WP-Safety

Simply Static – The Static Site Generator Security & Risk Analysis

wordpress.org/plugins/simply-static

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K active installs v3.6.3 PHP 7.4+ WP 6.2+ Updated Mar 9, 2026
jamstackperformancesecuritystatic-site-generator
99
A · Safe
CVEs total2
Unpatched0
Last CVEApr 22, 2024
Plugin page Download
Safety Verdict

Is Simply Static – The Static Site Generator Safe to Use in 2026?

Generally Safe

Score 99/100

Simply Static – The Static Site Generator has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 22, 2024Updated 27d ago
Risk Assessment

The Simply Static plugin v3.6.3 demonstrates a generally strong security posture with excellent adoption of security best practices. The attack surface is well-managed, with all identified AJAX handlers and REST API routes protected by appropriate permission callbacks, which is a significant positive. The code signals indicate a robust approach to security, with a high percentage of SQL queries using prepared statements and a vast majority of outputs being properly escaped. The presence of nonce checks and capability checks further reinforces this good practice.

However, a critical area of concern is the use of the `unserialize` function. This function is inherently risky as it can lead to Remote Code Execution (RCE) vulnerabilities if an attacker can control the data being unserialized. While no direct taint flows were identified from this function in the provided analysis, it remains a potential entry point for sophisticated attacks. The vulnerability history, while showing no currently unpatched CVEs, reveals past issues related to sensitive information logging and Cross-Site Scripting (XSS). The recency of the last vulnerability (April 2024) suggests ongoing security considerations and the need for continued vigilance.

In conclusion, Simply Static v3.6.3 is commendably built with security in mind, especially regarding its attack surface and general coding practices. The primary weakness lies in the `unserialize` function, which requires careful monitoring and potential mitigation. The past vulnerability history, though resolved, serves as a reminder that even well-secured plugins can have exploitable flaws, necessitating prompt updates for future versions.

Key Concerns

  • Use of the 'unserialize' function
Vulnerabilities
2

Simply Static – The Static Site Generator Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-32825medium · 5.3Insertion of Sensitive Information into Log File

Simply Static <= 3.1.3 - Unauthenticated Information Exposure

Apr 22, 2024 Patched in 3.1.4 (9d)
CVE-2024-30178medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 3.1.4 (8d)
Code Analysis
Analyzed Mar 16, 2026

Simply Static – The Static Site Generator Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
23 prepared
Unescaped Output
11
107 escaped
Nonce Checks
4
Capability Checks
72
File Operations
72
External Requests
20
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize( $data, $options ); // @phpcs:ignoresrc\background\class-ss-background-process.php:975

SQL Query Safety

79% prepared29 total queries

Output Escaping

91% escaped118 total outputs
Attack Surface

Simply Static – The Static Site Generator Attack Surface

Entry Points66
Unprotected0

AJAX Handlers 1

authwp_ajax_ss_admin_get_statussrc\integrations\class-ss-adminbar-integration.php:29

REST API Routes 65

GET/wp-json/simplystatic/v1/sitessrc\admin\inc\class-ss-admin-rest.php:53
POST/wp-json/simplystatic/v1/trigger-cronsrc\admin\inc\class-ss-admin-rest.php:61
GET/wp-json/simplystatic/v1/check-can-runsrc\admin\inc\class-ss-admin-rest.php:69
POST/wp-json/simplystatic/v1/reset-export-locksrc\admin\inc\class-ss-admin-rest.php:77
GET/wp-json/simplystatic/v1/post-typessrc\admin\inc\class-ss-admin-rest.php:87
GET/wp-json/simplystatic/v1/taxonomiessrc\admin\inc\class-ss-admin-rest.php:95
GET/wp-json/simplystatic/v1/active-pluginssrc\admin\inc\class-ss-admin-rest.php:103
GET/wp-json/simplystatic/v1/active-themessrc\admin\inc\class-ss-admin-rest.php:111
GET/wp-json/simplystatic/v1/crawlerssrc\admin\inc\class-ss-admin-rest.php:119
GET/wp-json/simplystatic/v1/export-typesrc\admin\inc\class-ss-admin-rest.php:128
GET/wp-json/simplystatic/v1/settingssrc\admin\inc\class-ss-admin-rest.php:137
GET/wp-json/simplystatic/v1/settings/exportsrc\admin\inc\class-ss-admin-rest.php:145
POST/wp-json/simplystatic/v1/settingssrc\admin\inc\class-ss-admin-rest.php:153
POST/wp-json/simplystatic/v1/settings/resetsrc\admin\inc\class-ss-admin-rest.php:161
POST/wp-json/simplystatic/v1/export-404src\admin\inc\class-ss-admin-rest.php:170
POST/wp-json/simplystatic/v1/settings/reset-databasesrc\admin\inc\class-ss-admin-rest.php:179
POST/wp-json/simplystatic/v1/settings/reset-background-queuesrc\admin\inc\class-ss-admin-rest.php:187
POST/wp-json/simplystatic/v1/update-from-networksrc\admin\inc\class-ss-admin-rest.php:195
GET/wp-json/simplystatic/v1/pagessrc\admin\inc\class-ss-admin-rest.php:203
GET/wp-json/simplystatic/v1/pages-slugssrc\admin\inc\class-ss-admin-rest.php:211
POST/wp-json/simplystatic/v1/migratesrc\admin\inc\class-ss-admin-rest.php:219
POST/wp-json/simplystatic/v1/reset-diagnosticssrc\admin\inc\class-ss-admin-rest.php:227
GET/wp-json/simplystatic/v1/system-statussrc\admin\inc\class-ss-admin-rest.php:235
GET/wp-json/simplystatic/v1/system-status/passedsrc\admin\inc\class-ss-admin-rest.php:243
POST/wp-json/simplystatic/v1/delete-logsrc\admin\inc\class-ss-admin-rest.php:251
GET/wp-json/simplystatic/v1/activity-logsrc\admin\inc\class-ss-admin-rest.php:259
GET/wp-json/simplystatic/v1/export-logsrc\admin\inc\class-ss-admin-rest.php:267
POST/wp-json/simplystatic/v1/start-exportsrc\admin\inc\class-ss-admin-rest.php:275
POST/wp-json/simplystatic/v1/cancel-exportsrc\admin\inc\class-ss-admin-rest.php:283
POST/wp-json/simplystatic/v1/pause-exportsrc\admin\inc\class-ss-admin-rest.php:291
POST/wp-json/simplystatic/v1/resume-exportsrc\admin\inc\class-ss-admin-rest.php:299
GET/wp-json/simplystatic/v1/is-runningsrc\admin\inc\class-ss-admin-rest.php:307
POST/wp-json/simplystatic/v1/clear-temp-filessrc\admin\inc\class-ss-admin-rest.php:315
GET/wp-json/simplystatic/v1/sitessrc\admin\inc\class-ss-admin-settings.php:432
POST/wp-json/simplystatic/v1/trigger-cronsrc\admin\inc\class-ss-admin-settings.php:440
GET/wp-json/simplystatic/v1/check-can-runsrc\admin\inc\class-ss-admin-settings.php:448
GET/wp-json/simplystatic/v1/post-typessrc\admin\inc\class-ss-admin-settings.php:459
GET/wp-json/simplystatic/v1/taxonomiessrc\admin\inc\class-ss-admin-settings.php:468
GET/wp-json/simplystatic/v1/active-pluginssrc\admin\inc\class-ss-admin-settings.php:477
GET/wp-json/simplystatic/v1/active-themessrc\admin\inc\class-ss-admin-settings.php:486
GET/wp-json/simplystatic/v1/crawlerssrc\admin\inc\class-ss-admin-settings.php:494
GET/wp-json/simplystatic/v1/export-typesrc\admin\inc\class-ss-admin-settings.php:502
GET/wp-json/simplystatic/v1/settingssrc\admin\inc\class-ss-admin-settings.php:510
GET/wp-json/simplystatic/v1/settings/exportsrc\admin\inc\class-ss-admin-settings.php:519
POST/wp-json/simplystatic/v1/settingssrc\admin\inc\class-ss-admin-settings.php:527
POST/wp-json/simplystatic/v1/settings/resetsrc\admin\inc\class-ss-admin-settings.php:535
POST/wp-json/simplystatic/v1/export-404src\admin\inc\class-ss-admin-settings.php:544
POST/wp-json/simplystatic/v1/settings/reset-databasesrc\admin\inc\class-ss-admin-settings.php:552
POST/wp-json/simplystatic/v1/settings/reset-background-queuesrc\admin\inc\class-ss-admin-settings.php:560
POST/wp-json/simplystatic/v1/update-from-networksrc\admin\inc\class-ss-admin-settings.php:568
GET/wp-json/simplystatic/v1/pagessrc\admin\inc\class-ss-admin-settings.php:576
GET/wp-json/simplystatic/v1/pages-slugssrc\admin\inc\class-ss-admin-settings.php:584
POST/wp-json/simplystatic/v1/migratesrc\admin\inc\class-ss-admin-settings.php:592
POST/wp-json/simplystatic/v1/reset-diagnosticssrc\admin\inc\class-ss-admin-settings.php:600
GET/wp-json/simplystatic/v1/system-statussrc\admin\inc\class-ss-admin-settings.php:608
GET/wp-json/simplystatic/v1/system-status/passedsrc\admin\inc\class-ss-admin-settings.php:616
POST/wp-json/simplystatic/v1/delete-logsrc\admin\inc\class-ss-admin-settings.php:624
GET/wp-json/simplystatic/v1/activity-logsrc\admin\inc\class-ss-admin-settings.php:632
GET/wp-json/simplystatic/v1/export-logsrc\admin\inc\class-ss-admin-settings.php:640
POST/wp-json/simplystatic/v1/start-exportsrc\admin\inc\class-ss-admin-settings.php:648
POST/wp-json/simplystatic/v1/cancel-exportsrc\admin\inc\class-ss-admin-settings.php:656
POST/wp-json/simplystatic/v1/pause-exportsrc\admin\inc\class-ss-admin-settings.php:664
POST/wp-json/simplystatic/v1/resume-exportsrc\admin\inc\class-ss-admin-settings.php:672
GET/wp-json/simplystatic/v1/is-runningsrc\admin\inc\class-ss-admin-settings.php:680
POST/wp-json/simplystatic/v1/clear-temp-filessrc\admin\inc\class-ss-admin-settings.php:689
WordPress Hooks 82
actionplugins_loadedsimply-static.php:43
actionplugins_loadedsimply-static.php:75
actionadmin_noticessimply-static.php:104
actionnetwork_admin_noticessimply-static.php:117
actionadd_meta_boxessrc\admin\inc\class-ss-admin-meta.php:35
actionrest_api_initsrc\admin\inc\class-ss-admin-rest.php:40
actionadmin_menusrc\admin\inc\class-ss-admin-settings.php:62
actionadmin_headsrc\admin\inc\class-ss-admin-settings.php:66
actionadmin_bar_menusrc\admin\inc\class-ss-admin-settings.php:69
actionadmin_initsrc\admin\inc\class-ss-admin-settings.php:72
actionnetwork_admin_noticessrc\admin\inc\class-ss-admin-settings.php:81
actionadmin_footersrc\admin\inc\class-ss-admin-settings.php:167
filtercron_schedulessrc\background\class-ss-background-process.php:139
filterwp_archive_creation_job_cron_intervalsrc\class-ss-archive-creation-job.php:54
actionss_archive_creation_job_before_startsrc\class-ss-multisite.php:42
actionss_before_perform_archive_actionsrc\class-ss-multisite.php:43
actionss_after_perform_archive_actionsrc\class-ss-multisite.php:44
actionss_before_perform_archive_running_checksrc\class-ss-multisite.php:45
actionss_before_render_activity_logsrc\class-ss-multisite.php:46
actionss_before_render_export_logsrc\class-ss-multisite.php:47
actionss_after_render_export_logsrc\class-ss-multisite.php:48
actionss_before_sending_response_for_static_archivesrc\class-ss-multisite.php:49
actionss_after_render_activity_logsrc\class-ss-multisite.php:50
actionss_archive_creation_job_after_start_queuesrc\class-ss-multisite.php:51
actionss_archive_creation_job_already_runningsrc\class-ss-multisite.php:52
filterss_can_delete_filesrc\class-ss-multisite.php:53
actionadmin_footersrc\class-ss-multisite.php:54
actionnetwork_admin_menusrc\class-ss-multisite.php:55
actionss_archive_creation_job_before_startsrc\class-ss-multisite.php:56
actionss_archive_creation_job_before_startsrc\class-ss-multisite.php:57
actionss_after_cleanupsrc\class-ss-multisite.php:58
actioninitsrc\class-ss-page-handlers.php:20
filterplugin_install_action_linkssrc\class-ss-plugin-compatibility.php:57
filterplugin_row_metasrc\class-ss-plugin-compatibility.php:58
actionadmin_enqueue_scriptssrc\class-ss-plugin-compatibility.php:61
actionactivated_pluginsrc\class-ss-plugin.php:78
actiondeactivated_pluginsrc\class-ss-plugin.php:79
actionafter_switch_themesrc\class-ss-plugin.php:80
actioninitsrc\class-ss-plugin.php:83
actionsimply_static_site_export_cronsrc\class-ss-plugin.php:85
filtersimplystatic.archive_creation_job.task_listsrc\class-ss-plugin.php:88
actionss_after_setup_tasksrc\class-ss-plugin.php:94
filterplugin_action_links_simply-static/simply-static.phpsrc\class-ss-plugin.php:97
filterhttp_request_argssrc\class-ss-plugin.php:103
actionss_before_finish_transferring_files_locallysrc\handlers\class-ss-404-handler.php:67
filteraioseo_sitemap_stylesheetsrc\handlers\class-ss-aio-seo-sitemap-handler.php:20
actionss_before_finish_transferring_files_locallysrc\handlers\class-ss-rule-file-handler.php:82
filterseopress_sitemaps_stylesheet_urlsrc\handlers\class-ss-seopress-sitemap-handler.php:20
actionss_before_finish_transferring_files_locallysrc\handlers\class-ss-seopress-sitemap-handler.php:271
filterwpseo_stylesheet_urlsrc\handlers\class-ss-yoast-sitemap-handler.php:20
actionadmin_bar_menusrc\integrations\class-ss-adminbar-integration.php:28
actionadmin_footersrc\integrations\class-ss-adminbar-integration.php:32
actionwp_footersrc\integrations\class-ss-adminbar-integration.php:33
filteraioseo_unrecognized_allowed_query_argssrc\integrations\class-ss-aio-seo-integration.php:25
actionss_after_setup_tasksrc\integrations\class-ss-aio-seo-integration.php:26
filterssp_single_export_additional_urlssrc\integrations\class-ss-aio-seo-integration.php:27
filterss_additional_filessrc\integrations\class-ss-aio-seo-integration.php:28
actionss_after_extract_and_replace_urls_in_htmlsrc\integrations\class-ss-cookie-yes-integration.php:37
actionss_after_cleanupsrc\integrations\class-ss-delay-integration.php:32
actionss_before_perform_archive_actionsrc\integrations\class-ss-delay-integration.php:33
filterss_is_running_statusessrc\integrations\class-ss-delay-integration.php:34
filterss_after_replace_urls_in_htmlsrc\integrations\class-ss-divi-integration.php:74
filterss_html_after_restored_attributessrc\integrations\class-ss-elementor-integration.php:49
actionelementor/widgets/registersrc\integrations\class-ss-elementor-integration.php:52
actionelementor/elements/categories_registeredsrc\integrations\class-ss-elementor-integration.php:53
actionss_after_setup_tasksrc\integrations\class-ss-elementor-integration.php:67
actionss_after_setup_tasksrc\integrations\class-ss-elementor-integration.php:73
actionssp_before_form_template_scriptssrc\integrations\class-ss-elementor-integration.php:76
filterssp_single_related_attachment_urlssrc\integrations\class-ss-elementor-integration.php:79
actionss_after_setup_tasksrc\integrations\class-ss-rank-math-integration.php:26
actionss_after_setup_tasksrc\integrations\class-ss-rank-math-integration.php:27
actionss_dom_before_savesrc\integrations\class-ss-rank-math-integration.php:28
filterss_additional_filessrc\integrations\class-ss-rank-math-integration.php:29
filterssp_single_export_additional_urlssrc\integrations\class-ss-rank-math-integration.php:35
actionss_after_setup_tasksrc\integrations\class-ss-seopress-integration.php:25
filterssp_single_export_additional_urlssrc\integrations\class-ss-seopress-integration.php:31
actionss_after_setup_tasksrc\integrations\class-ss-yoast-integration.php:25
actionss_after_setup_tasksrc\integrations\class-ss-yoast-integration.php:26
actionss_dom_before_savesrc\integrations\class-ss-yoast-integration.php:27
filterss_additional_filessrc\integrations\class-ss-yoast-integration.php:28
filterssp_single_export_add_xml_sitemapsrc\integrations\class-ss-yoast-integration.php:32
filterssp_single_export_additional_urlssrc\integrations\class-ss-yoast-integration.php:38
Maintenance & Trust

Simply Static – The Static Site Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.4
Downloads1.7M

Community Trust

Rating90/100
Number of ratings192
Active installs30K
Alternatives

Simply Static – The Static Site Generator Alternatives

Make Me Static, Static Site Generator, Git, Pages and Live Stats

Make Me Static, Static Site Generator, Git, Pages and Live Stats

make-me-static

A
100

Static site generator using Git for storage. Comes with free integrated Git + Pages solution including Live WebStats.

40 No CVEs
Static Snap

Static Snap

static-snap

A
100

Static Snap converts your WordPress site into a static website, boosting performance, security, scalability, and SEO.

30 No CVEs
Jetpack – WP Security, Backup, Speed, & Growth

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

A
87

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs
ManageWP Worker

ManageWP Worker

worker

A
98

A better way to manage dozens of WordPress websites.

1.0M 1 CVE
Plugin Check (PCP)

Plugin Check (PCP)

plugin-check

A
100

Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.

7K No CVEs
Developer Profile

Simply Static – The Static Site Generator Developer Profile

Simply Static

1 plugin · 30K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect Simply Static – The Static Site Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simply-static/assets/css/admin.css/wp-content/plugins/simply-static/assets/js/admin.js
Script Paths
/wp-content/plugins/simply-static/assets/js/admin.js
Version Parameters
simply-static/assets/css/admin.css?ver=simply-static/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
simply-static-settings-formsimply-static-export-logsimply-static-settings-navigation
Data Attributes
data-simply-static-id
JS Globals
simplyStaticAdmin
REST Endpoints
/wp-json/simply-static/v1/settings/export_404
FAQ

Frequently Asked Questions about Simply Static – The Static Site Generator