Does Core Feature Control have any unpatched vulnerabilities?

No. All known vulnerabilities in Core Feature Control have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Core Feature Control compatible with WordPress 6.8.5?

According to WordPress.org data, Core Feature Control 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Core Feature Control compatible with PHP 7.4+?

Core Feature Control requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Core Feature Control updated?

Core Feature Control was last updated on Sep 29, 2025. Frequent updates are generally a positive security signal.

What is Core Feature Control's security score?

Core Feature Control has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Core Feature Control Security & Risk Analysis

wordpress.org/plugins/core-feature-control

Take control of your site. Disable unnecessary WordPress core functions to boost security, improve performance, and clean up your admin dashboard.

50 active installs v1.0 PHP 7.4+ WP 6.2+ Updated Sep 29, 2025

admin-dashboardcore-controldisabledisable-core-featurerest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Core Feature Control Safe to Use in 2026?

Generally Safe

Score 100/100

Core Feature Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The 'core-feature-control' plugin v1.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface entry points, dangerous functions, direct SQL queries, file operations, or external HTTP requests is a significant positive indicator. The code signals also show that all identified outputs are properly escaped, which helps prevent cross-site scripting (XSS) vulnerabilities.

Taint analysis reveals no concerning flows, further reinforcing the impression of a secure codebase. The plugin's vulnerability history is also clean, with no recorded CVEs, which suggests a history of secure development or limited exposure. This combination of factors points to a plugin that has been developed with security best practices in mind.

However, the complete lack of nonce and capability checks is a notable area of concern. While there are no apparent entry points detected in this analysis, the absence of these fundamental security checks means that if any entry points were to be introduced in future updates, they would inherently lack critical authentication and authorization mechanisms. This presents a potential future risk, as it deviates from standard WordPress security practices designed to protect against unauthorized actions. Therefore, while the current state is secure, proactive implementation of these checks is recommended for ongoing security.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Core Feature Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Core Feature Control Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

Core Feature Control Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 41

actionadmin_menucore-feature-control.php:24

actionadmin_initcore-feature-control.php:25

actionadmin_enqueue_scriptscore-feature-control.php:26

actioninitcore-feature-control.php:27

actionwp_loadedcore-feature-control.php:28

actionwp_enqueue_scriptscore-feature-control.php:30

filterscreen_options_show_screencore-feature-control.php:102

filterrest_endpointscore-feature-control.php:362

actiontemplate_redirectcore-feature-control.php:370

filterembed_oembed_discovercore-feature-control.php:397

actioninitcore-feature-control.php:401

filterrest_authentication_errorscore-feature-control.php:407

actionwp_enqueue_scriptscore-feature-control.php:416

filterwp_is_application_passwords_availablecore-feature-control.php:424

actionadmin_menucore-feature-control.php:428

actionadmin_menucore-feature-control.php:435

filterstyle_loader_srccore-feature-control.php:445

filterscript_loader_srccore-feature-control.php:446

filterfallback_intermediate_image_sizescore-feature-control.php:450

filtertrash_empty_dayscore-feature-control.php:456

filterembed_oembed_discovercore-feature-control.php:468

actioninitcore-feature-control.php:477

actionadmin_noticescore-feature-control.php:485

filterautomatic_updates_is_vcs_checkoutcore-feature-control.php:491

filterauto_core_update_send_emailcore-feature-control.php:496

filtersend_core_update_notification_emailcore-feature-control.php:497

actiontemplate_redirectcore-feature-control.php:505

actionlogin_enqueue_scriptscore-feature-control.php:514

filterwp_lazy_loading_enabledcore-feature-control.php:528

actionadmin_initcore-feature-control.php:532

filterwpseo_automatic_updatescore-feature-control.php:534

actionwp_enqueue_scriptscore-feature-control.php:539

actionadmin_enqueue_scriptscore-feature-control.php:542

filteradmin_footer_textcore-feature-control.php:549

actionelementor/editor/after_enqueue_stylescore-feature-control.php:553

actionadmin_initcore-feature-control.php:559

actionwp_enqueue_scriptscore-feature-control.php:565

actionadmin_bar_menucore-feature-control.php:572

filterw3tc_footer_commentcore-feature-control.php:578

actionwp_before_admin_bar_rendercore-feature-control.php:592

filterrest_endpointscore-feature-control.php:599

Maintenance & Trust

Core Feature Control Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 29, 2025

PHP min version7.4

Downloads202

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Core Feature Control Alternatives

Disable WP REST API

disable-wp-rest-api

100

Disables the WP REST API for visitors not logged into WordPress.

30K No CVEs

Admin Bar & Dashboard Access Control

admin-bar-dashboard-control

100

Disable admin bar and control users access to WordPress dashboard.

3K 1 CVE

WPControl – The Easiest Optimization Plugin for WordPress

wpcontrol

The easiest way to improve your website's security, performance, and user experience.

200 No CVEs

Turn Off REST API

turn-off-rest-api

Prevents unauthorized requests from using the WP REST API.

100 No CVEs

Disable User Enumeration

disabling-user-enumeration

Disable User Enumeration is a plugin designed to prevent hackers scanning your site for user names using REST API call.

30 No CVEs

Developer Profile

Core Feature Control Developer Profile

Galaxy Weblinks

40 plugins · 25K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

310 days

View full developer profile

Detection Fingerprints

How We Detect Core Feature Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/core-feature-control/assets/css/core-feature-control.css

Script Paths

/wp-content/plugins/core-feature-control/assets/js/core-feature-control.js

Version Parameters

core-feature-control-style?ver=core-feature-control/assets/css/core-feature-control.css?ver=

HTML / DOM Fingerprints

CSS Classes

corefeco-wrapcorefeco--noticee-notice__actionse-note

Data Attributes

name="corefeco_extended_disable_core_settingsid="check-all

FAQ