WP-Safety

DX Remove Unused Custom Fields Security & Risk Analysis

wordpress.org/plugins/dx-remove-unused-custom-fields

Delete the Custom Fields from your postmeta table where assigned posts no longer exist.

20 active installs v0.1 PHP + WP 3.1+ Updated Sep 8, 2014
cleandatabasedeletepost-types
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is DX Remove Unused Custom Fields Safe to Use in 2026?

Generally Safe

Score 85/100

DX Remove Unused Custom Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The plugin "dx-remove-unused-custom-fields" v0.1 exhibits a strong security posture regarding its attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and implementing at least one nonce check. However, a significant concern arises from the fact that 100% of its output is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. While there is no known vulnerability history for this plugin, the lack of proper output escaping is a notable weakness that could be exploited.

Key Concerns

  • All output is unescaped
Vulnerabilities
None known

DX Remove Unused Custom Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DX Remove Unused Custom Fields Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
4
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped4 total outputs
Attack Surface

DX Remove Unused Custom Fields Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionadmin_menudx-remove-unused-custom-fields.php:39
Maintenance & Trust

DX Remove Unused Custom Fields Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedSep 8, 2014
PHP min version
Downloads5K

Community Trust

Rating64/100
Number of ratings12
Active installs20
Alternatives

DX Remove Unused Custom Fields Alternatives

WP Bulk Delete

WP Bulk Delete

wp-bulk-delete

A
98

Delete posts, pages, comments, users, taxonomy terms and meta fields in bulk with different powerful filters and conditions.

100K 2 CVEs
Optimize Database after Deleting Revisions

Optimize Database after Deleting Revisions

rvg-optimize-database

A
99

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs
Bulk Delete

Bulk Delete

bulk-delete

A
100

Bulk delete posts, pages, users, attachments, and meta fields based on complex bulk conditions & filters.

30K 1 CVE
Another Comments Cleaner

Another Comments Cleaner

another-comments-cleaner

A
85

Delete or trash automatically comments based on status using WP_Cron

10 No CVEs
OO Cleaner for CFDB7

OO Cleaner for CFDB7

oo-cleaner-for-cfdb7

A
100

Automatically delete old CFDB7 entries after a configurable number of days.

10 No CVEs
Developer Profile

DX Remove Unused Custom Fields Developer Profile

Mario Peshev

13 plugins · 5K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
164 days
View full developer profile
Detection Fingerprints

How We Detect DX Remove Unused Custom Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
ruc-messageruc-posts-list
FAQ

Frequently Asked Questions about DX Remove Unused Custom Fields