Does Database Cleaner have any unpatched vulnerabilities?

No. All known vulnerabilities in Database Cleaner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Database Cleaner compatible with WordPress 6.9.4?

According to WordPress.org data, Database Cleaner 1.3.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Database Cleaner compatible with PHP 7.4+?

Database Cleaner requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Database Cleaner updated?

Database Cleaner was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Database Cleaner's security score?

Database Cleaner has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Database Cleaner Security & Risk Analysis

wordpress.org/plugins/database-cleaner

User-friendly tool to clean and optimize databases. Efficiently manages large databases, simplifying repair and ensuring peak performance.

10K active installs v1.3.4 PHP 7.4+ WP 6.0+ Updated Feb 25, 2026

cleancleanerdatabaseoptimizesql

A · Safe

CVEs total2

Unpatched0

Last CVEJun 6, 2024

Plugin page Download

Safety Verdict

Is Database Cleaner Safe to Use in 2026?

Generally Safe

Score 99/100

Database Cleaner has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 6, 2024Updated 1mo ago

Risk Assessment

The "database-cleaner" plugin v1.3.4 presents a mixed security posture. On the positive side, the static analysis reveals a lack of critical vulnerabilities in terms of attack surface, dangerous functions, and taint analysis. The plugin demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output. File operations are present but don't appear to be directly exposed to external input based on the available data. However, there are notable areas of concern. The absence of any nonce checks, despite having 11 capability checks, is a significant weakness. This could leave the plugin vulnerable to CSRF attacks if any of its functionalities are manipulated by an attacker. The presence of 2 medium severity historical vulnerabilities, specifically "Path Traversal" and "Insertion of Sensitive Information into Log File", even though currently unpatched, suggests past security oversights and potential for similar issues to re-emerge. The bundling of "Freemius" is also a factor to consider, as it represents an external dependency that could introduce its own security risks if not properly managed.

Key Concerns

No nonce checks on any entry points
2 medium severity CVEs historically, last one recent
Bundled library (Freemius)

Vulnerabilities

Database Cleaner Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-35712medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read

Jun 6, 2024 Patched in 1.0.6 (8d)

CVE-2023-51508medium · 5.3Insertion of Sensitive Information into Log File

Database Cleaner <= 0.9.8 - Sensitive Information Exposure via Log File

Dec 27, 2023 Patched in 0.9.9 (27d)

Code Analysis

Analyzed Mar 16, 2026

Database Cleaner Code Analysis

Dangerous Functions

Raw SQL Queries

140 prepared

Unescaped Output

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius

SQL Query Safety

81% prepared173 total queries

Output Escaping

91% escaped32 total outputs

Attack Surface

Database Cleaner Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 60

actionadmin_menuclasses\admin.php:9

actionadmin_enqueue_scriptsclasses\admin.php:16

filterload_script_translation_fileclasses\admin.php:32

filtercron_schedulesclasses\background.php:26

actiondbclnr_cron_tasksclasses\background.php:27

actiondbclnr_cron_analyticsclasses\background.php:28

actiondbclnr_cron_sweeperclasses\background.php:29

actionplugins_loadedclasses\core.php:38

actioninitclasses\core.php:39

actiondbclnr_cron_fakeclasses\core.php:580

actionadmin_noticesclasses\init.php:7

filterdbclnr_get_queriesclasses\queries\core.php:20

filterdbclnr_delete_queriesclasses\queries\core.php:24

filterdbclnr_count_queriesclasses\queries\core.php:28

filterdbclnr_generate_fake_data_queriesclasses\queries\core.php:32

actionrest_api_initclasses\rest.php:15

filterdbclnr_check_support_for_tableclasses\support\actions_scheduler.php:6

filterdbclnr_check_support_for_optionclasses\support\actions_scheduler.php:7

filterdbclnr_check_support_for_cronclasses\support\actions_scheduler.php:8

filterdbclnr_table_to_pluginclasses\support\core.php:13

filterdbclnr_post_type_to_pluginclasses\support\core.php:14

filterdbclnr_option_to_pluginclasses\support\core.php:15

filterdbclnr_cron_to_pluginclasses\support\core.php:16

filterdbclnr_metadata_to_pluginclasses\support\core.php:17

filterdbclnr_metadata_to_pluginclasses\support\core.php:18

filterdbclnr_table_to_pluginclasses\support\core.php:21

filterdbclnr_post_type_to_pluginclasses\support\core.php:22

filterdbclnr_option_to_pluginclasses\support\core.php:23

filterdbclnr_cron_to_pluginclasses\support\core.php:24

filterdbclnr_metadata_to_pluginclasses\support\core.php:25

filterdbclnr_metadata_to_pluginclasses\support\core.php:26

filterdbclnr_table_to_pluginclasses\support\core.php:29

filterdbclnr_post_type_to_pluginclasses\support\core.php:30

filterdbclnr_option_to_pluginclasses\support\core.php:31

filterdbclnr_cron_to_pluginclasses\support\core.php:32

filterdbclnr_metadata_to_pluginclasses\support\core.php:33

filterdbclnr_metadata_to_pluginclasses\support\core.php:34

filterdbclnr_check_support_for_optionclasses\support\core.php:37

filterdbclnr_check_support_for_optionclasses\support\freemius.php:6

filterdbclnr_check_support_for_optionclasses\support\litespeed.php:6

filterdbclnr_check_support_for_optionclasses\support\meowapps.php:6

filterdbclnr_check_support_for_cronclasses\support\meowapps.php:7

filterdbclnr_check_table_infoclasses\support.php:28

filterdbclnr_check_post_type_infoclasses\support.php:29

filterdbclnr_check_option_infoclasses\support.php:30

filterdbclnr_check_cron_infoclasses\support.php:31

filterdbclnr_check_metadata_infoclasses\support.php:32

actionadmin_noticescommon\admin.php:72

filterplugin_row_metacommon\admin.php:77

filteredd_sl_api_request_verify_sslcommon\admin.php:78

actioninitcommon\admin.php:96

actionadmin_menucommon\admin.php:153

filteradmin_footer_textcommon\admin.php:158

actionadmin_footercommon\admin.php:218

actionadmin_headcommon\admin.php:456

actionadmin_noticescommon\news.php:43

filtersafe_style_csscommon\news.php:44

actionadmin_noticescommon\ratings.php:33

filtersafe_style_csscommon\ratings.php:34

actionrest_api_initcommon\rest.php:14

Scheduled Events 5

dbclnr_cron_tasks

dbclnr_cron_analytics

dbclnr_cron_sweeper

dbclnr_cron_fake

dbclnr_cron_sweeper

Maintenance & Trust

Database Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads461K

Community Trust

Rating100/100

Number of ratings148

Active installs10K

Alternatives

Database Cleaner Alternatives

Media Cleaner and Database Optimizer by ITPath

itpathsolutions-media-cleaner-and-database-optimizer

100

The most powerful tool for clearing unused media from your website and optimizing your database to boost site performance

20 No CVEs

Aims Quick Cleanup Tools

aims-quick-cleanup-tools

100

A fast and simple one-click toolset to clean, repair, and optimize your WordPress site.

0 No CVEs

Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site Performance

advanced-database-cleaner

Clean database by deleting orphaned data such as 'revisions', 'expired transients', optimize database and more...

100K 8 CVEs

Optimize Database after Deleting Revisions

rvg-optimize-database

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs

WPS Cleaner

wps-cleaner

WPS Cleaner cleans your WordPress site as well as your database.

20K 2 CVEs

Developer Profile

Database Cleaner Developer Profile

Jordy Meow

27 plugins · 371K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

372 days

View full developer profile

Detection Fingerprints

How We Detect Database Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/database-cleaner/app/vendor.js/wp-content/plugins/database-cleaner/app/index.js

Script Paths