Does WP Deactivate Features have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Deactivate Features have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Deactivate Features compatible with WordPress 5.5.18?

According to WordPress.org data, WP Deactivate Features 0.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is WP Deactivate Features compatible with PHP 7.2+?

WP Deactivate Features requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Deactivate Features updated?

WP Deactivate Features was last updated on Jan 23, 2021. Frequent updates are generally a positive security signal.

What is WP Deactivate Features's security score?

WP Deactivate Features has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Deactivate Features Security & Risk Analysis

wordpress.org/plugins/wp-deactivate-features

WP Deactivate Features lets you deactivate unneeded functions to improve your websites performance. Features that can be disabled: * Emojis * Comments …

0 active installs v0.1 PHP 7.2+ WP 5.1+ Updated Jan 23, 2021

deactivatedisablefeaturesperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Deactivate Features Safe to Use in 2026?

Generally Safe

Score 85/100

WP Deactivate Features has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "wp-deactivate-features" v0.1 plugin exhibits a seemingly strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the lack of dangerous functions, file operations, external HTTP requests, and the exclusive use of prepared statements for SQL queries are excellent security practices. Taint analysis also indicates no critical or high severity vulnerabilities, which is a positive sign.

However, a critical concern arises from the output escaping analysis, where 100% of the total identified outputs are not properly escaped. This represents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied or dynamic data could be injected into the output without sanitization, potentially leading to malicious code execution in the user's browser. The absence of any nonces or capability checks on the (albeit non-existent) entry points means that if any were to be introduced in the future, they would be unprotected. The plugin also has no recorded vulnerability history, which is good, but this could be due to its limited functionality or newness. The primary weakness lies in unescaped output, which needs immediate attention.

Key Concerns

Unescaped output found

Vulnerabilities

None known

WP Deactivate Features Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Deactivate Features Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

WP Deactivate Features Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 27

actioninitclass\DeactivationExecutor.php:14

actionadmin_initclass\deactivator\CommentsDeactivator.php:8

filtercomments_openclass\deactivator\CommentsDeactivator.php:11

filterpings_openclass\deactivator\CommentsDeactivator.php:12

filtercomments_arrayclass\deactivator\CommentsDeactivator.php:15

actionadmin_menuclass\deactivator\CommentsDeactivator.php:18

actioninitclass\deactivator\CommentsDeactivator.php:21

actioninitclass\deactivator\EmojiDeactivator.php:8

filtertiny_mce_pluginsclass\deactivator\EmojiDeactivator.php:22

filterwp_resource_hintsclass\deactivator\EmojiDeactivator.php:23

actioninitclass\deactivator\HeartbeatDeactivator.php:8

actionpre_pingclass\deactivator\PingbackDeactivator.php:8

filterwp_headersclass\deactivator\PingbackDeactivator.php:9

filterpre_option_enable_xmlrpcclass\deactivator\PingbackDeactivator.php:10

actionwpclass\deactivator\PingbackDeactivator.php:11

filterbloginfo_urlclass\deactivator\PingbackDeactivator.php:12

actionxmlrpc_callclass\deactivator\PingbackDeactivator.php:13

filterrest_authentication_errorsclass\deactivator\RestAPIDeactivator.php:8

actiondo_feedclass\deactivator\RssFeedDeactivator.php:8

actiondo_feed_rdfclass\deactivator\RssFeedDeactivator.php:9

actiondo_feed_rssclass\deactivator\RssFeedDeactivator.php:10

actiondo_feed_rss2class\deactivator\RssFeedDeactivator.php:11

actiondo_feed_atomclass\deactivator\RssFeedDeactivator.php:12

actiondo_feed_rss2_commentsclass\deactivator\RssFeedDeactivator.php:13

actiondo_feed_atom_commentsclass\deactivator\RssFeedDeactivator.php:14

actionadmin_menuclass\Settings.php:14

actionadmin_initclass\Settings.php:15

Maintenance & Trust

WP Deactivate Features Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedJan 23, 2021

PHP min version7.2

Downloads980

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WP Deactivate Features Alternatives

Plugin Load Filter

plugin-load-filter

100

Dynamically activate the selected plugins for each page. Response will be faster by filtering plugins.

8K No CVEs

WPMasterToolKit (WPMTK) – All in one plugin

wpmastertoolkit

Duplicate post, post order, email via SMTP, code snippets, disable gutenberg, child theme generator, svg support, disable XMLRPC, and more...

4K 5 CVEs

User Blocker

user-blocker

To block users from admin side except admin users for specific day,time, and date or permanently.

3K 1 CVE

WP Plugin Manager – Deactivate plugins per page

wp-plugin-manager

"WP Plugin Manager" is a plugin that allows you to disable plugins on specific pages, posts, or devices for better performance.

3K 2 CVEs

Meks Quick Plugin Disabler

meks-quick-plugin-disabler

Temporarily disable (and restore) all currently active plugins with a single click

2K 1 unpatched

Developer Profile

WP Deactivate Features Developer Profile

Sascha Huber

3 plugins · 100 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Deactivate Features

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-deactivate-features/css/style.css/wp-content/plugins/wp-deactivate-features/js/script.js

Script Paths

/wp-content/plugins/wp-deactivate-features/js/script.js

Version Parameters

wp-deactivate-features/css/style.css?ver=wp-deactivate-features/js/script.js?ver=

HTML / DOM Fingerprints

JS Globals

window.wpdf_script_vars

FAQ