WP-Safety

Super Switch Security & Risk Analysis

wordpress.org/plugins/super-switch

As you see, these are a set of switches. You can optimize your blog by this.

100 active installs v1.5 PHP + WP 2.6+ Updated Aug 26, 2010
autosavedisableoptimizerevisionupdate
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Super Switch Safe to Use in 2026?

Generally Safe

Score 85/100

Super Switch has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The "super-switch" v1.5 plugin presents a concerning security posture despite a seemingly clean vulnerability history. While the plugin boasts zero entry points for direct attacks and a complete absence of known CVEs, its static analysis reveals significant underlying risks. Notably, the presence of 43 instances of the deprecated and inherently unsafe `create_function` is a major red flag, indicating potential for arbitrary code execution if inputs are not meticulously sanitized. Furthermore, the complete lack of output escaping on all identified output points means that any data processed and displayed by the plugin could be vulnerable to Cross-Site Scripting (XSS) attacks, especially if user-supplied data is involved. The absence of nonce checks and capability checks, coupled with no taint analysis data, leaves a significant blind spot regarding how data is handled and if unauthorized actions can be performed. While the plugin does not appear to have a history of publicly disclosed vulnerabilities, this could be due to a lack of thorough auditing or a reliance on external factors for protection, rather than inherent security in its code.

Key Concerns

  • Dangerous function create_function found
  • No output escaping on any output points
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Super Switch Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Super Switch Code Analysis

Dangerous Functions
43
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '$a', "remove_action('init', 'wp_version_check');"), for27.php:36
create_functionadd_action( 'init', create_function( '$a', "remove_action('init', 'wp_version_check_mod');"), 3); //for27.php:37
create_functionadd_action( 'load-plugins.php', create_function('$a', "remove_action('load-plugins.php', 'wp_update_for27.php:44
create_functionadd_action( 'load-update.php', create_function('$a', "remove_action('load-update.php', 'wp_update_plfor27.php:45
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_plugins'for27.php:46
create_functionadd_action( 'wp_update_plugins', create_function('$a', "remove_action('wp_update_plugins', 'wp_updatfor27.php:47
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_themes')for27.php:57
create_functionadd_action( 'wp_update_themes', create_function('$a', "remove_action('wp_update_themes', 'wp_update_for27.php:58
create_functionadd_action('plugins_loaded', create_function( '$a', "define('WP_POST_REVISIONS', false);"));for27.php:68
create_functionadd_action('admin_init', create_function( '$a', "remove_action('in_admin_footer', 'browse_happy');")for27.php:73
create_functionadd_action('admin_print_scripts', create_function( '$a', "wp_deregister_script('autosave');"));for27.php:78
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_core');"for28.php:36
create_functionadd_action( 'wp_version_check', create_function('$a', "remove_action('wp_version_check', 'wp_versionfor28.php:37
create_functionadd_action( 'init', create_function( '$a', "remove_action('init', 'wp_version_check_mod');"), 3); //for28.php:39
create_functionadd_action( 'load-plugins.php', create_function('$a', "remove_action('load-plugins.php', 'wp_update_for28.php:46
create_functionadd_action( 'load-update.php', create_function('$a', "remove_action('load-update.php', 'wp_update_plfor28.php:47
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_plugins'for28.php:48
create_functionadd_action( 'wp_update_plugins', create_function('$a', "remove_action('wp_update_plugins', 'wp_updatfor28.php:49
create_functionadd_action( 'load-themes.php', create_function('$a', "remove_action('load-themes.php', 'wp_update_thfor28.php:54
create_functionadd_action( 'load-update.php', create_function('$a', "remove_action('load-update.php', 'wp_update_thfor28.php:55
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_themes')for28.php:56
create_functionadd_action( 'wp_update_themes', create_function('$a', "remove_action('wp_update_themes', 'wp_update_for28.php:57
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_themes')for28.php:59
create_functionadd_action( 'wp_update_themes', create_function('$a', "remove_action('wp_update_themes', 'wp_update_for28.php:60
create_functionadd_action('plugins_loaded', create_function( '$a', "define('WP_POST_REVISIONS', false);"));for28.php:65
create_functionadd_action('admin_init', create_function( '$a', "remove_action('in_admin_footer', 'browse_happy');")for28.php:70
create_functionadd_action('admin_print_scripts', create_function( '$a', "wp_deregister_script('autosave');"));for28.php:75
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_core');"for30.php:36
create_functionadd_action( 'wp_version_check', create_function('$a', "remove_action('wp_version_check', 'wp_versionfor30.php:37
create_functionadd_action( 'init', create_function( '$a', "remove_action('init', 'wp_version_check_mod');"), 3); //for30.php:39
create_functionadd_action( 'load-plugins.php', create_function('$a', "remove_action('load-plugins.php', 'wp_update_for30.php:46
create_functionadd_action( 'load-update.php', create_function('$a', "remove_action('load-update.php', 'wp_update_plfor30.php:47
create_functionadd_action( 'load-update-core.php', create_function('$a', "remove_action('load-update-core.php', 'wpfor30.php:48
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_plugins'for30.php:49
create_functionadd_action( 'wp_update_plugins', create_function('$a', "remove_action('wp_update_plugins', 'wp_updatfor30.php:50
create_functionadd_action( 'load-themes.php', create_function('$a', "remove_action('load-themes.php', 'wp_update_thfor30.php:55
create_functionadd_action( 'load-update.php', create_function('$a', "remove_action('load-update.php', 'wp_update_thfor30.php:56
create_functionadd_action( 'load-update-core.php', create_function('$a', "remove_action('load-update-core.php', 'wpfor30.php:57
create_functionadd_action( 'admin_init', create_function('$a', "remove_action('admin_init', '_maybe_update_themes')for30.php:58
create_functionadd_action( 'wp_update_themes', create_function('$a', "remove_action('wp_update_themes', 'wp_update_for30.php:59
create_functionadd_action('plugins_loaded', create_function( '$a', "define('WP_POST_REVISIONS', false);"));for30.php:64
create_functionadd_action('admin_init', create_function( '$a', "remove_action('in_admin_footer', 'browse_happy');")for30.php:69
create_functionadd_action('admin_print_scripts', create_function( '$a', "wp_deregister_script('autosave');"));for30.php:74

Output Escaping

0% escaped1 total outputs
Attack Surface

Super Switch Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 47
actionplugins_loadedfor27.php:36
actioninitfor27.php:37
actionload-plugins.phpfor27.php:44
actionload-update.phpfor27.php:45
actionadmin_initfor27.php:46
actionwp_update_pluginsfor27.php:47
actionadmin_initfor27.php:57
actionwp_update_themesfor27.php:58
actionplugins_loadedfor27.php:68
actionadmin_initfor27.php:73
actionadmin_print_scriptsfor27.php:78
actionadmin_headfor27.php:93
actionadmin_initfor28.php:36
actionwp_version_checkfor28.php:37
actioninitfor28.php:39
actionload-plugins.phpfor28.php:46
actionload-update.phpfor28.php:47
actionadmin_initfor28.php:48
actionwp_update_pluginsfor28.php:49
actionload-themes.phpfor28.php:54
actionload-update.phpfor28.php:55
actionadmin_initfor28.php:56
actionwp_update_themesfor28.php:57
actionadmin_initfor28.php:59
actionwp_update_themesfor28.php:60
actionplugins_loadedfor28.php:65
actionadmin_initfor28.php:70
actionadmin_print_scriptsfor28.php:75
actionadmin_headfor28.php:90
actionadmin_initfor30.php:36
actionwp_version_checkfor30.php:37
actioninitfor30.php:39
actionload-plugins.phpfor30.php:46
actionload-update.phpfor30.php:47
actionload-update-core.phpfor30.php:48
actionadmin_initfor30.php:49
actionwp_update_pluginsfor30.php:50
actionload-themes.phpfor30.php:55
actionload-update.phpfor30.php:56
actionload-update-core.phpfor30.php:57
actionadmin_initfor30.php:58
actionwp_update_themesfor30.php:59
actionplugins_loadedfor30.php:64
actionadmin_initfor30.php:69
actionadmin_print_scriptsfor30.php:74
actionadmin_headfor30.php:89
actionadmin_menusuper-switch.php:100
Maintenance & Trust

Super Switch Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedAug 26, 2010
PHP min version
Downloads28K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Super Switch Alternatives

Disable Gutenberg Autosave

Disable Gutenberg Autosave

disable-gutenberg-autosave

A
100

Allows to control Gutenberg autosave interval or disable autosave completely.

2K No CVEs
LAPDI Disable Autosave

LAPDI Disable Autosave

tsp-disable-auto-save

A
85

Disable Autosave prevents WordPress from automatically saving duplicate copies of posts while editing.

10 No CVEs
Easy Updates Manager

Easy Updates Manager

stops-core-theme-and-plugin-updates

A
100

Manage all your WordPress updates, including individual updates, automatic updates, logs, and loads more. This also works very well with WordPress Mul …

300K 1 CVE
Disable and Remove Google Fonts | GDPR & DSGVO friendly

Disable and Remove Google Fonts | GDPR & DSGVO friendly

disable-remove-google-fonts

A
100

Improve frontend performance by disabling Google Fonts. GDPR and DSGVO friendly.

100K No CVEs
Optimize Database after Deleting Revisions

Optimize Database after Deleting Revisions

rvg-optimize-database

A
99

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs
Developer Profile

Super Switch Developer Profile

crazyloong

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Super Switch

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/super-switch/

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Super Switch