WP-Safety

WP Cleanup and base Functions Security & Risk Analysis

wordpress.org/plugins/wp-clean-up-deo

Here is a short description of the plugin. This should be no more than 150 characters. No markup here.

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated Aug 28, 2016
cleanupdevelopers-common-functionsimages-settingsprivacy-settingswordpress-head-cleanup
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Cleanup and base Functions Safe to Use in 2026?

Generally Safe

Score 85/100

WP Cleanup and base Functions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "wp-clean-up-deo" v1.0.0 plugin exhibits a generally positive security posture based on the provided static analysis. It successfully avoids dangerous functions and all SQL queries are properly prepared, mitigating risks of SQL injection. The absence of external HTTP requests and a taint analysis showing no unsanitized paths further contributes to its good standing.

However, there are notable areas for improvement. A significant concern is the low rate of proper output escaping (20%), which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed. The plugin also lacks nonce checks and capability checks, which are crucial for securing entry points, even though the current attack surface is small and appears to have no unprotected entry points. The vulnerability history is clean, which is a strong positive indicator, but the lack of historical data makes it difficult to assess long-term security trends.

In conclusion, while the plugin demonstrates strengths in its handling of SQL and avoidance of common dangerous functions, the insufficient output escaping and absence of critical security checks like nonces and capabilities represent potential weaknesses that need to be addressed to achieve a robust security profile.

Key Concerns

  • Low percentage of properly escaped output
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

WP Cleanup and base Functions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Cleanup and base Functions Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

WP Cleanup and base Functions Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
36
9 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

20% escaped45 total outputs
Attack Surface

WP Cleanup and base Functions Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[wp_caption] public\class-wp-cbf-public.php:200
[caption] public\class-wp-cbf-public.php:201
WordPress Hooks 17
actionplugins_loadedincludes\class-wp-cbf.php:139
actionadmin_enqueue_scriptsincludes\class-wp-cbf.php:154
actionadmin_enqueue_scriptsincludes\class-wp-cbf.php:155
actionadmin_menuincludes\class-wp-cbf.php:158
actionadmin_initincludes\class-wp-cbf.php:165
actionlogin_enqueue_scriptsincludes\class-wp-cbf.php:168
actioninitincludes\class-wp-cbf.php:192
actionwp_loadedincludes\class-wp-cbf.php:193
actionwp_loadedincludes\class-wp-cbf.php:194
actionwp_enqueue_scriptsincludes\class-wp-cbf.php:195
filterwp_headersincludes\class-wp-cbf.php:198
filterbody_classincludes\class-wp-cbf.php:199
filterstyle_loader_srcpublic\class-wp-cbf-public.php:131
filterscript_loader_srcpublic\class-wp-cbf-public.php:132
filtershow_admin_barpublic\class-wp-cbf-public.php:155
actionget_headerpublic\class-wp-cbf-public.php:176
actionwp_headpublic\class-wp-cbf-public.php:178
Maintenance & Trust

WP Cleanup and base Functions Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedAug 28, 2016
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WP Cleanup and base Functions Alternatives

WP-Sweep

WP-Sweep

wp-sweep

A
92

WP-Sweep allows you to clean up unused, orphaned and duplicated data in your WordPress. It also optimizes your database tables.

100K No CVEs
Optimize Database after Deleting Revisions

Optimize Database after Deleting Revisions

rvg-optimize-database

A
99

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs
Delete Duplicate Posts

Delete Duplicate Posts

delete-duplicate-posts

A
99

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K 2 CVEs
Disable Bloat for WordPress & WooCommerce

Disable Bloat for WordPress & WooCommerce

disable-dashboard-for-woocommerce

A
92

All-in-One solution to speed up your WordPress & WooCommerce. Remove unnecessary features and make your site faster and cleaner.

10K No CVEs
Simple Revisions Delete

Simple Revisions Delete

simple-revisions-delete

A
100

Simple Revisions Delete adds a discreet link within a post submit box to let you purge (delete) its revisions via AJAX. Bulk actions also available.

10K 1 CVE
Developer Profile

WP Cleanup and base Functions Developer Profile

deodev

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Cleanup and base Functions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-cbf/admin/css/wp-cbf-admin.css/wp-content/plugins/wp-cbf/admin/js/wp-cbf-admin.js
Script Paths
wp-content/plugins/wp-cbf/admin/js/wp-cbf-admin.js
Version Parameters
wp-cbf/admin/css/wp-cbf-admin.css?ver=wp-cbf/admin/js/wp-cbf-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Plugin Name: WP Cleanup and base Functions -->
FAQ

Frequently Asked Questions about WP Cleanup and base Functions