Does Machete have any unpatched vulnerabilities?

No. All known vulnerabilities in Machete have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Machete compatible with WordPress 6.9.4?

According to WordPress.org data, Machete 5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Machete compatible with PHP 7.4+?

Machete requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Machete updated?

Machete was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Machete's security score?

Machete has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Machete Security & Risk Analysis

wordpress.org/plugins/machete

Machete is a lean and simple suite of tools that solve common WordPress annoyances: cookie bar, tracking codes, header cleanup, social sharing

7K active installs v5.1 PHP 7.4+ WP 4.6+ Updated Feb 5, 2026

analyticsclonecookiesmaintenanceoptimization

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Machete Safe to Use in 2026?

Generally Safe

Score 100/100

Machete has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Machete plugin v5.1 demonstrates a strong security posture based on the provided static analysis and vulnerability history. The code appears to follow good security practices, with all identified SQL queries using prepared statements, a high percentage of properly escaped output, and a robust implementation of nonce and capability checks. The absence of external HTTP requests and bundled libraries further reduces the attack surface. Taint analysis found no critical or high severity flows, indicating a lack of easily exploitable data manipulation vulnerabilities. Furthermore, the plugin has no recorded vulnerabilities, critical or otherwise, suggesting a history of secure development and maintenance. While the attack surface is minimal with no unprotected entry points, the plugin's security relies on the consistent application of these good practices throughout its codebase and any future updates.

Vulnerabilities

None known

Machete Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Machete Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

256 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

98% escaped262 total outputs

Attack Surface

Machete Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[mct-social-share] inc\social\class-machete-social-module.php:131

[mct-social-share] inc\social\class-machete-social-module.php:141

WordPress Hooks 94

actionadmin_menuinc\about\class-machete-about-module.php:48

actionadmin_menuinc\class-machete-module.php:92

actionadmin_noticesinc\class-machete.php:102

actionadmin_menuinc\cleanup\class-machete-cleanup-module.php:115

filterstyle_loader_srcinc\cleanup\optimization.php:103

filterscript_loader_srcinc\cleanup\optimization.php:113

filterlogin_display_language_dropdowninc\cleanup\optimization.php:132

filtertiny_mce_pluginsinc\cleanup\optimization.php:146

filterfallback_intermediate_image_sizesinc\cleanup\optimization.php:165

filterwp_revisions_to_keepinc\cleanup\optimization.php:175

filterheartbeat_settingsinc\cleanup\optimization.php:190

actionwp_print_scriptsinc\cleanup\optimization.php:201

filterintermediate_image_sizesinc\cleanup\optimization.php:240

filterintermediate_image_sizes_advancedinc\cleanup\optimization.php:249

filterpre_option_medium_large_size_winc\cleanup\optimization.php:258

filterpre_option_medium_large_size_hinc\cleanup\optimization.php:259

filterintermediate_image_sizesinc\cleanup\optimization.php:264

filterintermediate_image_sizes_advancedinc\cleanup\optimization.php:271

filterintermediate_image_sizesinc\cleanup\optimization.php:282

filterintermediate_image_sizes_advancedinc\cleanup\optimization.php:289

filterembed_oembed_discoverinc\cleanup\optimization.php:319

filterrest_authentication_errorsinc\cleanup\optimization.php:326

filterxmlrpc_enabledinc\cleanup\optimization.php:348

filterwp_headersinc\cleanup\optimization.php:351

filterxmlrpc_enabledinc\cleanup\optimization.php:360

filterxmlrpc_methodsinc\cleanup\optimization.php:361

filterjpeg_qualityinc\cleanup\optimization.php:387

filterbig_image_size_thresholdinc\cleanup\optimization.php:397

actionwp_enqueue_scriptsinc\cleanup\optimization.php:404

actionafter_setup_themeinc\cleanup\optimization.php:416

actionwp_before_admin_bar_renderinc\clone\admin-bar.php:51

actionwp_enqueue_scriptsinc\clone\admin-bar.php:65

actionadmin_enqueue_scriptsinc\clone\admin-bar.php:66

actionadmin_action_machete_cloneinc\clone\admin-functions.php:82

filterpost_row_actionsinc\clone\admin-functions.php:187

filterpage_row_actionsinc\clone\admin-functions.php:188

actionadmin_headinc\clone\admin-functions.php:189

actionpost_submitbox_startinc\clone\admin-functions.php:190

actionadmin_initinc\cookies\class-machete-cookies-module.php:60

actionadmin_menuinc\cookies\class-machete-cookies-module.php:69

actionwp_footerinc\cookies\class-machete-cookies-module.php:84

actionwp_enqueue_scriptsinc\maintenance\admin-bar.php:30

actionadmin_enqueue_scriptsinc\maintenance\admin-bar.php:31

actionadmin_bar_menuinc\maintenance\admin-bar.php:81

actionadmin_bar_menuinc\maintenance\admin-bar.php:84

actionadmin_menuinc\maintenance\class-machete-maintenance-module.php:93

actiontemplate_redirectinc\maintenance\class-machete-maintenance-page.php:44

actiontemplate_redirectinc\maintenance\class-machete-maintenance-page.php:46

actionadmin_menuinc\powertools\class-machete-powertools-module.php:96

filterwidget_textinc\powertools\powertools.php:27

filterthe_excerpt_rssinc\powertools\powertools.php:44

filterthe_content_feedinc\powertools\powertools.php:45

actionwp_enqueue_scriptsinc\powertools\powertools.php:55

actionwp_footerinc\powertools\powertools.php:62

actionwp_footerinc\powertools\powertools.php:63

actionwp_footerinc\powertools\powertools.php:64

filterscript_loader_taginc\powertools\powertools.php:71

actiondo_feedinc\powertools\powertools.php:95

actiondo_feed_rdfinc\powertools\powertools.php:96

actiondo_feed_rssinc\powertools\powertools.php:97

actiondo_feed_rss2inc\powertools\powertools.php:98

actiondo_feed_atominc\powertools\powertools.php:99

filterupload_mimesinc\powertools\powertools.php:104

actionparse_queryinc\powertools\powertools.php:123

filterget_search_forminc\powertools\powertools.php:136

actionwidgets_initinc\powertools\powertools.php:143

actionadmin_initinc\social\class-machete-social-module.php:110

actionadmin_menuinc\social\class-machete-social-module.php:119

actionwp_enqueue_scriptsinc\social\class-machete-social-module.php:144

filterthe_contentinc\social\class-machete-social-module.php:187

actionadmin_initinc\utils\class-machete-utils-module.php:62

actionadmin_menuinc\utils\class-machete-utils-module.php:85

actionwp_enqueue_scriptsinc\utils\class-machete-utils-module.php:337

actionwp_headinc\utils\class-machete-utils-module.php:345

actionwp_headinc\utils\frontend-functions.php:15

actionwp_footerinc\utils\frontend-functions.php:41

filterbody_classinc\utils\frontend-functions.php:55

actionwp_body_openinc\utils\frontend-functions.php:64

filtertransient_shipping-transient-versioninc\woocommerce\actions.php:27

filterwoocommerce_package_ratesinc\woocommerce\actions.php:29

filterwoocommerce_variable_sale_price_htmlinc\woocommerce\actions.php:100

filterwoocommerce_variable_price_htmlinc\woocommerce\actions.php:101

filterwoocommerce_price_trim_zerosinc\woocommerce\actions.php:107

filterwc_product_has_unique_skuinc\woocommerce\actions.php:112

filterwc_product_sku_enabledinc\woocommerce\actions.php:117

actionadmin_menuinc\woocommerce\class-machete-woocommerce-module.php:64

actionadmin_initmachete-admin.php:14

actionadmin_initmachete-admin.php:32

actioncurrent_screenmachete-admin.php:69

filteradmin_footer_textmachete-admin.php:77

actionadmin_enqueue_scriptsmachete-admin.php:86

filterplugin_action_linksmachete-admin.php:101

actionadmin_menumachete-admin.php:116

actioninitmachete.php:72

Maintenance & Trust

Machete Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.4

Downloads83K

Community Trust

Rating100/100

Number of ratings52

Active installs7K

Alternatives

Machete Alternatives

GTmetrix for WordPress

gtmetrix-for-wordpress

GTmetrix can help you develop a faster, more efficient, and all-around improved website experience for your users. Your users will love you for it.

9K 3 CVEs

WP Client Reports

wp-client-reports

The best maintenance reporting tool for WordPress professionals. Display update statistics directly in the WordPress admin or send reports via email.

6K 2 CVEs

Lucky Orange

lucky-orange

100

Less time crunching numbers, more time growing your business.

2K No CVEs

SEO Engine

seo-engine

100

Made it through the SEO plugin wasteland? You've earned a coffee ☺️ Quietly powerful AI SEO that actually works. No bloat, just results. Enjoy! 💕

1K No CVEs

Rankology SEO and Analytics Tool

rankology-seo-and-analytics-tool

Rankology SEO and Analytics Tool is a powerful, fast, and easy-to-use SEO plugin that helps WordPress sites rank higher in search engines.

300 1 CVE

Developer Profile

Machete Developer Profile

Nilo Velez

4 plugins · 17K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Machete

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/machete/inc/about/css/about.css/wp-content/plugins/machete/inc/cleanup/css/cleanup.css/wp-content/plugins/machete/inc/cookies/css/cookies.css/wp-content/plugins/machete/inc/utils/css/utils.css/wp-content/plugins/machete/inc/maintenance/css/maintenance.css/wp-content/plugins/machete/inc/clone/css/clone.css/wp-content/plugins/machete/inc/social/css/social.css/wp-content/plugins/machete/inc/woocommerce/css/woocommerce.css+10 more

Script Paths

/wp-content/plugins/machete/inc/about/js/about.js/wp-content/plugins/machete/inc/cleanup/js/cleanup.js/wp-content/plugins/machete/inc/cookies/js/cookies.js/wp-content/plugins/machete/inc/utils/js/utils.js/wp-content/plugins/machete/inc/maintenance/js/maintenance.js/wp-content/plugins/machete/inc/clone/js/clone.js+3 more

HTML / DOM Fingerprints

CSS Classes

machete-about-pagemachete-module-headermachete-module-settingsmachete-module-descriptionmachete-module-slugmachete-button-primarymachete-input-textmachete-input-checkbox+18 more

HTML Comments

Machete Machete Cookie Bar Machete Tracking Codes Machete Custom Code Editor +8 more

Data Attributes

data-machete-moduledata-machete-settingdata-machete-slugdata-machete-toggledata-machete-tab

JS Globals

macheteMachete

REST Endpoints

/wp-json/machete/v1/settings/wp-json/machete/v1/modules

Shortcode Output

[machete_cookie_bar][machete_tracking_codes][machete_custom_code][machete_post_cloner]

FAQ