Does WP Scanner – Performance and Security have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Scanner – Performance and Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Scanner – Performance and Security compatible with WordPress 4.5.33?

According to WordPress.org data, WP Scanner – Performance and Security 1.0.2 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is WP Scanner – Performance and Security updated?

WP Scanner – Performance and Security was last updated on May 29, 2016. Frequent updates are generally a positive security signal.

What is WP Scanner – Performance and Security's security score?

WP Scanner – Performance and Security has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Scanner – Performance and Security Security & Risk Analysis

wordpress.org/plugins/wp-scanner

Scan your WordPress site and receive recommendations on how to improve load time, performance and security.

50 active installs v1.0.2 PHP + WP 3.5+ Updated May 29, 2016

performancescanscannerscanningsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Scanner – Performance and Security Safe to Use in 2026?

Generally Safe

Score 85/100

WP Scanner – Performance and Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The wp-scanner v1.0.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all its SQL queries and has no recorded vulnerability history, indicating a potentially well-maintained codebase. It also correctly implements nonce and capability checks for one of its entry points. However, there are significant concerns stemming from the static analysis. The plugin exposes one AJAX handler without any authentication or permission checks. This creates a direct pathway for unauthenticated attackers to interact with the plugin's functionality, potentially leading to unexpected behavior or exploitation if the handler performs sensitive operations. Furthermore, a concerning 100% of its output is not properly escaped. This makes it highly susceptible to Cross-Site Scripting (XSS) vulnerabilities, where attackers could inject malicious scripts through these unescaped outputs, impacting users of the WordPress site.

Key Concerns

AJAX handler without authentication
100% of outputs not escaped

Vulnerabilities

None known

WP Scanner – Performance and Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Scanner – Performance and Security Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

0% escaped8 total outputs

Attack Surface

1 unprotected

WP Scanner – Performance and Security Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_wp_scanner_refresh_statusclasses\class-wp-scanner-api.php:26

noprivwp_ajax_wpscanner_scanclasses\class-wp-scanner-scan.php:16

WordPress Hooks 4

actionadmin_noticesclasses\class-wp-scanner-notice.php:16

actionnetwork_admin_noticesclasses\class-wp-scanner-notice.php:17

actionadmin_menuclasses\class-wp-scanner-settings.php:40

actionadmin_initclasses\class-wp-scanner-settings.php:41

Maintenance & Trust

WP Scanner – Performance and Security Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedMay 29, 2016

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings2

Active installs50

Alternatives

WP Scanner – Performance and Security Alternatives

WPLifeCycle – Free PHP Version Info & Website Manager

free-php-version-info

100

This plugin shows your current PHP version, its lifecycle security support days, and can send version data to the WPLifeCycle for proactive planning.

100 No CVEs

Sajjetti – AI Audit

sajjetti-audit

100

AI-assisted theme and plugin scanner for security, performance, and best practices. Provides clear, actionable insights.

0 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Developer Profile

WP Scanner – Performance and Security Developer Profile

A5hleyRich

3 plugins · 260 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Scanner – Performance and Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-scanner/assets/js/script.js/wp-content/plugins/wp-scanner/assets/js/script.min.js

Script Paths