Does WP-Cleanup have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-Cleanup compatible with WordPress 3.0.5?

According to WordPress.org data, WP-Cleanup 1.1.0 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is WP-Cleanup updated?

WP-Cleanup was last updated on Aug 10, 2010. Frequent updates are generally a positive security signal.

What is WP-Cleanup's security score?

WP-Cleanup has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Cleanup Security & Risk Analysis

wordpress.org/plugins/wp-cleanup

This Wordpress plugin will cleanup your Wordpress database by remove all unused data from your database.

500 active installs v1.1.0 PHP + WP 2.9.0+ Updated Aug 10, 2010

cleancleanupdatabaseoptimizepost-revisions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-Cleanup Safe to Use in 2026?

Generally Safe

Score 85/100

WP-Cleanup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "wp-cleanup" plugin version 1.1.0 presents a generally concerning security posture despite a clean vulnerability history. The static analysis reveals no apparent attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events, which is a positive sign for entry points. Furthermore, all SQL queries utilize prepared statements, indicating good practice in database interaction. However, a significant red flag is the complete absence of output escaping for all identified outputs. This means that any data processed or displayed by the plugin could potentially be rendered directly to the user, opening the door for Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks is also a concern, as it implies that sensitive actions might not be adequately protected against unauthorized execution or exploitation.

Key Concerns

0% of outputs properly escaped
0 Nonce checks found
0 Capability checks found

Vulnerabilities

None known

WP-Cleanup Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP-Cleanup Release Timeline

v1.1.0Current

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

WP-Cleanup Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared10 total queries

Output Escaping

0% escaped28 total outputs

Attack Surface

WP-Cleanup Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menuwp-cleanup.php:19

Maintenance & Trust

WP-Cleanup Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedAug 10, 2010

PHP min version

Downloads40K

Community Trust

Rating80/100

Number of ratings3

Active installs500

Alternatives

WP-Cleanup Alternatives

Optimize Database after Deleting Revisions

rvg-optimize-database

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs

SweepPress: Website Cleanup and Optimization

sweeppress

100

Remove unused, orphaned, duplicated data in your WordPress website using 55+ sweepers, manage and clean Options table, optimize database.

600 No CVEs

WP Database Cleaner

wp-database-cleaner

Cleanup and optimize the database of WordPress sites.

200 No CVEs

atec Database

atec-database

100

Manage, clean, and optimize your WordPress database with detailed control over tables and options.

90 No CVEs

Advanced Clean Master – Complete Site Cleanup & Database Optimizer

advanced-clean-master

100

Boost WordPress performance by cleaning unnecessary data and optimizing your database. Remove drafts, orphaned media, transients with scheduled cleanu …

20 No CVEs

Developer Profile

WP-Cleanup Developer Profile

JortK

1 plugin · 500 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Cleanup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

################################################
# THIS IS THE PART WHERE WE CLEANUP EVERYTHING #
################################################

##############################################
# THIS IS THE PART FOR CALCULATING THE STATS #
##############################################

FAQ