Plugin Disabler Security & Risk Analysis
wordpress.org/plugins/plugin-disablerPlugin Disabler is a plugin that will help to optimize the website by removing unused plugins on selected pages
Is Plugin Disabler Safe to Use in 2026?
Generally Safe
Score 85/100Plugin Disabler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "plugin-disabler" v1.0 plugin exhibits a mixed security posture. On the positive side, it shows no known CVEs, no dangerous functions used, and all SQL queries are properly prepared. The absence of critical or high severity taint flows and the presence of some nonce checks are also good indicators. However, there are significant concerns primarily revolving around its attack surface and output handling.
The plugin has a single entry point identified as an AJAX handler which lacks authentication checks. This is a critical vulnerability as it exposes a potentially sensitive function to unauthenticated users. Furthermore, the plugin has a very low percentage of properly escaped outputs, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX endpoint. The file operations, while not inherently problematic, should be scrutinized in conjunction with the unprotected entry point.
While the plugin has no recorded vulnerability history, this can be a double-edged sword. It might indicate a well-developed and secure plugin, or it could simply mean it hasn't been thoroughly analyzed or targeted yet. Given the identified security weaknesses in the code analysis, the lack of historical vulnerabilities should not lead to complacency. The plugin's strengths lie in its SQL handling and lack of known exploits, but the unprotected AJAX handler and poor output escaping represent substantial risks that need immediate attention.
Key Concerns
- AJAX handler without auth checks
- Low percentage of properly escaped output
Plugin Disabler Security Vulnerabilities
Plugin Disabler Code Analysis
Output Escaping
Data Flow Analysis
Plugin Disabler Attack Surface
AJAX Handlers 1
WordPress Hooks 6
Maintenance & Trust
Plugin Disabler Maintenance & Trust
Maintenance Signals
Community Trust
Plugin Disabler Alternatives
WP Optimize It
wp-optimize-it
This is a very simple plugin that will allow you to choose which plugin is going to be loaded on specific pages, templates, homepage and etc.,.
Image Optimizer – Optimize Images and Convert to WebP or AVIF
image-optimization
Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF
imagify
Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN
wp-smushit
Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.
Converter for Media – Optimize images | Convert WebP & AVIF
webp-converter-for-media
Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!
Plugin Disabler Developer Profile
3 plugins · 230 total installs
How We Detect Plugin Disabler
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/plugin-disabler/assets/css/style.cssHTML / DOM Fingerprints
wpeh-pi-settingsonoffswitchonoffswitch-checkboxonoffswitch-labelonoffswitch-inneronoffswitch-switchpi-settings-buttonmu-snippetname="hp_deactivate_plugins[]"name="op_deactivate_plugins[]"