Does Tweak Option have any unpatched vulnerabilities?

No. All known vulnerabilities in Tweak Option have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tweak Option compatible with WordPress 6.9.4?

According to WordPress.org data, Tweak Option 1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Tweak Option compatible with PHP 5.5+?

Tweak Option requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tweak Option updated?

Tweak Option was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is Tweak Option's security score?

Tweak Option has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tweak Option Security & Risk Analysis

wordpress.org/plugins/tweak-option

This plugin is a developers tool to inspect, add, modify and remove entries from the wp options database table.

100 active installs v1.8 PHP 5.5+ WP 3.0.1+ Updated Dec 11, 2025

developeroptionstweak

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tweak Option Safe to Use in 2026?

Generally Safe

Score 100/100

Tweak Option has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "tweak-option" plugin v1.8 demonstrates a generally good security posture, with a minimal attack surface and strong practices in handling SQL queries and output escaping. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its safety. The plugin also shows a commendable lack of past vulnerabilities, suggesting a history of security consciousness. However, the static analysis did reveal two flows with unsanitized paths in the taint analysis, which is a concern despite not being classified as critical or high severity. Additionally, while there are two nonce checks, the absence of capability checks on entry points, particularly the single AJAX handler, represents a potential weakness that could be exploited if an attacker can trigger the AJAX action.

Key Concerns

Flows with unsanitized paths
Missing capability checks on entry points

Vulnerabilities

None known

Tweak Option Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tweak Option Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

40 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

98% escaped41 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

tweak_option_proc (tweak-option.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Tweak Option Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_twoptweak-option.php:277

WordPress Hooks 2

actionadmin_menutweak-option.php:12

actionadmin_headtweak-option.php:16

Maintenance & Trust

Tweak Option Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version5.5

Downloads5K

Community Trust

Rating100/100

Number of ratings5

Active installs100

Alternatives

Tweak Option Alternatives

Admin Page Framework

admin-page-framework

Facilitates WordPress plugin and theme development.

80 No CVEs

Developer Options

developer-options-plugin

Plugin for WordPress Developers to view WordPress options.

10 No CVEs

Debug User/Post/Options Meta Data

fm-debug-meta-data

Debug User/Post/Options Meta Data plugin lets administrators debug users and posts meta data in a friendly view.

10 No CVEs

JSON Options

json-options

Import and Export Wordpress Options to/from JSON with filters.

10 No CVEs

WP Caregiver

wp-caregiver

Adds many options for tweaking frontend and backend of your WordPress site.

10 No CVEs

Developer Profile

Tweak Option Developer Profile

Jacob N. Breetvelt

6 plugins · 10K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1147 days

View full developer profile

Detection Fingerprints

How We Detect Tweak Option

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tweak-option/tweak-option.js

HTML / DOM Fingerprints

Data Attributes

twop_fromtweak_optiontwop-actiontwop-optiontwop-messagetwopt_table

JS Globals

twopValueBackuptwopAutoBackuptwopHtmlBackup

REST Endpoints

/wp-json/twop/v1

FAQ

Tweak Option Security & Risk Analysis

Is Tweak Option Safe to Use in 2026?

Generally Safe

Key Concerns

Tweak Option Security Vulnerabilities

Tweak Option Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Tweak Option Attack Surface

AJAX Handlers 1

Tweak Option Maintenance & Trust

Maintenance Signals

Community Trust

Tweak Option Alternatives

Admin Page Framework

Developer Options

Debug User/Post/Options Meta Data

JSON Options

WP Caregiver

Tweak Option Developer Profile

How We Detect Tweak Option

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Tweak Option