Does TweakMaster have any unpatched vulnerabilities?

No. All known vulnerabilities in TweakMaster have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TweakMaster compatible with WordPress 6.8.5?

According to WordPress.org data, TweakMaster 1.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is TweakMaster compatible with PHP 7.4+?

TweakMaster requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TweakMaster updated?

TweakMaster was last updated on Oct 22, 2025. Frequent updates are generally a positive security signal.

What is TweakMaster's security score?

TweakMaster has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TweakMaster Security & Risk Analysis

wordpress.org/plugins/tweakmaster

A collection of performance, privacy, security, and other tweaks. Minimalistic lightweight plugin.

0 active installs v1.1.1 PHP 7.4+ WP 6.6+ Updated Oct 22, 2025

lightweightperformanceprivacysecuritytweaks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TweakMaster Safe to Use in 2026?

Generally Safe

Score 100/100

TweakMaster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The plugin 'tweakmaster' v1.1.1 exhibits a strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points indicates a very limited attack surface. The code signals further reinforce this, showing no dangerous functions, all SQL queries using prepared statements, and all output being properly escaped. File operations are absent, and there is only one external HTTP request, which is a good sign. The presence of nonce and capability checks, even with a limited attack surface, demonstrates an awareness of security best practices.

The vulnerability history is also exceptionally clean, with zero recorded CVEs of any severity. This lack of past vulnerabilities, combined with the current static analysis findings, suggests a mature and well-secured plugin. There are no identified flows from unsanitized input, and no critical or high severity taint analysis issues were found. The plugin does not bundle any external libraries, which removes the risk of exploiting known vulnerabilities in outdated bundled components.

Overall, 'tweakmaster' v1.1.1 appears to be a highly secure plugin. The developers have implemented robust security measures and have a history of maintaining a vulnerability-free codebase. The minimal attack surface and adherence to secure coding practices are significant strengths. The only minor point to note is the single external HTTP request, which warrants continued monitoring if the plugin's functionality relies on it, but in isolation, it doesn't represent a significant immediate risk.

Vulnerabilities

None known

TweakMaster Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TweakMaster Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped27 total outputs

Attack Surface

TweakMaster Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 69

actioninitphp\init.php:7

actionadmin_initphp\init.php:8

actionnextgenthemes/tweakmaster/admin/settings/sidebarphp\init.php:49

actionnextgenthemes/tweakmaster/admin/settings/contentphp\init.php:50

actioninitphp\tweaks\admin-bar-greeting.php:14

actionwp_enqueue_scriptsphp\tweaks\admin-bar-greeting.php:19

actionadmin_enqueue_scriptsphp\tweaks\admin-bar-greeting.php:20

filterwp_script_attributesphp\tweaks\admin-bar-greeting.php:21

filteradmin_email_check_intervalphp\tweaks\admin-email-check-interval.php:13

filteradmin_footer_textphp\tweaks\admin-footer-text.php:13

filterwp_editor_set_qualityphp\tweaks\image-quality.php:13

filterwp_revisions_to_keepphp\tweaks\revisions-to-keep.php:13

filterwp_revisions_to_keepphp\tweaks\revisions-to-keep.php:14

actionwp_enqueue_scriptsphp\tweaks\scroll-progress-bar.php:13

actionadmin_enqueue_scriptsphp\tweaks\scroll-progress-bar.php:14

actionwp_body_openphp\tweaks\scroll-progress-bar.php:16

actionadmin_footerphp\tweaks\scroll-progress-bar.php:17

filterhttp_headers_useragentphp\tweaks\user-agent.php:13

filterimage_editor_output_formatphp\tweaks-standalone\convert-jpeg-to-avif.php:22

actionwp_enqueue_scriptsphp\tweaks-standalone\dequeue-jquery-migrate.php:22

actioninitphp\tweaks-standalone\disable-auto-trash-emptying.php:22

filterwpcf7_autop_or_notphp\tweaks-standalone\disable-cf7-autop.php:20

filterwpcf7_load_cssphp\tweaks-standalone\disable-cf7-css.php:20

actionadmin_initphp\tweaks-standalone\disable-comments.php:22

actionadmin_initphp\tweaks-standalone\disable-comments.php:23

actionadmin_initphp\tweaks-standalone\disable-comments.php:24

filtercomments_openphp\tweaks-standalone\disable-comments.php:27

filterpings_openphp\tweaks-standalone\disable-comments.php:28

filtercomments_arrayphp\tweaks-standalone\disable-comments.php:31

actionadmin_menuphp\tweaks-standalone\disable-comments.php:33

actionadmin_bar_menuphp\tweaks-standalone\disable-comments.php:34

actioninitphp\tweaks-standalone\disable-emojis.php:27

filtertiny_mce_pluginsphp\tweaks-standalone\disable-emojis.php:39

filterwp_resource_hintsphp\tweaks-standalone\disable-emojis.php:40

actiondo_feed_rdfphp\tweaks-standalone\disable-feeds.php:22

actiondo_feed_rssphp\tweaks-standalone\disable-feeds.php:23

actiondo_feed_rss2php\tweaks-standalone\disable-feeds.php:24

actiondo_feed_atomphp\tweaks-standalone\disable-feeds.php:25

filterwp_mailphp\tweaks-standalone\disable-non-production-emails.php:23

filterrest_authentication_errorsphp\tweaks-standalone\disable-rest-api.php:22

filterhttp_request_argsphp\tweaks-standalone\disable-ssl-verify-self.php:22

filterauto_core_update_send_emailphp\tweaks-standalone\disable-success-update-emails.php:22

filterauto_plugin_update_send_emailphp\tweaks-standalone\disable-success-update-emails.php:39

filterauto_theme_update_send_emailphp\tweaks-standalone\disable-success-update-emails.php:40

filterxmlrpc_enabledphp\tweaks-standalone\disable-xmlrpc-allow-jetpack-ips.php:36

filterxmlrpc_enabledphp\tweaks-standalone\disable-xmlrpc.php:22

filtersanitize_file_namephp\tweaks-standalone\enable-clean-upload-filenames.php:25

filterpost_row_actionsphp\tweaks-standalone\enable-duplicate-post.php:27

filterpage_row_actionsphp\tweaks-standalone\enable-duplicate-post.php:28

filterfont_dirphp\tweaks-standalone\enable-fonts-to-uploads.php:34

actioninitphp\tweaks-standalone\enable-fonts-to-uploads.php:42

filterjetpack_offline_modephp\tweaks-standalone\enable-jetpack-offline-mode.php:7

actioninitphp\tweaks-standalone\enable-maintenance-mode.php:24

actionadmin_bar_menuphp\tweaks-standalone\enable-maintenance-mode.php:25

filterlogin_messagephp\tweaks-standalone\enable-maintenance-mode.php:26

actionwp_authenticate_userphp\tweaks-standalone\enable-maintenance-mode.php:27

filterwp_calculate_image_srcsetphp\tweaks-standalone\enable-relative-urls.php:84

filterthe_seo_framework_do_before_outputphp\tweaks-standalone\enable-relative-urls.php:102

filterthe_seo_framework_do_after_outputphp\tweaks-standalone\enable-relative-urls.php:103

filterwp_get_attachment_urlphp\tweaks-standalone\enable-relative-urls.php:103

actionwp_enqueue_scriptsphp\tweaks-standalone\enable-script-optimizer.php:24

actionwp_before_admin_bar_renderphp\tweaks-standalone\remove-admin-bar-logo.php:22

filterstyle_loader_tagphp\tweaks-standalone\remove-asset-attr.php:24

filterscript_loader_tagphp\tweaks-standalone\remove-asset-attr.php:25

filterscript_loader_srcphp\tweaks-standalone\remove-asset-ver-parameter.php:22

filterstyle_loader_srcphp\tweaks-standalone\remove-asset-ver-parameter.php:23

filterwp_handle_uploadphp\tweaks-standalone\remove-exif.php:30

filterthe_generatorphp\tweaks-standalone\remove-wp-version.php:26

actiontemplate_redirectphp\tweaks-standalone\search-single-result-redirect.php:22

Maintenance & Trust

TweakMaster Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 22, 2025

PHP min version7.4

Downloads331

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

TweakMaster Alternatives

WP Tweaks

wp-tweaks

100

Several opinionated WordPress tweaks focused in security and performance.

200 No CVEs

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 1 CVE

Simply Static – The Static Site Generator

simply-static

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K 2 CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

Developer Profile

TweakMaster Developer Profile

Nico

7 plugins · 21K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TweakMaster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ