WP-Safety

Optimal State – Complete Optimization & Performance Suite Security & Risk Analysis

wordpress.org/plugins/optistate

All-in-one WordPress performance suite: database optimization, automated backups, page caching, and cleanup. Replace 4+ plugins and save money.

10 active installs v1.3.0 PHP 7.4+ WP 5.5+ Updated Mar 15, 2026
backupcachedatabase-cleanupoptimizationperformance
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Optimal State – Complete Optimization & Performance Suite Safe to Use in 2026?

Generally Safe

Score 100/100

Optimal State – Complete Optimization & Performance Suite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "optistate" v1.3.0 plugin exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared statements for SQL queries and a significant number of nonce and capability checks, several areas raise concerns. The plugin exposes a substantial attack surface through 44 AJAX handlers, with a concerning 18 of these lacking authentication checks, making them potential entry points for unauthorized actions. Furthermore, the taint analysis revealed 11 high-severity flows with unsanitized paths, indicating a risk of data being processed or executed without proper validation, which could lead to vulnerabilities like Cross-Site Scripting (XSS) or even Remote Code Execution (RCE) if user-controlled data is involved in dangerous functions like `shell_exec` or `unserialize`.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator, but it does not negate the risks identified in the static and taint analyses. The absence of past vulnerabilities could be due to the plugin's limited exposure, infrequent updates, or simply good fortune. However, the presence of dangerous functions and unsanitized data flows necessitates vigilance. The significant number of file operations and external HTTP requests, coupled with only 52% of output being properly escaped, further amplifies the potential for security weaknesses.

In conclusion, while "optistate" v1.3.0 has some commendable security implementations, the high number of unprotected AJAX endpoints, critical taint flows, and the presence of dangerous functions create a notable risk. The lack of historical vulnerabilities is a positive point, but the identified code-level risks, particularly the unsanitized paths in high-severity taint flows, require immediate attention to prevent potential exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Dangerous functions detected (shell_exec, exec, unserialize)
  • Low percentage of properly escaped output
Vulnerabilities
None known

Optimal State – Complete Optimization & Performance Suite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Optimal State – Complete Optimization & Performance Suite Release Timeline

v1.3.0Current
v1.2.2
v1.2.1
v1.2.0
v1.1.9
Code Analysis
Analyzed Mar 17, 2026

Optimal State – Complete Optimization & Performance Suite Code Analysis

Dangerous Functions
8
Raw SQL Queries
108
402 prepared
Unescaped Output
262
280 escaped
Nonce Checks
53
Capability Checks
11
File Operations
48
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

shell_exec<?php if (!defined('ABSPATH')) { exit; } class OPTISTATE_Backup_Utilities { private const DISK_SAFETincludes\class-optistate-backup-utilities.php:1
shell_exec<?php if (!defined('ABSPATH')) { exit; } class OPTISTATE_Backup_Utilities { private const DISK_SAFETincludes\class-optistate-backup-utilities.php:1
exec<?php if (!defined('ABSPATH')) { exit; } class OPTISTATE_Backup_Utilities { private const DISK_SAFETincludes\class-optistate-backup-utilities.php:1
exec<?php if (!defined("ABSPATH")) { exit(); } class OPTISTATE_Restore_Engine { private $main_plugin; princludes\class-optistate-restore-engine.php:1
exec<?php if (!defined("ABSPATH")) { exit(); } class OPTISTATE_Restore_Engine { private $main_plugin; princludes\class-optistate-restore-engine.php:1
exec<?php if (!defined("ABSPATH")) { exit(); } class OPTISTATE_Restore_Engine { private $main_plugin; princludes\class-optistate-restore-engine.php:1
unserialize<?php if (!defined('ABSPATH')) { exit; } class OPTISTATE_Search_Replace { const REGEX_BOUNDARY_FMT =includes\class-optistate-search-replace.php:1
unserialize<?php if (!defined('ABSPATH')) { exit; } class OPTISTATE_Search_Replace { const REGEX_BOUNDARY_FMT =includes\class-optistate-search-replace.php:1

SQL Query Safety

79% prepared510 total queries

Output Escaping

52% escaped542 total outputs
Data Flows · Security
13 unsanitized

Data Flow Analysis

25 flows13 with unsanitized paths
maybe_serve_from_cache (includes\class-optistate-server-caching.php:1)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

Optimal State – Complete Optimization & Performance Suite Attack Surface

Entry Points44
Unprotected18

AJAX Handlers 44

authwp_ajax_optistate_optimize_autoloadincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_initiate_analyze_repairincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_run_analyze_repair_chunkincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_analyze_indexesincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_manage_indexincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_check_index_statusincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_scan_integrityincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_fix_integrityincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_get_table_analysisincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_optimize_tablesincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_delete_tableincludes\class-optistate-advanced-tools.php:1
authwp_ajax_optistate_create_backupincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_check_backup_statusincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_delete_backupincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_restore_backupincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_upload_restore_fileincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_restore_from_fileincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_check_decompression_statusincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_get_restore_statusincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_check_manual_backup_on_loadincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_check_restore_statusincludes\class-optistate-backup-manager.php:1
authwp_ajax_optistate_clean_itemincludes\class-optistate-cleanup-functions.php:1
authwp_ajax_optistate_one_click_optimizeincludes\class-optistate-cleanup-functions.php:1
authwp_ajax_optistate_scan_legacy_dataincludes\class-optistate-legacy-scanner.php:1
authwp_ajax_optistate_delete_legacy_dataincludes\class-optistate-legacy-scanner.php:1
authwp_ajax_optistate_async_preload_workerincludes\class-optistate-server-caching.php:1
noprivwp_ajax_optistate_async_preload_workerincludes\class-optistate-server-caching.php:1
authwp_ajax_optistate_purge_page_cacheincludes\class-optistate.php:1
authwp_ajax_optistate_get_cache_statsincludes\class-optistate.php:1
authwp_ajax_optistate_start_preloadincludes\class-optistate.php:1
authwp_ajax_optistate_process_preload_batchincludes\class-optistate.php:1
authwp_ajax_optistate_stop_preloadincludes\class-optistate.php:1
authwp_ajax_optistate_get_preload_statusincludes\class-optistate.php:1
authwp_ajax_optistate_get_table_analysisincludes\class-optistate.php:1
authwp_ajax_optistate_save_login_protectionincludes\class-optistate.php:1
authwp_ajax_optistate_unblock_userincludes\class-optistate.php:1
authwp_ajax_optistate_check_restore_statusincludes\class-optistate.php:1
authwp_ajax_optistate_run_pagespeed_auditincludes\class-optistate.php:1
authwp_ajax_optistate_save_pagespeed_settingsincludes\class-optistate.php:1
authwp_ajax_optistate_check_pagespeed_statusincludes\class-optistate.php:1
authwp_ajax_optistate_get_health_scoreincludes\class-optistate.php:1
authwp_ajax_optistate_search_replace_dry_runincludes\class-optistate.php:1
authwp_ajax_optistate_search_replace_executeincludes\class-optistate.php:1
authwp_ajax_optistate_reset_bot_blockerincludes\class-optistate.php:1
WordPress Hooks 77
actionadmin_menuincludes\class-optistate-admin-interface.php:1
actionoptistate_run_index_chunkincludes\class-optistate-advanced-tools.php:1
actionadmin_noticesincludes\class-optistate-backup-manager.php:1
actionoptistate_run_manual_backup_chunkincludes\class-optistate-backup-manager.php:1
actionoptistate_run_decompression_chunkincludes\class-optistate-backup-manager.php:1
actionoptistate_daily_cleanupincludes\class-optistate-backup-manager.php:1
actioninitincludes\class-optistate-backup-manager.php:1
actioninitincludes\class-optistate-backup-manager.php:1
actioninitincludes\class-optistate-backup-manager.php:1
actionoptistate_run_rollback_cronincludes\class-optistate-backup-manager.php:1
actionoptistate_run_safety_backup_chunkincludes\class-optistate-backup-manager.php:1
actionoptistate_run_restore_initincludes\class-optistate-backup-manager.php:1
actionoptistate_run_restore_chunkincludes\class-optistate-backup-manager.php:1
actionadmin_noticesincludes\class-optistate-backup-manager.php:1
actionoptistate_run_silent_backup_chunkincludes\class-optistate-backup-manager.php:1
actiontemplate_redirectincludes\class-optistate-backup-manager.php:1
actionlogin_initincludes\class-optistate-login-protection.php:1
filterauthenticateincludes\class-optistate-login-protection.php:1
actionwp_login_failedincludes\class-optistate-login-protection.php:1
actionwp_loginincludes\class-optistate-login-protection.php:1
actiontransition_post_statusincludes\class-optistate-server-caching.php:1
actionpost_updatedincludes\class-optistate-server-caching.php:1
actiontransition_comment_statusincludes\class-optistate-server-caching.php:1
actionedited_termincludes\class-optistate-server-caching.php:1
actionwp_update_nav_menuincludes\class-optistate-server-caching.php:1
actionupdated_optionincludes\class-optistate-server-caching.php:1
actioncustomize_save_afterincludes\class-optistate-server-caching.php:1
actionoptistate_background_preload_batchincludes\class-optistate-server-caching.php:1
actioninitincludes\class-optistate-server-caching.php:1
actioninitincludes\class-optistate-server-caching.php:1
filterthe_generatorincludes\class-optistate-utils.php:1
filteremoji_svg_urlincludes\class-optistate-utils.php:1
filtertiny_mce_pluginsincludes\class-optistate-utils.php:1
filterxmlrpc_enabledincludes\class-optistate-utils.php:1
filterxmlrpc_methodsincludes\class-optistate-utils.php:1
actionpre_pingincludes\class-optistate-utils.php:1
filterheartbeat_settingsincludes\class-optistate-utils.php:1
actionadmin_enqueue_scriptsincludes\class-optistate-utils.php:1
actionwp_enqueue_scriptsincludes\class-optistate-utils.php:1
actionwp_enqueue_scriptsincludes\class-optistate-utils.php:1
actionadmin_enqueue_scriptsincludes\class-optistate-utils.php:1
actionoptistate_async_backup_completeincludes\class-optistate.php:1
actionoptistate_scheduled_cleanupincludes\class-optistate.php:1
actionoptistate_run_pagespeed_workerincludes\class-optistate.php:1
actionoptistate_daily_cleanupincludes\class-optistate.php:1
actioninitincludes\class-optistate.php:1
actioninitincludes\class-optistate.php:1
actioninitincludes\class-optistate.php:1
actiondeleted_userincludes\class-optistate.php:1
actionadmin_enqueue_scriptsincludes\class-optistate.php:1
actionadmin_noticesincludes\class-optistate.php:1
actionadmin_noticesincludes\class-optistate.php:1
actionadmin_noticesincludes\class-optistate.php:1
filterwp_mail_content_typeincludes\class-optistate.php:1
filterwp_mail_messageincludes\class-optistate.php:1
actionmuplugins_loadedincludes\class-optistate.php:1
filterposts_pre_queryincludes\class-optistate.php:1
filterposts_resultsincludes\class-optistate.php:1
actionsave_postincludes\class-optistate.php:1
actiondeleted_postincludes\class-optistate.php:1
actionwp_trash_postincludes\class-optistate.php:1
actionswitch_themeincludes\class-optistate.php:1
actionedited_termincludes\class-optistate.php:1
actiondelete_termincludes\class-optistate.php:1
actioncreate_termincludes\class-optistate.php:1
actioncomment_postincludes\class-optistate.php:1
actionwp_set_comment_statusincludes\class-optistate.php:1
actionwp_enqueue_scriptsincludes\class-optistate.php:1
actionwp_print_stylesincludes\class-optistate.php:1
actionadmin_enqueue_scriptsincludes\class-optistate.php:1
actionadmin_print_stylesincludes\class-optistate.php:1
filterwp_resource_hintsincludes\class-optistate.php:1
filterstyle_loader_tagincludes\class-optistate.php:1
filterwp_lazy_loading_enabledincludes\class-optistate.php:1
filterwp_content_img_tagincludes\class-optistate.php:1
actioninitoptistate.php:22
actioninitoptistate.php:23

Scheduled Events 23

optistate_run_index_chunk
optistate_run_silent_backup_chunk
optistate_run_manual_backup_chunk
optistate_run_decompression_chunk
optistate_run_safety_backup_chunk
optistate_run_restore_init
optistate_run_safety_backup_chunk
optistate_run_restore_init
optistate_run_restore_chunk
optistate_run_restore_chunk
optistate_run_restore_chunk
optistate_run_decompression_chunk
optistate_run_decompression_chunk
optistate_daily_cleanup
optistate_run_rollback_cron
optistate_run_pagespeed_worker
optistate_run_safety_backup_chunk
optistate_background_preload_batch
optistate_background_preload_batch
optistate_background_preload_batch
optistate_background_preload_batch
optistate_background_preload_batch
optistate_scheduled_cleanup
Maintenance & Trust

Optimal State – Complete Optimization & Performance Suite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

Optimal State – Complete Optimization & Performance Suite Alternatives

LWS Optimize – All-in-One Speed Booster & Cache Tools

LWS Optimize – All-in-One Speed Booster & Cache Tools

lws-optimize

A
99

All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!

10K 2 CVEs
WP Compress – Instant Performance & Speed Optimization

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

B
82

Everything you need for a faster website – smart optimization, advanced caching, adaptive images, WebP creation, script improvements, optional CDN del &hellip;

10K 13 CVEs
Core Web Vitals & PageSpeed Booster

Core Web Vitals & PageSpeed Booster

core-web-vitals-pagespeed-booster

B
76

Core Web Vitals (CWV) is the new ranking factor

1K 1 unpatched
GoCache

GoCache

gocache-cdn

B
70

Acelere seu site e reduza seus custos com cloud.

1K 1 unpatched
Servebolt Optimizer

Servebolt Optimizer

servebolt-optimizer

A
100

This plugin implements Servebolt's WordPress best practices, and connects your site to the Servebolt Admin Panel.

1K No CVEs
Developer Profile

Optimal State – Complete Optimization & Performance Suite Developer Profile

Luke Garrison

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Optimal State – Complete Optimization & Performance Suite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Optimal State – Complete Optimization & Performance Suite