WP-Safety

Optimization Detective Security & Risk Analysis

wordpress.org/plugins/optimization-detective

Provides a framework for leveraging real user metrics to detect optimizations for improving page performance.

70K active installs v1.0.0-beta5 PHP 7.2+ WP 6.6+ Updated Feb 27, 2026
optimizationperformancerum
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Optimization Detective Safe to Use in 2026?

Generally Safe

Score 100/100

Optimization Detective has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The optimization-detective plugin, in its beta 5 release, exhibits a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities in its history, combined with the implementation of prepared statements for all SQL queries and proper output escaping, are significant strengths. Furthermore, the plugin demonstrates good practice by incorporating capability checks for its operations. However, a key concern arises from the complete lack of nonce checks. This could present a significant risk if any of the entry points, particularly the cron event, were to be exploited by an attacker to trigger actions without proper user authorization.

Key Concerns

  • No nonce checks found
Vulnerabilities
None known

Optimization Detective Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Optimization Detective Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
0
55 escaped
Nonce Checks
0
Capability Checks
6
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped55 total outputs
Attack Surface

Optimization Detective Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 19
actioninithooks.php:18
filtertemplate_includehooks.php:19
actionwphooks.php:22
actionwp_headhooks.php:23
filtersite_status_testshooks.php:24
actionadmin_inithooks.php:25
actionafter_plugin_row_metahooks.php:26
actionafter_plugin_row_metahooks.php:27
filterplugin_row_metahooks.php:28
actionrest_api_inithooks.php:29
filterrest_pre_dispatchhooks.php:30
actionod_trigger_page_cache_invalidationhooks.php:31
actioninitload.php:54
actionwp_print_footer_scriptsoptimization.php:87
filterod_template_output_bufferoptimization.php:107
actionadmin_noticessite-health.php:313
filteruser_has_capstorage\class-od-storage-lock.php:37
actioninitstorage\class-od-url-metrics-post-type.php:53
actionadmin_initstorage\class-od-url-metrics-post-type.php:54

Scheduled Events 1

od_trigger_page_cache_invalidation
Maintenance & Trust

Optimization Detective Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedFeb 27, 2026
PHP min version7.2
Downloads375K

Community Trust

Rating86/100
Number of ratings3
Active installs70K
Alternatives

Optimization Detective Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

A
99

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE
AMP

AMP

amp

A
100

An easier path to great Page Experience for everyone. Powered by AMP.

400K No CVEs
Performance Lab

Performance Lab

performance-lab

A
100

Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.

200K 1 CVE
Embed Optimizer

Embed Optimizer

embed-optimizer

A
100

Optimizes the performance of embeds through lazy-loading, adding dns-prefetch links, and reserving space to reduce layout shifts.

60K No CVEs
Image Prioritizer

Image Prioritizer

image-prioritizer

A
100

Prioritizes the loading of images and videos based on how they appear to actual visitors: adds fetchpriority, preloads, lazy-loads, and sets sizes.

50K No CVEs
Developer Profile

Optimization Detective Developer Profile

WordPress Performance Team

10 plugins · 700K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
336 days
View full developer profile
Detection Fingerprints

How We Detect Optimization Detective

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/optimization-detective/build/web-vitals.asset.php/wp-content/plugins/optimization-detective/class-od-data-validation-exception.php/wp-content/plugins/optimization-detective/class-od-element.php/wp-content/plugins/optimization-detective/class-od-html-tag-processor.php/wp-content/plugins/optimization-detective/class-od-link-collection.php/wp-content/plugins/optimization-detective/class-od-optimization-context.php/wp-content/plugins/optimization-detective/class-od-strict-url-metric.php/wp-content/plugins/optimization-detective/class-od-tag-visitor-context.php+17 more
Version Parameters
optimization-detective-version=1.0.0-beta5

HTML / DOM Fingerprints

HTML Comments
<!-- Optimization Detective -->
JS Globals
optimization_detective_pending_plugin
REST Endpoints
/wp-json/optimization-detective/v1/url-metrics
FAQ

Frequently Asked Questions about Optimization Detective