admin.php:97
actioncpanalyzer_batch_processincludes/class-cpa-batch-processor.php:102
actioncpanalyzer_off_peak_scanincludes/class-cpa-batch-processor.php:103
filtercron_schedulesincludes/class-cpa-batch-processor.php:104
actioninitincludes/class-cpa-core.php:52
actioninitincludes/class-cpa-core.php:55
actionadmin_initincludes/class-cpa-core.php:58
actionadmin_initincludes/class-cpa-core.php:61
filtercron_schedulesincludes/class-cpa-core.php:64
actioncpanalyzer_cleanup_stuck_processesincludes/class-cpa-core.php:164
actioncpanalyzer_process_link_analysisincludes/class-cpa-core.php:167
actioncpanalyzer_daily_refreshincludes/class-cpa-data-collector.php:45
actioncpanalyzer_background_content_analysisincludes/class-cpa-data-collector.php:46
actionadmin_enqueue_scriptsincludes/class-cpa-internal-links.php:41
actionadmin_noticesincludes/class-cpa-upgrade-notices.php:45

Scheduled Events 17

cpanalyzer_batch_process
cpanalyzer_daily_refresh
cpanalyzer_batch_process
cpanalyzer_daily_refresh
cpanalyzer_batch_process
cpanalyzer_batch_process
cpanalyzer_batch_process
cpanalyzer_batch_process
cpanalyzer_cleanup_stuck_processes
cpanalyzer_daily_refresh
cpanalyzer_off_peak_scan
cpanalyzer_daily_refresh
cpanalyzer_daily_refresh
cpanalyzer_background_content_analysis
cpanalyzer_background_content_analysis
cpanalyzer_process_link_analysis
cpanalyzer_process_link_analysis
Maintenance & Trust

Content Performance Analyzer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 9, 2026
PHP min version7.4
Downloads100

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Content Performance Analyzer Alternatives

Repivot

Repivot

repivot

A
100

Win back lost rankings. AI-powered content analysis to find gaps in quality, brand voice, and AI reach — right inside WordPress.

0 No CVEs
GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

getgenie

A
95

GPT-4o powered AI content writer with 37+ templates, chatbot, AI image, NLP keyword research, SEO analysis for WordPress, Gutenberg & Elementor.

80K 4 CVEs
AIKTP

AIKTP

aiktp

A
99

AI-powered content automation. Generate SEO-optimized articles and WooCommerce product descriptions with bulk generation support.

3K 1 CVE
Lazy Load Control For Elementor – Remove the Lazy Load attribute from specific images in Elementor

Lazy Load Control For Elementor – Remove the Lazy Load attribute from specific images in Elementor

lazy-load-control-for-elementor

A
100

Remove the Lazy Load attribute from specific images in Elementor.

3K No CVEs
Semrush Content Toolkit

Semrush Content Toolkit

semrush-contentshake

A
99

Create SEO-friendly content that brings traffic.

2K 1 CVE
Developer Profile

Content Performance Analyzer Developer Profile

Wajahat Mubashir

4 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Content Performance Analyzer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-performance-analyzer/assets/css/admin-style.css/wp-content/plugins/content-performance-analyzer/assets/css/vendor/select2.min.css/wp-content/plugins/content-performance-analyzer/assets/js/admin-script.js/wp-content/plugins/content-performance-analyzer/assets/js/vendor/select2.full.min.js/wp-content/plugins/content-performance-analyzer/assets/js/vendor/jquery.easy-autocomplete.min.js/wp-content/plugins/content-performance-analyzer/assets/js/vendor/chart.min.js/wp-content/plugins/content-performance-analyzer/assets/js/vendor/moment.min.js/wp-content/plugins/content-performance-analyzer/assets/js/vendor/daterangepicker.min.js+8 more
Script Paths
/wp-content/plugins/content-performance-analyzer/assets/js/admin-script.js
Version Parameters
content-performance-analyzer/assets/css/admin-style.css?ver=content-performance-analyzer/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
cpa-section-titlecpa-sync-buttoncpa-status-indicatorcpa-progress-barcpa-sync-loadercpa-url-inputcpa-settings-sectioncpa-input-group+11 more
HTML Comments
<!-- Content Performance Analyzer Settings Page --><!-- Start Content Performance Analyzer Settings --><!-- End Content Performance Analyzer Settings --><!-- Content Performance Analyzer Insights Page -->+3 more
Data Attributes
data-cpa-actiondata-cpa-noncedata-cpa-url-iddata-cpa-url-valuedata-cpa-sync-typedata-cpa-batch-id+4 more
JS Globals
cpanalyzer_admin_ajax_objcpanalyzer_dashboard_chart_datacpanalyzer_date_range_picker_options
REST Endpoints
/wp-json/cpanalyzer/v1/sync-batch-data/wp-json/cpanalyzer/v1/retry-missing-ai/wp-json/cpanalyzer/v1/rescan-all-urls/wp-json/cpanalyzer/v1/force-restart-processing/wp-json/cpanalyzer/v1/reset-all-data/wp-json/cpanalyzer/v1/validate-psi-key/wp-json/cpanalyzer/v1/test-psi-api/wp-json/cpanalyzer/v1/trigger-data-collection/wp-json/cpanalyzer/v1/reprocess-one-url
FAQ

Frequently Asked Questions about Content Performance Analyzer