Does SbS Settings have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SbS Settings compatible with WordPress 6.9.4?

According to WordPress.org data, SbS Settings 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SbS Settings compatible with PHP 7.4+?

SbS Settings requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SbS Settings updated?

SbS Settings was last updated on Apr 2, 2026. Frequent updates are generally a positive security signal.

What is SbS Settings's security score?

SbS Settings has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SbS Settings Security & Risk Analysis

wordpress.org/plugins/sbs-settings

All-in-one WordPress & WooCommerce optimization. Modern AJAX toggle UI, completely free.

10 active installs v1.0.2 PHP 7.4+ WP 5.5+ Updated Apr 2, 2026

cleanupoptimizationperformancesecuritywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SbS Settings Safe to Use in 2026?

Generally Safe

Score 100/100

SbS Settings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "sbs-settings" v1.0.2 plugin exhibits a concerning security posture primarily due to its extensive unprotected AJAX endpoints. While the code displays strong adherence to secure coding practices like prepared SQL statements and output escaping, the lack of authentication on all 10 identified AJAX handlers presents a significant attack surface. The taint analysis indicates one flow with unsanitized paths, though it's not classified as critical or high severity, which warrants attention. The plugin's clean vulnerability history is a positive sign, suggesting diligent development and maintenance. However, the absence of any recorded vulnerabilities could also mean it hasn't been extensively tested or targeted. The core weakness lies in the fundamental security principle of access control for AJAX operations, which if exploited, could lead to unauthorized actions or data manipulation. The plugin has strengths in its internal code hygiene but a critical flaw in its external interface security.

Key Concerns

AJAX handlers without auth checks
Flow with unsanitized paths (taint analysis)

Vulnerabilities

None known

SbS Settings Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SbS Settings Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

SbS Settings Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped118 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<sbs-settings> (sbs-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

SbS Settings Attack Surface

Entry Points10

Unprotected10

AJAX Handlers 10

authwp_ajax_sbsset_save_optionincludes/admin/ajax.php:109

authwp_ajax_sbsset_toggle_array_itemincludes/admin/ajax.php:128

authwp_ajax_sbsset_save_numericincludes/admin/ajax.php:162

authwp_ajax_sbsset_save_textareaincludes/admin/ajax.php:186

authwp_ajax_sbsset_get_image_sizesincludes/admin/ajax.php:204

authwp_ajax_sbsset_dismiss_noticeincludes/admin/ajax.php:229

authwp_ajax_sbsset_get_dashboard_widgetsincludes/admin/ajax.php:251

authwp_ajax_sbsset_save_logoincludes/admin/ajax.php:276

authwp_ajax_sbsset_export_settingsincludes/admin/ajax.php:292

authwp_ajax_sbsset_import_settingsincludes/admin/ajax.php:321

WordPress Hooks 114

actionadmin_menuincludes/admin/page.php:4

actioninitincludes/functions.php:69

filterwp_insert_post_dataincludes/functions.php:74

filtercomments_openincludes/functions.php:83

filterpings_openincludes/functions.php:88

actionupdated_optionincludes/functions.php:95

actionplugins_loadedincludes/functions.php:117

filterwoocommerce_admin_disabledincludes/functions.php:124

filterwoocommerce_admin_featuresincludes/functions.php:127

actionadmin_enqueue_scriptsincludes/functions.php:128

actionadmin_enqueue_scriptsincludes/functions.php:132

filterwoocommerce_admin_get_feature_configincludes/functions.php:142

actionadmin_enqueue_scriptsincludes/functions.php:154

filterwoocommerce_marketing_menu_itemsincludes/functions.php:163

filterwoocommerce_admin_featuresincludes/functions.php:164

filterwoocommerce_helper_suppress_admin_noticesincludes/functions.php:173

filterwoocommerce_allow_marketplace_suggestionsincludes/functions.php:178

actionadmin_menuincludes/functions.php:183

actionadmin_enqueue_scriptsincludes/functions.php:198

actionwoocommerce_email_footerincludes/functions.php:211

filterwoocommerce_email_footer_textincludes/functions.php:212

actionadmin_enqueue_scriptsincludes/functions.php:221

actionwp_enqueue_scriptsincludes/functions.php:235

actionwp_enqueue_scriptsincludes/functions.php:246

actionwp_enqueue_scriptsincludes/functions.php:253

actionwp_enqueue_scriptsincludes/functions.php:270

actionadmin_headincludes/functions.php:286

actionadmin_initincludes/functions.php:295

actionwp_dashboard_setupincludes/functions.php:301

actionwp_dashboard_setupincludes/functions.php:323

actionwp_dashboard_setupincludes/functions.php:337

actionwp_before_admin_bar_renderincludes/functions.php:370

actionadmin_enqueue_scriptsincludes/functions.php:378

filteradmin_footer_textincludes/functions.php:387

filterupdate_footerincludes/functions.php:388

actionadmin_print_scriptsincludes/functions.php:395

actionadmin_noticesincludes/functions.php:435

actionadmin_enqueue_scriptsincludes/functions.php:443

actionadmin_initincludes/functions.php:465

actionpost_submitbox_misc_actionsincludes/functions.php:480

actionadmin_action_sbsset_duplicateincludes/functions.php:493

actionlogin_enqueue_scriptsincludes/functions.php:543

actionlogin_enqueue_scriptsincludes/functions.php:571

filterlogin_headerurlincludes/functions.php:578

filterlogin_headertextincludes/functions.php:583

filterlogin_display_language_dropdownincludes/functions.php:590

actionwp_print_scriptsincludes/functions.php:600

filtershow_recent_comments_widget_styleincludes/functions.php:617

actiontemplate_redirectincludes/functions.php:618

actionwp_print_stylesincludes/functions.php:632

filterwp_resource_hintsincludes/functions.php:642

actionwp_default_scriptsincludes/functions.php:654

actionwidgets_initincludes/functions.php:665

filterthe_generatorincludes/functions.php:696

filtertiny_mce_pluginsincludes/functions.php:708

actionwp_enqueue_scriptsincludes/functions.php:713

filterthe_generatorincludes/functions.php:738

filterscript_loader_srcincludes/functions.php:768

filterstyle_loader_srcincludes/functions.php:769

filterauto_update_themeincludes/functions.php:779

filterauto_update_pluginincludes/functions.php:784

filterpre_site_transient_update_coreincludes/functions.php:789

filterauto_update_coreincludes/functions.php:790

filterwp_revisions_to_keepincludes/functions.php:800

filterwp_is_application_passwords_availableincludes/functions.php:805

filterxmlrpc_enabledincludes/functions.php:810

actioninitincludes/functions.php:815

filterrest_authentication_errorsincludes/functions.php:822

filteruse_block_editor_for_post_typeincludes/functions.php:838

actionwp_enqueue_scriptsincludes/functions.php:839

filtergutenberg_use_widgets_block_editorincludes/functions.php:846

filteruse_widgets_block_editorincludes/functions.php:847

actionafter_setup_themeincludes/functions.php:848

actionenqueue_block_editor_assetsincludes/functions.php:855

filterblock_editor_settings_allincludes/functions.php:869

actioninitincludes/functions.php:877

actionenqueue_block_editor_assetsincludes/functions.php:884

actioninitincludes/functions.php:897

filterjetpack_connection_banner_enableincludes/functions.php:909

filterwoocommerce_show_admin_noticeincludes/functions.php:910

filterjetpack_just_in_time_msgsincludes/functions.php:918

filterjetpack_show_promotionsincludes/functions.php:919

filterjetpack_blaze_enabledincludes/functions.php:924

actionwp_dashboard_setupincludes/functions.php:929

filterelementor/frontend/print_google_fontsincludes/functions.php:936

actionadmin_menuincludes/functions.php:941

actionadmin_enqueue_scriptsincludes/functions.php:944

actionadmin_enqueue_scriptsincludes/functions.php:951

actionwp_before_admin_bar_renderincludes/functions.php:960

filterwpseo_debug_markersincludes/functions.php:968

actionwp_dashboard_setupincludes/functions.php:973

filterwpcf7_load_jsincludes/functions.php:980

filterwpcf7_load_cssincludes/functions.php:981

actionwp_before_admin_bar_renderincludes/functions.php:986

actionadmin_headincludes/functions.php:994

actionplugins_loadedincludes/functions.php:1003

actionwp_dashboard_setupincludes/functions.php:1013

actionadmin_menuincludes/functions.php:1022

filterjpeg_qualityincludes/functions.php:1035

filterwp_editor_set_qualityincludes/functions.php:1036

filterintermediate_image_sizes_advancedincludes/functions.php:1041

filterintermediate_image_sizesincludes/functions.php:1047

filterauth_cookie_expirationincludes/functions.php:1058

filterredirect_canonicalincludes/functions.php:1071

filterrest_endpointsincludes/functions.php:1077

actionwp_loginincludes/functions.php:1100

actionwp_login_failedincludes/functions.php:1105

actionxmlrpc_login_errorincludes/functions.php:1115

filterxmlrpc_pingback_errorincludes/functions.php:1123

actionwp_headincludes/functions.php:1137

actionwp_body_openincludes/functions.php:1145

actionplugins_loadedsbs-settings.php:77

actionadmin_enqueue_scriptssbs-settings.php:91

actionbefore_woocommerce_initsbs-settings.php:114

Maintenance & Trust

SbS Settings Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version7.4

Downloads236

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

SbS Settings Alternatives

RationalCleanup

rationalcleanup

100

Clean up legacy WordPress bloat, improve security, and optimize performance with toggleable, opinionated defaults.

200 No CVEs

Wonderful Secure Cleanup

wonderful-secure-cleanup

100

A simple way to clean and secure WordPress by disabling unnecessary features like comments, XML-RPC, and RSS feeds.

60 No CVEs

ZenPress

zenpress

100

Speed up and harden your site with a single click: cleans up unused features, protects security gaps, and configures cache integrations automatically.

50 No CVEs

Mi13 Clean Up

mi13-clean-up

100

Описание

0 No CVEs

Session Shredder for WooCommerce

session-shredder-for-woocommerce

100

Smart rule-based pruning for WooCommerce 10.3+. Enhances experimental session storage with behavior signals to remove zombie sessions and cut DB size.

0 No CVEs

Developer Profile

SbS Settings Developer Profile

onepixelwp

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SbS Settings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sbs-settings/assets/css/admin.css/wp-content/plugins/sbs-settings/assets/js/admin.js

Script Paths

/wp-content/plugins/sbs-settings/assets/js/admin.js

Version Parameters

sbs-settings/assets/css/admin.css?ver=sbs-settings/assets/js/admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-nonce="sbsset_nonce"

JS Globals

sbssetData

FAQ