Does Native WP Cleaner have any unpatched vulnerabilities?

No. All known vulnerabilities in Native WP Cleaner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Native WP Cleaner compatible with WordPress 4.8.28?

According to WordPress.org data, Native WP Cleaner 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Native WP Cleaner updated?

Native WP Cleaner was last updated on Jun 10, 2017. Frequent updates are generally a positive security signal.

What is Native WP Cleaner's security score?

Native WP Cleaner has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Native WP Cleaner Security & Risk Analysis

wordpress.org/plugins/native-wp-cleaner

Disable native widgets, clean head tag from RSS, RSD, WLW Manifest links, disable XML-RPC, cleanup admin panel from columns, metaboxes, menu items.

70 active installs v1.0 PHP + WP 4.0+ Updated Jun 10, 2017

disable-widgetsremove-generator-metaremove-rsdremove-tags-from-headxmlrpc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Native WP Cleaner Safe to Use in 2026?

Generally Safe

Score 85/100

Native WP Cleaner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "native-wp-cleaner" v1.0 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no raw SQL queries, and no file operations or external HTTP requests, which are common sources of vulnerabilities. The absence of recorded vulnerabilities in its history also suggests a relatively stable past.

However, a significant concern is the complete lack of output escaping. With 207 outputs identified and 0% properly escaped, this presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the absence of nonce checks and capability checks across all entry points (even though the attack surface is reported as zero) is concerning, as it implies a lack of proper authorization and protection against CSRF attacks if any entry points were to be discovered or introduced in future versions. The taint analysis returning no flows is positive but could also be influenced by the limited scope or nature of the code analyzed.

In conclusion, while the plugin avoids some common pitfalls, the pervasive lack of output escaping creates a high risk for XSS. The absence of authorization checks, though seemingly mitigated by a zero attack surface, warrants caution. The plugin's strength lies in its apparent avoidance of direct SQL injection or file manipulation risks, but the XSS risk is a critical weakness.

Key Concerns

Output escaping is completely missing
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Native WP Cleaner Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Native WP Cleaner Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

207

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped207 total outputs

Attack Surface

Native WP Cleaner Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 59

actioninitnative-wp-cleaner.php:18

actionwp_footernative-wp-cleaner.php:33

filtertiny_mce_pluginsnative-wp-cleaner.php:45

actioninitnative-wp-cleaner.php:47

filteremoji_svg_urlnative-wp-cleaner.php:49

filterstyle_loader_srcnative-wp-cleaner.php:54

filterscript_loader_srcnative-wp-cleaner.php:55

actionpre_pingnative-wp-cleaner.php:66

filterwp_headersnative-wp-cleaner.php:70

filterxmlrpc_enablednative-wp-cleaner.php:71

actionlogin_formnative-wp-cleaner.php:94

actionlostpassword_formnative-wp-cleaner.php:95

actionretrievepassword_formnative-wp-cleaner.php:96

actionregister_formnative-wp-cleaner.php:97

filterwp_revisions_to_keepnative-wp-cleaner.php:104

actionwidgets_initnative-wp-cleaner.php:108

actionwidgets_initnative-wp-cleaner.php:113

actionwidgets_initnative-wp-cleaner.php:118

actionwidgets_initnative-wp-cleaner.php:123

actionwidgets_initnative-wp-cleaner.php:128

actionwidgets_initnative-wp-cleaner.php:133

actionwidgets_initnative-wp-cleaner.php:138

actionwidgets_initnative-wp-cleaner.php:143

actionwidgets_initnative-wp-cleaner.php:148

actionwidgets_initnative-wp-cleaner.php:153

actionwidgets_initnative-wp-cleaner.php:158

actionwidgets_initnative-wp-cleaner.php:163

actionwidgets_initnative-wp-cleaner.php:168

actionwidgets_initnative-wp-cleaner.php:173

actionwidgets_initnative-wp-cleaner.php:178

actioninitnative-wp-cleaner.php:183

actioninitnative-wp-cleaner.php:188

filtermanage_media_columnsnative-wp-cleaner.php:194

actionadmin_menunative-wp-cleaner.php:196

filtermanage_media_columnsnative-wp-cleaner.php:202

actionadmin_menunative-wp-cleaner.php:204

actionadmin_menunative-wp-cleaner.php:206

actionwp_before_admin_bar_rendernative-wp-cleaner.php:208

actionadmin_menunative-wp-cleaner.php:213

actionadmin_menunative-wp-cleaner.php:215

actionadmin_menunative-wp-cleaner.php:220

actionadmin_menunative-wp-cleaner.php:225

actionadmin_menunative-wp-cleaner.php:230

actionadmin_menunative-wp-cleaner.php:235

actionadmin_menunative-wp-cleaner.php:240

actionadmin_menunative-wp-cleaner.php:245

actionadmin_menunative-wp-cleaner.php:250

actionadmin_menunative-wp-cleaner.php:255

actionadmin_menunative-wp-cleaner.php:260

actionadmin_menunative-wp-cleaner.php:265

actionadmin_menunative-wp-cleaner.php:267

actionwp_before_admin_bar_rendernative-wp-cleaner.php:272

actionwp_before_admin_bar_rendernative-wp-cleaner.php:277

actionwp_before_admin_bar_rendernative-wp-cleaner.php:282

actionwp_before_admin_bar_rendernative-wp-cleaner.php:287

actionwp_before_admin_bar_rendernative-wp-cleaner.php:292

actionlogin_enqueue_scriptsnative-wp-cleaner.php:297

actionadmin_menunative-wp-cleaner.php:730

actionadmin_initnative-wp-cleaner.php:735

Maintenance & Trust

Native WP Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJun 10, 2017

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs70

Alternatives

Native WP Cleaner Alternatives

Disable XML-RPC

disable-xml-rpc

100

Disables the XML-RPC API in WordPress 3.5+, which is enabled by default.

200K No CVEs

Disable XML-RPC-API

disable-xml-rpc-api

100

A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website

100K No CVEs

Remove & Disable XML-RPC Pingback

remove-xmlrpc-pingback-ping

Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.

9K No CVEs

Manage XML-RPC

manage-xml-rpc

Enable/Disable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.

6K No CVEs

Stop XML-RPC Attacks

stop-xml-rpc-attacks

100

Blocks dangerous XML-RPC methods while preserving Jetpack, WooCommerce, and mobile apps compatibility.

6K No CVEs

Developer Profile

Native WP Cleaner Developer Profile

Oleg Komarovskyi

2 plugins · 130 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Native WP Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

native-wp-cleaner/style.css?ver=native-wp-cleaner/script.js?ver=

HTML / DOM Fingerprints

JS Globals

nwpcpcode_tab

Shortcode Output

<p style="visibility:hidden;height:1px;"><label for="username-login">Name<br><input type="text" name="username-login" value=""/></label></p>

FAQ