Does Plugin Optimizer – Speed Up Your WordPress Like Never Before have any unpatched vulnerabilities?

Yes — Plugin Optimizer – Speed Up Your WordPress Like Never Before currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Plugin Optimizer – Speed Up Your WordPress Like Never Before compatible with WordPress 6.1.10?

According to WordPress.org data, Plugin Optimizer – Speed Up Your WordPress Like Never Before 1.3.7 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Plugin Optimizer – Speed Up Your WordPress Like Never Before compatible with PHP 7.0+?

Plugin Optimizer – Speed Up Your WordPress Like Never Before requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Plugin Optimizer – Speed Up Your WordPress Like Never Before Security & Risk Analysis

wordpress.org/plugins/plugin-optimizer

The Most Powerful Performance Plugin for WordPress is now available for FREE.

80 active installs v1.3.7 PHP 7.0+ WP 5.0+ Updated Feb 24, 2023

optimizationpage-speedplugin-optimizersave-timespeed-up

C · Use Caution

CVEs total1

Unpatched1

Last CVEDec 25, 2025

Plugin page Download

Safety Verdict

Is Plugin Optimizer – Speed Up Your WordPress Like Never Before Safe to Use in 2026?

Use With Caution

Score 63/100

Plugin Optimizer – Speed Up Your WordPress Like Never Before has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 25, 2025Updated 3yr ago

Risk Assessment

The plugin-optimizer v1.3.7 exhibits significant security concerns, primarily stemming from its lack of proper authorization checks on a large number of its entry points. With 15 AJAX handlers, all of which lack authentication, attackers could potentially trigger arbitrary actions within the plugin, leading to unauthorized modifications or data breaches. The presence of the `unserialize` function is also a red flag, as it can be a vector for remote code execution if used with untrusted user input. Although the static analysis did not reveal critical or high severity taint flows, the 3 flows with unsanitized paths, coupled with a concerning 18% rate of properly escaped output, suggest that data manipulation and potential cross-site scripting (XSS) vulnerabilities could exist.

The plugin's vulnerability history, including a known medium severity CVE that remains unpatched, further exacerbates the risk. The consistent pattern of "Missing Authorization" in past vulnerabilities indicates a fundamental flaw in how the plugin handles user permissions. While the plugin has a moderate number of SQL queries and a small number of file operations and external HTTP requests, these are overshadowed by the critical issues related to authorization and input sanitization. The presence of a nonce check and some capability checks are positive but insufficient given the vast attack surface exposed without proper authentication.

In conclusion, plugin-optimizer v1.3.7 presents a high-risk profile. The overwhelming number of unprotected AJAX handlers, combined with the insecure use of `unserialize` and a history of authorization-related vulnerabilities, makes it a prime target for attackers. Users should exercise extreme caution and prioritize updating to a version that addresses these significant security weaknesses.

Key Concerns

Unprotected AJAX handlers
Use of unserialize function
Unpatched CVE
Flows with unsanitized paths
Low rate of output escaping
Missing authorization on entry points
SQL queries not using prepared statements

Vulnerabilities

Plugin Optimizer – Speed Up Your WordPress Like Never Before Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68861medium · 4.3Missing Authorization

Plugin Optimizer <= 1.3.7 - Missing Authorization

Dec 25, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Plugin Optimizer – Speed Up Your WordPress Like Never Before Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$endpoints = unserialize($filter->endpoints);includes\class-po-mu.php:380

unserialize$endpoints = unserialize($filter->endpoints);includes\class-po-mu.php:492

unserialize$filter->plugins_to_block = unserialize($filter->plugins_to_block);includes\class-po-mu.php:562

SQL Query Safety

20% prepared20 total queries

Output Escaping

18% escaped120 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

po_save_original_menu (admin\class-po-admin-ajax.php:364)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

Plugin Optimizer – Speed Up Your WordPress Like Never Before Attack Surface

Entry Points15

Unprotected15

AJAX Handlers 15

authwp_ajax_po_save_filteradmin\class-po-admin-ajax.php:30

authwp_ajax_po_save_groupadmin\class-po-admin-ajax.php:31

authwp_ajax_po_save_categoryadmin\class-po-admin-ajax.php:32

authwp_ajax_po_create_categoryadmin\class-po-admin-ajax.php:33

authwp_ajax_po_delete_elementsadmin\class-po-admin-ajax.php:34

authwp_ajax_po_publish_elementsadmin\class-po-admin-ajax.php:35

authwp_ajax_po_turn_filter_onadmin\class-po-admin-ajax.php:36

authwp_ajax_po_turn_filter_offadmin\class-po-admin-ajax.php:37

authwp_ajax_po_mark_tab_completeadmin\class-po-admin-ajax.php:38

authwp_ajax_po_turn_off_filteradmin\class-po-admin-ajax.php:39

authwp_ajax_po_save_original_menuadmin\class-po-admin-ajax.php:40

authwp_ajax_po_get_post_typesadmin\class-po-admin-ajax.php:41

authwp_ajax_po_save_columns_stateadmin\class-po-admin-ajax.php:42

authwp_ajax_po_duplicate_filteradmin\class-po-admin-ajax.php:43

authwp_ajax_po_update_databaseadmin\class-po-admin-ajax.php:44

WordPress Hooks 37

actionadmin_menuadmin\class-po-admin-pages.php:14

filteradmin_body_classadmin\class-po-admin.php:47

actionadmin_enqueue_scriptsadmin\class-po-admin.php:49

actionadmin_enqueue_scriptsadmin\class-po-admin.php:50

actioninitadmin\class-po-admin.php:52

actioninitadmin\class-po-admin.php:53

actionin_admin_headeradmin\class-po-admin.php:55

actionsave_post_pageadmin\class-po-admin.php:57

actionsave_post_postadmin\class-po-admin.php:58

actionadmin_bar_menuadmin\class-po-admin.php:59

actionupgrader_process_completeadmin\class-po-admin.php:61

filterplugin_action_linksadmin\class-po-admin.php:63

actionwp_before_admin_bar_renderadmin\class-po-admin.php:65

actioninitadmin\class-po-admin.php:66

actionwp_loadedadmin\class-po-admin.php:67

filterdisplay_post_statesadmin\class-po-admin.php:900

actionplugins_loadedincludes\class-po-i18n.php:17

filteroption_active_pluginsincludes\class-po-mu.php:179

actionplugins_loadedincludes\class-po-mu.php:182

actionshutdownincludes\class-po-mu.php:185

filteroption_active_pluginsincludes\class-po-mu.php:216

filtercomments_openincludes\class-po-woocommerce.php:21

actioncomment_moderation_recipientsincludes\class-po-woocommerce.php:22

filtercomments_clausesincludes\class-po-woocommerce.php:25

filtercomment_feed_whereincludes\class-po-woocommerce.php:26

filtercomments_clausesincludes\class-po-woocommerce.php:29

filtercomment_feed_whereincludes\class-po-woocommerce.php:30

filterwp_count_commentsincludes\class-po-woocommerce.php:33

actionwp_insert_commentincludes\class-po-woocommerce.php:36

actionwp_set_comment_statusincludes\class-po-woocommerce.php:37

filterget_avatar_comment_typesincludes\class-po-woocommerce.php:40

actionpreprocess_commentincludes\class-po-woocommerce.php:43

actionplugins_loadedplugin-optimizer.php:108

actionadmin_menuplugin-optimizer.php:163

filtercustom_menu_orderplugin-optimizer.php:204

filtermenu_orderplugin-optimizer.php:205

actionadmin_noticesplugin-optimizer.php:223

Maintenance & Trust

Plugin Optimizer – Speed Up Your WordPress Like Never Before Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedFeb 24, 2023

PHP min version7.0

Downloads6K

Community Trust

Rating80/100

Number of ratings4

Active installs80

Alternatives

Plugin Optimizer – Speed Up Your WordPress Like Never Before Alternatives

PhastPress

phastpress

PhastPress automatically optimizes your site for the best possible performance.

10K 2 CVEs

GTmetrix for WordPress

gtmetrix-for-wordpress

GTmetrix can help you develop a faster, more efficient, and all-around improved website experience for your users. Your users will love you for it.

9K 3 CVEs

Speedup Optimization

speedup-optimization

Boost your website speed by 10x with powerful caching and image optimization! Reduce load times, optimize images, improve Core Web Vitals, and enhance …

100 1 unpatched

Amigo Performance

amigo-performance

100

Amigo Performance delivers professional-grade optimization controls for WordPress sites that need consistent Core Web Vitals improvements without addi …

10 No CVEs

Easy & Fast Optimization

easy-fast-optimization

Start optimization your website without the need for setup and code information. You can run this plugin with one click.

10 No CVEs

Developer Profile

Plugin Optimizer – Speed Up Your WordPress Like Never Before Developer Profile

pluginoptimizer

1 plugin · 80 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Optimizer – Speed Up Your WordPress Like Never Before

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/plugin-optimizer/plugin-optimizer.php/wp-content/plugins/plugin-optimizer-agent/plugin-optimizer-agent.php/wp-content/plugins/plugin-optimizer-premium/plugin-optimizer-premium.php

HTML / DOM Fingerprints

FAQ