Does Easy Critical CSS have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Critical CSS compatible with WordPress 6.8.5?

According to WordPress.org data, Easy Critical CSS 1.4.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Easy Critical CSS compatible with PHP 7.4+?

Easy Critical CSS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Easy Critical CSS updated?

Easy Critical CSS was last updated on Jan 23, 2026. Frequent updates are generally a positive security signal.

What is Easy Critical CSS's security score?

Easy Critical CSS has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Critical CSS Security & Risk Analysis

wordpress.org/plugins/easy-critical-css

Easily inject Critical CSS and Secondary CSS (with unused CSS styles removed) to improve site speed and performance.

50 active installs v1.4.7 PHP 7.4+ WP 6.2+ Updated Jan 23, 2026

critical-csslighthouseoptimizationperformanceunused-css

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Easy Critical CSS Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Critical CSS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'easy-critical-css' plugin v1.4.7 demonstrates a generally good security posture with a high percentage of properly escaped outputs and prepared SQL statements. The plugin also utilizes nonce and capability checks effectively for most of its code signals, indicating a conscious effort towards secure coding practices. Its lack of historical vulnerabilities further supports this positive assessment.

However, a significant concern arises from the static analysis, which identifies one AJAX handler lacking any authentication checks. This unprotected entry point presents a direct attack vector, as an unauthenticated user could potentially interact with this handler and trigger unintended or malicious actions. Additionally, the taint analysis reveals two flows with unsanitized paths, though they are not classified as critical or high severity. While these might not lead to immediate exploitation, they represent potential weaknesses that could be combined with other vulnerabilities or exploited in specific scenarios.

In conclusion, while the plugin benefits from strong general security practices and a clean vulnerability history, the presence of an unprotected AJAX handler is a notable weakness. This single unprotected entry point significantly elevates the risk profile of the plugin and warrants immediate attention. The taint analysis findings, while not critical, also suggest areas for improvement in input sanitization.

Key Concerns

Unprotected AJAX handler found
Flows with unsanitized paths found (not critical)

Vulnerabilities

None known

Easy Critical CSS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Easy Critical CSS Release Timeline

v1.4.7Current

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Easy Critical CSS Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

125 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

89% prepared27 total queries

Output Escaping

98% escaped128 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<class-critical-css> (inc\class-critical-css.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Easy Critical CSS Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_ecc_subscription_notification_dismissinc\class-notification.php:13

WordPress Hooks 46

actionadmin_menuinc\class-admin-settings.php:13

actionadmin_initinc\class-admin-settings.php:14

actionadmin_enqueue_scriptsinc\class-admin-settings.php:15

actionupdated_optioninc\class-admin-settings.php:16

actionupdated_option_easy_cc_debug_modeinc\class-admin-settings.php:17

actionadmin_footerinc\class-admin-settings.php:19

filterstyle_loader_taginc\class-critical-css-injector.php:11

actionwp_headinc\class-critical-css-injector.php:13

actionwp_print_stylesinc\class-critical-css-injector.php:14

actionwp_footerinc\class-critical-css-injector.php:15

actionpost_updatedinc\class-critical-css-regenerate.php:103

actionedit_terminc\class-critical-css-regenerate.php:108

actionactivated_plugininc\class-critical-css-regenerate.php:113

actiondeactivated_plugininc\class-critical-css-regenerate.php:114

actionafter_switch_themeinc\class-critical-css-regenerate.php:119

actionupgrader_process_completeinc\class-critical-css-regenerate.php:124

filterredirect_canonicalinc\class-critical-css-server.php:11

actioninitinc\class-critical-css-server.php:13

actiontemplate_redirectinc\class-critical-css-server.php:14

actionadmin_bar_menuinc\class-critical-css-status.php:11

actionwp_enqueue_scriptsinc\class-critical-css-status.php:12

actiontemplate_redirectinc\class-critical-css.php:19

actionwp_headinc\class-critical-css.php:20

actioneasy_cc_cleanup_old_handshakesinc\class-database.php:16

actionadmin_post_easy_cc_deleteinc\class-delete-handler.php:13

actioneasy_cc_detect_timeoutsinc\class-failure-patterns.php:25

actionenqueue_block_editor_assetsinc\class-gutenberg.php:11

actionadmin_enqueue_scriptsinc\class-notification.php:11

actionadmin_noticesinc\class-notification.php:12

actionplugins_loadedinc\class-plugin.php:40

actionadmin_post_easy_cc_resetinc\class-reset-handler.php:11

actionrest_api_initinc\class-rest-api.php:20

actionadmin_post_easy_cc_uninstallinc\class-uninstall-handler.php:11

actionafter_uninstallinc\class-uninstall-handler.php:42

filtereasy_cc_common_secondary_selectorsinc\compatibility\class-compatibility-add-to-any.php:11

actioneasy_cc_all_expiredinc\compatibility\class-compatibility-cache.php:16

actioneasy_cc_single_expiredinc\compatibility\class-compatibility-cache.php:17

actioneasy_cc_single_generatedinc\compatibility\class-compatibility-cache.php:18

filterperfmatters_rest_api_exceptionsinc\compatibility\class-compatibility-perfmatters.php:11

actionadmin_post_uncheck_trellis_critical_cssinc\compatibility\class-compatibility-trellis.php:12

actionadmin_post_uncheck_wp_rocket_critical_cssinc\compatibility\class-compatibility-wp-rocket.php:12

actionadmin_noticesinc\compatibility\class-compatibility.php:36

filtershow_deactivation_feedback_forminc\load-freemius.php:57

actionafter_license_changeinc\load-freemius.php:60

actionafter_license_activationinc\load-freemius.php:61

actionafter_license_deactivationinc\load-freemius.php:62

Scheduled Events 2

easy_cc_cleanup_old_handshakes

easy_cc_detect_timeouts

Maintenance & Trust

Easy Critical CSS Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 23, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating20/100

Number of ratings1

Active installs50

Alternatives

Easy Critical CSS Alternatives

MegaWix Performance Monitor for Core Web Vitals

megawix-performance-monitor

100

Monitor and improve your Core Web Vitals (LCP, CLS, INP) using official Google PageSpeed Insights telemetry and professional Lighthouse 10 analysis.

0 No CVEs

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

AMP

amp

An easier path to great Page Experience for everyone. Powered by AMP.

400K No CVEs

Jetpack Boost – Website Speed, Performance and Critical CSS

jetpack-boost

Speed up your WordPress site with one-click optimizations like Page Cache, Critical CSS, and Image CDN to improve Core Web Vitals.

200K 2 CVEs

Performance Lab

performance-lab

100

Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.

200K 1 CVE

Developer Profile

Easy Critical CSS Developer Profile

Easy Critical CSS

1 plugin · 50 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Easy Critical CSS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-critical-css/assets/css/admin-style.css/wp-content/plugins/easy-critical-css/assets/js/ecc-admin.js

Script Paths

/wp-content/plugins/easy-critical-css/assets/js/ecc-admin.js

HTML / DOM Fingerprints

CSS Classes

notice-warningwrap

HTML Comments

Only show for Auto-generation sites.No need for nonce verification as we are using this for read-only purposes.

Data Attributes

data-confirmeasy_cc_cloudflare_changed

JS Globals

easy_cc_fs

FAQ