WP-Safety

Minify HTML Security & Risk Analysis

wordpress.org/plugins/minify-html-markup

Minify HTML output for clean looking markup and faster downloading.

10K active installs v2.1.13 PHP 5.2.4+ WP 3.6.0+ Updated Mar 18, 2026
beautifycompresshtmlminifierminify
96
A · Safe
CVEs total3
Unpatched0
Last CVEMar 30, 2026
Plugin page Download
Safety Verdict

Is Minify HTML Safe to Use in 2026?

Generally Safe

Score 96/100

Minify HTML has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Mar 30, 2026Updated 2mo ago
Risk Assessment

The "minify-HTML-MARKUP" plugin, version 2.1.12, exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, or file operations is commendable. All identified output is properly escaped, and the presence of both nonce and capability checks indicates good practice in protecting against common WordPress vulnerabilities.

However, the plugin's vulnerability history presents a significant concern. With two previously disclosed medium-severity vulnerabilities, specifically Uncontrolled Resource Consumption and Cross-Site Request Forgery (CSRF), it suggests a pattern of introducing security weaknesses. While there are currently no unpatched vulnerabilities, the historical trend warrants caution. The lack of any identified flows in taint analysis is positive, but it does not negate the past issues.

In conclusion, while the current version of "minify-HTML-MARKUP" appears to have a clean bill of health from a code analysis perspective, its past vulnerability history demands ongoing vigilance. Users should be aware of the potential for similar issues to re-emerge in future updates. The plugin demonstrates good internal coding practices but has a track record that lowers its overall security trust level.

Key Concerns

  • Past medium severity vulnerabilities
  • Two medium severity vulnerabilities historically
Vulnerabilities
3 published

Minify HTML Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-3191medium · 5.4Cross-Site Request Forgery (CSRF)

Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update

Mar 30, 2026 Patched in 2.1.13 (1d)
CVE-2024-12579medium · 5.3Uncontrolled Resource Consumption

Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service

Dec 12, 2024 Patched in 2.1.11 (1d)
CVE-2023-26014medium · 4.3Cross-Site Request Forgery (CSRF)

Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options

Feb 21, 2023 Patched in 2.1.8 (336d)
Version History

Minify HTML Release Timeline

v2.1.13Current
v2.1.121 CVE
CVE-2026-3191
v2.1.111 CVE
CVE-2026-3191
v2.1.102 CVEs
CVE-2024-12579 CVE-2026-3191
Code Analysis
Analyzed Mar 16, 2026

Minify HTML Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
7 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped7 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
minify_html_menu_options (minify-html.php:121)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Minify HTML Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actiontemplate_redirectminify-html.php:39
actionadmin_menuminify-html.php:119
Maintenance & Trust

Minify HTML Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 18, 2026
PHP min version5.2.4
Downloads247K

Community Trust

Rating94/100
Number of ratings33
Active installs10K
Alternatives

Minify HTML Alternatives

Fast HTML Minify

Fast HTML Minify

fast-html-minify

A
92

Minify HTML output for clean looking markup and faster downloading.

20 No CVEs
WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

wp-super-minify

A
100

A lightweight plugin that automatically minifies, compresses, and caches HTML, CSS, and JavaScript on demand to improve your website’s load speed.

9K 1 CVE
Inline HTML, CSS & Javascript Minifier

Inline HTML, CSS & Javascript Minifier

inline-html-css-javascript-minifier

A
85

Minify all front end code (HTML, CSS and Javascript).

20 No CVEs
Lightweight HTML Minify

Lightweight HTML Minify

lightweight-html-minify

A
85

Lightweight HTML Minify plugin provide feature to install and minify HTML, Means you don't have to worry about any setting it will automatically &hellip;

10 No CVEs
WP Minify Fix

WP Minify Fix

wp-minify-fix

A
85

[Fixed] This plugin uses the Minify engine to combine and compress JS and CSS files to improve page load time.

900 No CVEs
Developer Profile

Minify HTML Developer Profile

Tim Eckel

3 plugins · 14K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
201 days
View full developer profile
Detection Fingerprints

How We Detect Minify HTML

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
<!-- Begin Minify HTML --><!-- End Minify HTML -->
FAQ

Frequently Asked Questions about Minify HTML