WP-Safety

RC Site Manager & Optimization Security & Risk Analysis

wordpress.org/plugins/rc-site-manager-optimization

Advanced WordPress dashboard: WooCommerce products & stats, SEO tools, WP Rocket cache control and media management in one place.

10 active installs v2.4.4 PHP 8.1+ WP 6.0+ Updated Mar 14, 2026
media-optimizationrank-mathseo-toolswoocommerce-managementwp-rocket
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is RC Site Manager & Optimization Safe to Use in 2026?

Generally Safe

Score 100/100

RC Site Manager & Optimization has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago
Risk Assessment

The "rc-site-manager-optimization" plugin version 2.4.4 exhibits significant security concerns primarily due to its substantial attack surface with unprotected entry points. While the plugin demonstrates good practices in areas like SQL query sanitization and output escaping, the sheer number of AJAX handlers without authentication checks presents a major risk. This means that any unauthenticated user could potentially interact with and trigger actions within these handlers, leading to unintended consequences or the exploitation of underlying vulnerabilities.

The static analysis revealed no critical taint flows or dangerous functions, which is a positive indicator. The low number of vulnerability history entries also suggests a generally stable codebase. However, the absence of nonce checks on the majority of its entry points, coupled with the significant number of file operations, raises concerns about potential cross-site request forgery (CSRF) attacks or arbitrary file manipulation if other vulnerabilities are present within these unprotected AJAX actions.

In conclusion, while the plugin has strengths in data handling (SQL and output escaping) and a clean vulnerability history, the unprotected AJAX handlers are a critical weakness that overshadows these positives. The lack of authentication and nonce checks on such a large number of entry points creates a broad attack surface that requires immediate attention to mitigate potential security risks.

Key Concerns

  • Large attack surface without auth checks
  • Missing nonce checks on AJAX handlers
Vulnerabilities
None known

RC Site Manager & Optimization Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

RC Site Manager & Optimization Code Analysis

Dangerous Functions
0
Raw SQL Queries
16
208 prepared
Unescaped Output
377
1381 escaped
Nonce Checks
8
Capability Checks
8
File Operations
20
External Requests
10
Bundled Libraries
0

SQL Query Safety

93% prepared224 total queries

Output Escaping

79% escaped1758 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<admin> (includes\admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
48 unprotected

RC Site Manager & Optimization Attack Surface

Entry Points48
Unprotected48

AJAX Handlers 48

authwp_ajax_rc_sm_agency_check_urlagency\check_url\check_url_function.php:5
authwp_ajax_rc_sm_agency_delete_urlagency\check_url\check_url_function.php:195
authwp_ajax_rc_sm_agency_url_historyagency\check_url\check_url_function.php:224
authwp_ajax_rc_sm_clear_page_cacheincludes\admin.php:340
authwp_ajax_rc_sm_clear_all_cacheincludes\admin.php:412
authwp_ajax_rc_sm_pagespeed_modalincludes\functions\pagespeed.php:130
authwp_ajax_rc_sm_fetch_helpincludes\functions\txt.php:6
noprivwp_ajax_rc_sm_fetch_helpincludes\functions\txt.php:7
authwp_ajax_rc_sm_fetch_contentincludes\functions.php:651
authwp_ajax_rc_sm_modal_seo_fetchincludes\functions.php:1153
authwp_ajax_rc_sm_modal_seo_saveincludes\functions.php:1253
authwp_ajax_rc_sm_mediamedia\media_function.php:5
authwp_ajax_rc_sm_media_status_switchmedia\media_function.php:412
authwp_ajax_rc_sm_pg_seo_postsplugins\seo\tab_posts_fn.php:4
authwp_ajax_rc_sm_pg_seo_taxonomiesplugins\seo\tab_taxonomies_fn.php:4
authwp_ajax_rc_sm_woocommerce_tab_aov_ajaxplugins\woocommerce\statistics_year\tab_aov_fn.php:147
authwp_ajax_rc_sm_woocommerce_tab_aov_get_states_by_countryplugins\woocommerce\statistics_year\tab_aov_fn.php:278
authwp_ajax_rc_sm_woocommerce_tab_customers_ajaxplugins\woocommerce\statistics_year\tab_customers_fn.php:148
authwp_ajax_rc_sm_woocommerce_tab_customers_get_states_by_countryplugins\woocommerce\statistics_year\tab_customers_fn.php:253
authwp_ajax_rc_sm_woocommerce_tab_orders_ajaxplugins\woocommerce\statistics_year\tab_orders_fn.php:135
authwp_ajax_rc_sm_woocommerce_tab_orders_get_states_by_countryplugins\woocommerce\statistics_year\tab_orders_fn.php:239
authwp_ajax_rc_sm_woocommerce_tab_revenue_ajaxplugins\woocommerce\statistics_year\tab_revenue_fn.php:115
authwp_ajax_rc_sm_woocommerce_tab_revenue_get_states_by_countryplugins\woocommerce\statistics_year\tab_revenue_fn.php:222
authwp_ajax_rc_sm_pg_woocommerceplugins\woocommerce\tab_customers_fn.php:4
authwp_ajax_rc_sm_pg_woocommerceplugins\woocommerce\tab_orders_fn.php:5
authwp_ajax_rc_sm_pg_woocommerce_productsplugins\woocommerce\tab_products_fn.php:5
authwp_ajax_rc_sm_pg_woocommerceplugins\woocommerce\tab_sales_fn.php:5
authwp_ajax_rc_sm_pg_wp_rocketplugins\wp_rocket\wp_rocket_function.php:4
authwp_ajax_rc_sm_pulisci_non_completedplugins\wp_rocket\wp_rocket_function.php:119
authwp_ajax_rc_sm_rigeneraplugins\wp_rocket\wp_rocket_function.php:199
authwp_ajax_rc_sm_cache_rule_saveplugins\wp_rocket\wp_rocket_function.php:259
authwp_ajax_rc_sm_cache_rule_deleteplugins\wp_rocket\wp_rocket_function.php:616
authwp_ajax_rc_sm_pg_wp_rocket_items_rulesplugins\wp_rocket\wp_rocket_function.php:671
authwp_ajax_rc_sm_custom_software_1_settings_savepremium\custom_software_1\custom_software_1_function.php:4
authwp_ajax_rc_sm_preload_fonts_savepremium\ultra_speed\ultra_speed_function.php:4
authwp_ajax_rc_sm_preload_images_savepremium\ultra_speed\ultra_speed_function.php:22
authwp_ajax_rc_sm_wp_rocket_settings_savepremium\ultra_speed\ultra_speed_function.php:40
authwp_ajax_rc_sm_general_settings_savepremium\ultra_speed\ultra_speed_function.php:58
authwp_ajax_rc_sm_wp_rocket_functions_savepremium\ultra_speed\ultra_speed_function.php:75
authwp_ajax_rc_sm_general_functions_savepremium\ultra_speed\ultra_speed_function.php:93
authwp_ajax_rc_sm_wp_rocket_functions_savepremium\ultra_speed\ultra_speed_function.php:111
authwp_ajax_rc_sm_general_functions_savepremium\ultra_speed\ultra_speed_function.php:129
authwp_ajax_rc_sm_user_permissions_savesettings\settings_function.php:4
authwp_ajax_rc_sm_user_permissions_resetsettings\settings_function.php:147
authwp_ajax_rc_sm_premium_verify_licencesettings\settings_function.php:183
authwp_ajax_rc_sm_top_urltop_url\top_url_function.php:41
authwp_ajax_rc_sm_delete_urltop_url\top_url_function.php:266
authwp_ajax_rc_sm_delete_logutility\tab_log_fn.php:10
WordPress Hooks 98
actionadmin_enqueue_scriptsagency\check_url\index.php:7
filtercron_schedulescrons\agency_check_url.php:14
filtercron_schedulescrons\media_trash.php:13
actionwpcrons\pagespeed.php:6
actionrc_sm_pagespeed_croncrons\pagespeed.php:21
actioninitcrons\wp_rocket_cache_rules.php:15
actionrc_sm_cache_rules_hourly_checkcrons\wp_rocket_cache_rules.php:30
filtercron_schedulescrons\wp_rocket_rucss_clean.php:14
actionadmin_enqueue_scriptsdashboard\index.php:15
actionwp_headincludes\admin.php:39
actionadmin_headincludes\admin.php:40
actionadmin_headincludes\admin.php:80
actionwp_headincludes\admin.php:86
actionadmin_bar_menuincludes\admin.php:93
actionadmin_footerincludes\admin.php:309
actionwp_footerincludes\admin.php:325
actionadmin_initincludes\database.php:4
actionadmin_initincludes\database.php:101
actionadmin_initincludes\database.php:151
actionadmin_initincludes\database_migration.php:16
actionwp_loginincludes\functions\premium.php:169
actionadmin_menuincludes\functions\premium.php:189
actionadmin_initincludes\functions\premium.php:214
filterupload_mimesincludes\functions\premium.php:255
filterwp_check_filetype_and_extincludes\functions\premium.php:261
actionadmin_footerincludes\functions\tracker.php:156
actioninitincludes\functions\wp_rocket_cache_rules.php:50
actionsave_postincludes\functions\wp_rocket_cache_rules.php:90
actionadd_meta_boxesincludes\functions\wp_rocket_cache_rules.php:144
actioninitincludes\functions\wp_rocket_cache_rules.php:258
actionplugins_loadedincludes\functions.php:5
actionadmin_initincludes\functions.php:198
actiontemplate_redirectincludes\functions.php:1427
actionplugins_loadedincludes\language.php:6
actioninitincludes\language.php:30
actioninitincludes\language.php:41
actionplugins_loadedincludes\plugin_versions.php:5
actionadmin_enqueue_scriptsmedia\index.php:7
actionadmin_enqueue_scriptsplugins\seo\index.php:18
actionadmin_enqueue_scriptsplugins\woocommerce\index.php:22
actionadmin_enqueue_scriptsplugins\woocommerce\statistics_year\index.php:16
actionadmin_enqueue_scriptsplugins\wp_rocket\index.php:17
actionadmin_enqueue_scriptspremium\custom_software_1\index.php:13
actionwppremium\index.php:4
actionadmin_initpremium\index.php:9
actioninitpremium\ultra_speed\admin\mobile_featured_image.php:17
actionadd_meta_boxespremium\ultra_speed\admin\mobile_featured_image.php:31
actionsave_postpremium\ultra_speed\admin\mobile_featured_image.php:108
filterrocket_rucss_inline_atts_exclusionspremium\ultra_speed\front_end\builders\divi\divi.php:13
filterrocket_rucss_inline_content_exclusionspremium\ultra_speed\front_end\builders\divi\divi.php:19
actiontemplate_redirectpremium\ultra_speed\front_end\builders\divi\divi.php:31
actionafter_setup_themepremium\ultra_speed\front_end\builders\divi\divi.php:73
actionwp_enqueue_scriptspremium\ultra_speed\front_end\builders\divi\divi.php:76
actiontemplate_redirectpremium\ultra_speed\front_end\builders\divi\divi.php:82
actiontemplate_redirectpremium\ultra_speed\front_end\builders\divi\divi.php:96
actiontemplate_redirectpremium\ultra_speed\front_end\builders\divi\divi.php:269
actiontemplate_redirectpremium\ultra_speed\front_end\builders\elementor\elementor.php:13
actiontemplate_redirectpremium\ultra_speed\front_end\builders\elementor\elementor.php:65
actiontemplate_redirectpremium\ultra_speed\front_end\builders\elementor\themes\thegem.php:15
actiontemplate_redirectpremium\ultra_speed\front_end\builders\elementor\themes\thegem.php:31
actiontemplate_redirectpremium\ultra_speed\front_end\builders\elementor\themes\thegem.php:65
actiontemplate_redirectpremium\ultra_speed\front_end\builders\elementor\themes\thegem.php:94
actiontemplate_redirectpremium\ultra_speed\front_end\ros\fonts.php:7
actionwp_headpremium\ultra_speed\front_end\ros\fonts.php:53
actionwp_headpremium\ultra_speed\front_end\ros\fonts.php:111
actiontemplate_redirectpremium\ultra_speed\front_end\ros\html.php:5
filterwp_img_tag_add_decoding_attrpremium\ultra_speed\front_end\ros\images.php:7
filterwp_get_attachment_image_attributespremium\ultra_speed\front_end\ros\images.php:9
actionwp_headpremium\ultra_speed\front_end\ros\images.php:16
actiontemplate_redirectpremium\ultra_speed\front_end\ros\images.php:102
filterbody_classpremium\ultra_speed\front_end\ros\index.php:15
actionwp_footerpremium\ultra_speed\front_end\ros\index.php:21
actionwp_headpremium\ultra_speed\front_end\ros\index.php:46
actiontemplate_redirectpremium\ultra_speed\front_end\ros\plugins\ninja_forms.php:13
actiontemplate_redirectpremium\ultra_speed\front_end\ros\plugins\trustindex.php:8
actiontemplate_redirectpremium\ultra_speed\front_end\ros\remove_html.php:10
actiontemplate_redirectpremium\ultra_speed\front_end\ros\selected_functions.php:6
actionwp_footerpremium\ultra_speed\front_end\ros\utility_functions.php:7
actionwp_enqueue_scriptspremium\ultra_speed\front_end\ros\wordpress.php:10
actionafter_setup_themepremium\ultra_speed\front_end\ros\wordpress.php:22
actionwp_enqueue_scriptspremium\ultra_speed\front_end\ros\wordpress.php:28
actionwp_headpremium\ultra_speed\front_end\ros\wp_rocket.php:16
filterrocket_htaccess_mod_expirespremium\ultra_speed\front_end\ros\wp_rocket.php:41
filterrocket_separate_mobile_cachepremium\ultra_speed\front_end\ros\wp_rocket.php:63
filterrocket_enable_rucss_fonts_preloadpremium\ultra_speed\front_end\ros\wp_rocket.php:66
filterrocket_enable_google_fonts_optimizationpremium\ultra_speed\front_end\ros\wp_rocket.php:67
filterrocket_override_donotcachepagepremium\ultra_speed\front_end\ros\wp_rocket.php:70
filterrocket_above_the_fold_optimizationpremium\ultra_speed\front_end\ros\wp_rocket.php:73
filterrocket_lrc_optimizationpremium\ultra_speed\front_end\ros\wp_rocket.php:76
actionadmin_enqueue_scriptspremium\ultra_speed\index.php:17
actionplugins_loadedrc-site-manager-optimization.php:89
actionadmin_menurc-site-manager-optimization.php:106
actionadmin_enqueue_scriptsrc-site-manager-optimization.php:272
actionadmin_enqueue_scriptssettings\index.php:15
actionadmin_enqueue_scriptssite_care\index.php:15
actionadmin_enqueue_scriptstop_url\index.php:7
actionadmin_enqueue_scriptsutility\index.php:17
actionadmin_initutility\tab_log_fn.php:43

Scheduled Events 3

rc_sm_pagespeed_cron
rc_sm_cache_rules_hourly_check
rc_sm_cache_rules_hourly_check
Maintenance & Trust

RC Site Manager & Optimization Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version8.1
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

RC Site Manager & Optimization Alternatives

Turn Rank Math FAQ Block to Accordion

Turn Rank Math FAQ Block to Accordion

turn-rank-math-faq-block-to-accordion

A
92

This plugin turns Rank Math FAQ blocks into accordion easily and make them accessibility ready.

5K No CVEs
Auto Focus Keyword for SEO

Auto Focus Keyword for SEO

auto-focus-keyword-for-seo

A
100

This plugin will assign Focus Keywords to all your pages (on the backend) based on post titles, for websites using Yoast SEO and Rank Math.

2K No CVEs
Bulk NoIndex & NoFollow Toolkit

Bulk NoIndex & NoFollow Toolkit

bulk-noindex-nofollow-toolkit-by-mad-fish

A
97

Bulk set the noindex / nofollow robots tag for posts, pages, categories, and author URLs. Easily identify thin content and noindex it fast.

2K 5 CVEs
TextBulker (IA Redaction)

TextBulker (IA Redaction)

textbulker

A
100

Official plugin for TextBulker.com – inject SEO metadata via REST API when publishing AI-generated content.

2K No CVEs
Do Shortcodes for Rank Math SEO

Do Shortcodes for Rank Math SEO

do-shortcodes-for-rank-math-seo

A
100

Display shortcodes in the title, description, Facebook and Twitter fields, and other locations for Rank Math SEO.

1K No CVEs
Developer Profile

RC Site Manager & Optimization Developer Profile

Rocket Comunicazione

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect RC Site Manager & Optimization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rc-site-manager-optimization/includes/js/rc-sm-admin.js/wp-content/plugins/rc-site-manager-optimization/includes/js/rc-sm-public.js/wp-content/plugins/rc-site-manager-optimization/assets/css/rc-sm-style.css
Script Paths
/wp-content/plugins/rc-site-manager-optimization/includes/js/rc-sm-admin.js/wp-content/plugins/rc-site-manager-optimization/includes/js/rc-sm-public.js
Version Parameters
rc-site-manager-optimization/includes/js/rc-sm-admin.js?ver=rc-site-manager-optimization/includes/js/rc-sm-public.js?ver=rc-site-manager-optimization/assets/css/rc-sm-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
rc_sm_dashboard
JS Globals
RC_SM_PLUGIN_VERSIONRC_SM_SITE_URLRC_SM_PAGINATION_ORDER_OFFSETRC_SM_TABLE_CONTROLRC_SM_TABLE_SETTINGSRC_SM_TABLE_PREMIUM_ULTRA_SPEED+16 more
FAQ

Frequently Asked Questions about RC Site Manager & Optimization