Does Unbloater have any unpatched vulnerabilities?

No. All known vulnerabilities in Unbloater have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Unbloater compatible with WordPress 6.9.4?

According to WordPress.org data, Unbloater 1.6.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Unbloater compatible with PHP 7.2+?

Unbloater requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Unbloater updated?

Unbloater was last updated on Jan 24, 2026. Frequent updates are generally a positive security signal.

What is Unbloater's security score?

Unbloater has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Unbloater Security & Risk Analysis

wordpress.org/plugins/unbloater

Remove unnecessary code, nags and bloat from WordPress core and certain plugins.

5K active installs v1.6.4 PHP 7.2+ WP 4.2+ Updated Jan 24, 2026

bloatcleannoticeremoveunbloat

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Unbloater Safe to Use in 2026?

Generally Safe

Score 100/100

Unbloater has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin 'unbloater' v1.6.4 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified attack surface points, dangerous functions, raw SQL queries, file operations, or external HTTP requests is highly commendable. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating capability checks, indicating a thoughtful approach to access control. The clean vulnerability history, with zero recorded CVEs, reinforces the impression of a well-maintained and secure plugin.

However, a notable concern arises from the low percentage of properly escaped output. With only 12% of 25 total outputs being properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This suggests that user-supplied data or dynamic content might be rendered directly into the browser without adequate sanitization, potentially allowing attackers to inject malicious scripts. While the taint analysis reported no issues, this is likely due to the limited scope of analysis (0 flows analyzed). The lack of nonce checks on any entry points, though these points are currently zero, could become a risk if new entry points are introduced without proper security measures.

In conclusion, 'unbloater' v1.6.4 is largely secure due to its minimal attack surface and good coding practices in areas like SQL handling and capability checks. Its vulnerability-free history is a positive indicator. The primary weakness lies in the insufficient output escaping, which presents a clear risk of XSS vulnerabilities. Addressing this output escaping issue should be the top priority to fully secure the plugin.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

Unbloater Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Unbloater Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

12% escaped25 total outputs

Attack Surface

Unbloater Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 68

actionnetwork_admin_menuclasses\ub-admin.php:15

actionnetwork_admin_edit_unbloaterclasses\ub-admin.php:17

actionnetwork_admin_noticesclasses\ub-admin.php:19

filternetwork_admin_plugin_action_links_unbloater/unbloater.phpclasses\ub-admin.php:21

actionadmin_menuclasses\ub-admin.php:24

filterplugin_action_links_unbloater/unbloater.phpclasses\ub-admin.php:26

actionadmin_initclasses\ub-settings.php:19

actionadmin_headclasses\ub-unbloat.php:26

filterauto_update_pluginclasses\ub-unbloat.php:34

filterplugins_auto_update_enabledclasses\ub-unbloat.php:35

filterauto_update_themeclasses\ub-unbloat.php:39

filterthemes_auto_update_enabledclasses\ub-unbloat.php:40

actioninitclasses\ub-unbloat.php:60

actioninitclasses\ub-unbloat.php:64

filteradmin_email_check_intervalclasses\ub-unbloat.php:68

filterxmlrpc_enabledclasses\ub-unbloat.php:72

filterxmlrpc_methodsclasses\ub-unbloat.php:73

actionwpclasses\ub-unbloat.php:76

filterwp_headersclasses\ub-unbloat.php:78

actionadmin_bar_menuclasses\ub-unbloat.php:83

filteradmin_footer_textclasses\ub-unbloat.php:87

filterstyle_loader_srcclasses\ub-unbloat.php:99

filterscript_loader_srcclasses\ub-unbloat.php:100

actiondo_feedclasses\ub-unbloat.php:132

actiondo_feed_rdfclasses\ub-unbloat.php:133

actiondo_feed_rssclasses\ub-unbloat.php:134

actiondo_feed_rss2classes\ub-unbloat.php:135

actiondo_feed_atomclasses\ub-unbloat.php:136

actiondo_feed_rss2_commentsclasses\ub-unbloat.php:137

actiondo_feed_atom_commentsclasses\ub-unbloat.php:138

actionwp_default_scriptsclasses\ub-unbloat.php:146

actionwp_print_scriptsclasses\ub-unbloat.php:161

filtershow_recent_comments_widget_styleclasses\ub-unbloat.php:165

filterheartbeat_settingsclasses\ub-unbloat.php:173

filterget_site_icon_urlclasses\ub-unbloat.php:177

filterlogin_headerurlclasses\ub-unbloat.php:181

filterlogin_headertextclasses\ub-unbloat.php:185

filterlogin_display_language_dropdownclasses\ub-unbloat.php:189

actionenqueue_block_editor_assetsclasses\ub-unbloat.php:209

actionenqueue_block_editor_assetsclasses\ub-unbloat.php:213

filteracf/settings/show_adminclasses\ub-unbloat.php:221

filterautoptimize_filter_toolbar_showclasses\ub-unbloat.php:229

filterautoptimize_filter_main_imgopt_plug_noticeclasses\ub-unbloat.php:233

actionadmin_bar_menuclasses\ub-unbloat.php:241

actionrank_math/whitelabelclasses\ub-unbloat.php:245

filterrank_math/sitemap/remove_creditclasses\ub-unbloat.php:249

filterrank_math/link/remove_classclasses\ub-unbloat.php:253

filtersearchwp\admin\dashboard_widgets\statisticsclasses\ub-unbloat.php:261

filtersearchwp\options\dashboard_stats_linkclasses\ub-unbloat.php:265

filtersearchwp\admin_barclasses\ub-unbloat.php:269

filtersearchwp\admin_menu\positionclasses\ub-unbloat.php:273

filtersearchwp\options\settings_screenclasses\ub-unbloat.php:277

filterthe_seo_framework_indicatorclasses\ub-unbloat.php:285

filterthe_seo_framework_metabox_contextclasses\ub-unbloat.php:289

filterwoocommerce_helper_suppress_connect_noticeclasses\ub-unbloat.php:297

filterwoocommerce_helper_suppress_admin_noticesclasses\ub-unbloat.php:301

actionwp_enqueue_scriptsclasses\ub-unbloat.php:305

actionadmin_menuclasses\ub-unbloat.php:309

actionadmin_enqueue_scriptsclasses\ub-unbloat.php:310

filterwpseo_debug_markersclasses\ub-unbloat.php:318

actionadmin_bar_menuclasses\ub-unbloat.php:322

actionadmin_bar_menuclasses\ub-unbloat.php:330

filteroption_plugin_family_dismiss_promote_imagifyclasses\ub-unbloat.php:338

filterdefault_option_plugin_family_dismiss_promote_imagifyclasses\ub-unbloat.php:339

actionwp_rocket_loadedclasses\ub-unbloat.php:343

filterwp_is_application_passwords_availableclasses\ub-unbloat.php:371

filterwp_is_application_passwords_availableclasses\ub-unbloat.php:376

actioninitunbloater.php:24

Maintenance & Trust

Unbloater Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 24, 2026

PHP min version7.2

Downloads56K

Community Trust

Rating100/100

Number of ratings16

Active installs5K

Alternatives

Unbloater Alternatives

Disable Everything

disable-everything

100

Greatly Improve Performance by Disabling All Unnecessary Features. All with this One lightweight plugin.

20K No CVEs

Disable Bloat for WordPress & WooCommerce

disable-dashboard-for-woocommerce

All-in-One solution to speed up your WordPress & WooCommerce. Remove unnecessary features and make your site faster and cleaner.

10K No CVEs

Disable WP Notification

disable-wp-notification

100

Best wordpress plugin to remove all the admin panel notifications in just one click. Including the theme and plugin update notification.

10K No CVEs

Media Hygiene: Remove or Delete Unused Images and More!

media-hygiene

The Media Hygiene plugin removes unused media from the WordPress library to free up space, reduce clutter, and improve server performance.

5K 3 CVEs

wp_head() cleaner

wp-head-cleaner

100

Remove unused tags from wp_head() output.

2K No CVEs

Developer Profile

Unbloater Developer Profile

christophrado

3 plugins · 6K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

72 days

View full developer profile

Detection Fingerprints

How We Detect Unbloater

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/unbloater/assets/css/unbloater.css/wp-content/plugins/unbloater/assets/js/unbloater.js

Version Parameters

/wp-content/plugins/unbloater/assets/css/unbloater.css?ver=/wp-content/plugins/unbloater/assets/js/unbloater.js?ver=

HTML / DOM Fingerprints

FAQ