Does WP Scripts & Styles Optimizer have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Scripts & Styles Optimizer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Scripts & Styles Optimizer compatible with WordPress 4.8.28?

According to WordPress.org data, WP Scripts & Styles Optimizer 0.4.5 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is WP Scripts & Styles Optimizer updated?

WP Scripts & Styles Optimizer was last updated on Oct 10, 2017. Frequent updates are generally a positive security signal.

What is WP Scripts & Styles Optimizer's security score?

WP Scripts & Styles Optimizer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Scripts & Styles Optimizer Security & Risk Analysis

wordpress.org/plugins/wp-script-optimizer

Improve your site-rendering speed by customizing all of your JavaScript- and CSS-files. Deactivate, set conditions or change positioning of files

100 active installs v0.4.5 PHP + WP 4.4.0+ Updated Oct 10, 2017

cssinto-headerjavascriptscriptsstyles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Scripts & Styles Optimizer Safe to Use in 2026?

Generally Safe

Score 85/100

WP Scripts & Styles Optimizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "wp-script-optimizer" plugin v0.4.5 exhibits a mixed security posture. On the positive side, it shows good practices by avoiding dangerous functions, file operations, and external HTTP requests. The high percentage of prepared statements for SQL queries is also a strong indicator of secure data handling. Furthermore, the plugin has no recorded vulnerability history, suggesting a generally stable codebase.

However, there are notable concerns. The presence of one unprotected AJAX handler represents a significant potential attack vector. While the total number of entry points is low, the lack of authentication on even one can be exploited by unauthenticated users to potentially trigger unintended functionality or access sensitive data. The output escaping, at just over 50%, is also a weakness. This could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is not properly sanitized before being displayed.

Overall, the plugin demonstrates a commitment to secure coding in several areas, but the unprotected AJAX handler and the suboptimal output escaping present clear risks that should be addressed. The lack of historical vulnerabilities is a positive sign, but it does not negate the immediate risks identified in the static analysis.

Key Concerns

AJAX handler without authentication check
Output escaping is not consistently proper

Vulnerabilities

None known

WP Scripts & Styles Optimizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Scripts & Styles Optimizer Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

74% prepared27 total queries

Output Escaping

52% escaped97 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

delete_handle_list_ajax (classes\ajax_functions.class.php:66)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Scripts & Styles Optimizer Attack Surface

Entry Points8

Unprotected1

AJAX Handlers 8

authwp_ajax_get_value_select_ajaxclasses\ajax_functions.class.php:22

authwp_ajax_remove_conditions_ajaxclasses\ajax_functions.class.php:23

authwp_ajax_save_conditions_ajaxclasses\ajax_functions.class.php:24

authwp_ajax_delete_handle_list_ajaxclasses\ajax_functions.class.php:25

authwp_ajax_sync_handle_list_ajaxclasses\ajax_functions.class.php:26

authwp_ajax_save_tab_session_dataclasses\ajax_functions.class.php:27

authwp_ajax_process_page_requestclasses\ajax_functions.class.php:28

authwp_ajax_get_saved_urls_listclasses\ajax_functions.class.php:29

WordPress Hooks 8

actioninitwp-script-optimizer.php:103

actionadmin_menuwp-script-optimizer.php:104

actionadmin_noticeswp-script-optimizer.php:105

actionwpwp-script-optimizer.php:109

actionwp_footerwp-script-optimizer.php:114

actionwp_footerwp-script-optimizer.php:115

actionwp_headwp-script-optimizer.php:119

actionwp_footerwp-script-optimizer.php:120

Maintenance & Trust

WP Scripts & Styles Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedOct 10, 2017

PHP min version

Downloads16K

Community Trust

Rating94/100

Number of ratings15

Active installs100

Alternatives

WP Scripts & Styles Optimizer Alternatives

Custom CSS and JavaScript

custom-css-and-javascript

Easily add custom CSS and JavaScript code to your WordPress site, with draft previewing, revisions, and minification!

10K No CVEs

Better WordPress Minify

bwp-minify

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs

Custom CSS and JS

custom-css-and-js

Custom CSS and JavaScript allows you to add custom internal and external CSS and JavaScripts to individual posts.

1K No CVEs

Speed Up – Browser Caching

speed-up-browser-caching

Help browser to cache a local copy of static files and improve page load times.

700 No CVEs

Conditionally Load CF7

cf7-conditional-load

100

Load Contact Form 7 & select CF7-related plugin scripts & styles only where needed.

100 No CVEs

Developer Profile

WP Scripts & Styles Optimizer Developer Profile

Hendrik Lersch

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Scripts & Styles Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-script-optimizer/js/wpsodatepicker.min.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin-datepicker.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin-tagsinput.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin-tinymce.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin-select2.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin-codemirror.js/wp-content/plugins/wp-script-optimizer/js/wpso-admin-colorpicker.js

Script Paths

Version Parameters

/wp-content/plugins/wp-script-optimizer/js/wpsodatepicker.min.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin-datepicker.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin-tagsinput.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin-tinymce.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin-select2.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin-codemirror.js?ver=/wp-content/plugins/wp-script-optimizer/js/wpso-admin-colorpicker.js?ver=

HTML / DOM Fingerprints

JS Globals

window.WPSO_Adminwindow.wpso_admin_varswindow.wpso_datepicker_varswindow.wpso_admin_tagsinput_varswindow.wpso_admin_tinymce_varswindow.wpso_admin_select2_vars+2 more

FAQ