WP-Safety

Debloat – Remove Unused CSS, Optimize JS Security & Risk Analysis

wordpress.org/plugins/debloat

Remove Unused CSS, Optimize CSS, Optimize JS and speed up your site.

30K active installs v1.3.0 PHP 7.4.1+ WP 5.0+ Updated Mar 4, 2026
optimizeperformancespeeduncss
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Debloat – Remove Unused CSS, Optimize JS Safe to Use in 2026?

Generally Safe

Score 100/100

Debloat – Remove Unused CSS, Optimize JS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "debloat" plugin version 1.3.0 presents a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs, coupled with a clean taint analysis and a very low percentage of unescaped outputs, indicates good development practices. The plugin also demonstrates a commendable lack of a broad attack surface by not exposing any AJAX handlers, REST API routes, shortcodes, or cron events, and where checks are present (nonce and capability), they seem correctly implemented. The minimal number of file operations and external HTTP requests further reduce potential vectors for attack. However, the presence of a single SQL query that does not utilize prepared statements is a notable concern. While the overall risk is low, this could be a potential entry point for SQL injection vulnerabilities if the input influencing this query is not rigorously sanitized elsewhere. Therefore, while the plugin is largely secure, addressing this single SQL query is a critical step to achieving an even more robust security profile.

Key Concerns

  • SQL query not using prepared statements
Vulnerabilities
None known

Debloat – Remove Unused CSS, Optimize JS Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Debloat – Remove Unused CSS, Optimize JS Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
1
22 escaped
Nonce Checks
1
Capability Checks
1
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

96% escaped23 total outputs
Attack Surface

Debloat – Remove Unused CSS, Optimize JS Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
actionadmin_noticesbootstrap.php:25
actionplugins_loadedbootstrap.php:40
actioncmb2_admin_initinc\admin\admin.php:29
actionadmin_enqueue_scriptsinc\admin\admin.php:32
actionadmin_menuinc\admin\admin.php:35
actioncmb2_save_options-page_fieldsinc\admin\admin.php:47
filtercmb2_sanitize_checkboxinc\admin\admin.php:52
actioncmb2_render_manualinc\admin\admin.php:57
actiondebloat/empty_cachesinc\admin\cache.php:31
actionwpinc\integrations\elementor.php:21
filterdebloat/remove_css_includesinc\integrations\elementor.php:43
filterdebloat/remove_css_excludesinc\integrations\elementor.php:51
filterdebloat/allow_css_selectorsinc\integrations\elementor.php:118
filterdebloat/delay_js_includesinc\integrations\elementor.php:146
actionwpinc\integrations\wpbakery.php:20
filterdebloat/remove_css_includesinc\integrations\wpbakery.php:42
filterdebloat/remove_css_excludesinc\integrations\wpbakery.php:53
filterdebloat/allow_css_selectorsinc\integrations\wpbakery.php:144
filterdebloat/delay_js_includesinc\integrations\wpbakery.php:172
filtercmb2_meta_box_urlinc\plugin.php:110
actioninitinc\plugin.php:164
actioninitinc\process.php:23
actiontemplate_redirectinc\process.php:58
Maintenance & Trust

Debloat – Remove Unused CSS, Optimize JS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4.1
Downloads334K

Community Trust

Rating96/100
Number of ratings41
Active installs30K
Alternatives

Debloat – Remove Unused CSS, Optimize JS Alternatives

LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

B
82

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
W3 Total Cache

W3 Total Cache

w3-total-cache

B
75

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 28 CVEs
Aruba HiSpeed Cache

Aruba HiSpeed Cache

aruba-hispeed-cache

A
95

Aruba HiSpeed Cache interfaces directly with an Aruba hosting platform's HiSpeed Cache service and automates its management.

100K 6 CVEs
Developer Profile

Debloat – Remove Unused CSS, Optimize JS Developer Profile

asadkn

4 plugins · 61K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Debloat – Remove Unused CSS, Optimize JS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/debloat/css/admin/cmb2.css/wp-content/plugins/debloat/js/admin/cmb2-conditionals.js/wp-content/plugins/debloat/js/admin/options.js
Script Paths
/wp-content/plugins/debloat/js/admin/cmb2-conditionals.js/wp-content/plugins/debloat/js/admin/options.js
Version Parameters
debloat-cmb2-conditionals?ver=debloat-options?ver=debloat-admin-cmb2?ver=

HTML / DOM Fingerprints

CSS Classes
debloat-optionssphere-cmb2-wrap
Data Attributes
data-conditional-iddata-conditional-value
FAQ

Frequently Asked Questions about Debloat – Remove Unused CSS, Optimize JS