WP-Safety

MinQueue Security & Risk Analysis

wordpress.org/plugins/minqueue

Minify & Concatenate Enqueued Scripts & Styles.

200 active installs v1.1.2 PHP + WP 3.4+ Updated Sep 19, 2013
concatenateminifyscriptstyle
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MinQueue Safe to Use in 2026?

Generally Safe

Score 85/100

MinQueue has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "minqueue" plugin v1.1.2 presents a mixed security profile. On the positive side, its attack surface is remarkably clean with zero identified entry points, and all SQL queries utilize prepared statements, indicating good practices in these areas. The absence of known vulnerabilities and a clean vulnerability history further suggest a plugin that has historically been well-maintained and secure. However, the static analysis reveals several concerning code signals. The presence of dangerous functions like `create_function`, `exec`, and `unserialize` is a significant red flag, as these can be exploited if user input is not meticulously sanitized. While taint analysis shows no critical or high-severity flows, the single identified flow with unsanitized paths warrants attention, especially in conjunction with the dangerous functions. Furthermore, an output escaping rate of only 59% suggests that a substantial portion of the plugin's output might be vulnerable to cross-site scripting (XSS) attacks.

Key Concerns

  • Presence of dangerous functions (create_function, exec, unserialize)
  • Unsanitized path flow identified in taint analysis
  • Low output escaping rate (59%)
Vulnerabilities
None known

MinQueue Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MinQueue Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
12
17 escaped
Nonce Checks
2
Capability Checks
2
File Operations
18
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

create_functionreturn count( array_filter( scandir( $dir ), create_function( '$value', 'return ( \'.\' === $value |class.minqueue.php:500
execexec(self::_getCmd($options, $tmpFile), $output, $result_code);PHP-Minify-Lib\Minify\ClosureCompiler.php:76
execexec(self::_getCmd($options, $type, $tmpFile), $output, $result_code);PHP-Minify-Lib\Minify\YUICompressor.php:96
unserialize$options = unserialize( MINQUEUE_OPTIONS );plugin.php:82

Output Escaping

59% escaped29 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<ImportProcessor> (PHP-Minify-Lib\Minify\ImportProcessor.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MinQueue Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
actionadmin_menuclass.minqueue-admin.php:21
actionadmin_initclass.minqueue-admin.php:22
actionadmin_noticesclass.minqueue-admin.php:23
actionadmin_enqueue_scriptsclass.minqueue-admin.php:24
actionadmin_initclass.minqueue-notices.php:25
actionadmin_noticesclass.minqueue-notices.php:27
actionwp_print_scriptsclass.minqueue.php:549
actionwp_print_footer_scriptsclass.minqueue.php:551
actioninitminqueue-helper-tool.php:10
actionwp_headminqueue-helper-tool.php:20
actionwp_footerminqueue-helper-tool.php:21
actionwp_footerminqueue-helper-tool.php:22
actioninitplugin.php:29
actionwp_print_scriptsplugin.php:55
actionwp_footerplugin.php:56
actionwp_print_stylesplugin.php:57
Maintenance & Trust

MinQueue Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedSep 19, 2013
PHP min version
Downloads29K

Community Trust

Rating90/100
Number of ratings30
Active installs200
Alternatives

MinQueue Alternatives

Better WordPress Minify

Better WordPress Minify

bwp-minify

A
85

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs
Optimize Scripts & Styles

Optimize Scripts & Styles

optimize-scripts-styles

A
100

Optimize Scripts & Styles combines scripts and styles on your site, minifies them and provides cachable versions for improved site performance.

70 No CVEs
APH Merge Scripts

APH Merge Scripts

aph-merge-scripts

A
85

Merge and minify CSS & javascript files into one file. Easy to use. Support remote file - Javascript & CSS files hosted on other server or CDN

30 No CVEs
Asset CleanUp: Page Speed Booster

Asset CleanUp: Page Speed Booster

wp-asset-clean-up

A
89

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K 6 CVEs
Custom CSS and JavaScript

Custom CSS and JavaScript

custom-css-and-javascript

A
92

Easily add custom CSS and JavaScript code to your WordPress site, with draft previewing, revisions, and minification!

10K No CVEs
Developer Profile

MinQueue Developer Profile

Matthew Haines-Young

1 plugin · 200 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MinQueue

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/minqueue/minqueue.css/wp-content/plugins/minqueue/minqueue.js
Script Paths
/wp-content/plugins/minqueue/minqueue.js
Version Parameters
minqueue/minqueue.css?ver=minqueue/minqueue.js?ver=

HTML / DOM Fingerprints

Data Attributes
minqueue_options[helper]
JS Globals
minqueue_helper
FAQ

Frequently Asked Questions about MinQueue