WP-Safety

WP EzPz Tweaks Security & Risk Analysis

wordpress.org/plugins/wpezpz-tweaks

Take the control of your WordPress Customized, Efficient, and Secure

10 active installs v1.2.0 PHP 7.0+ WP 5.6+ Updated Dec 14, 2023
admin-menu-editorcustomizationoptimizationperformancesecurity
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WP EzPz Tweaks Safe to Use in 2026?

Generally Safe

Score 85/100

WP EzPz Tweaks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "wpezpz-tweaks" plugin v1.2.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a well-maintained codebase. The absence of external HTTP requests and critical/high severity taint flows are also strong indicators of security diligence.

However, there are significant concerns stemming from the static analysis. The plugin exposes an attack surface of 4 AJAX handlers, with a concerning 3 of them lacking authentication checks. This represents a substantial risk, as these unprotected entry points could be exploited by unauthenticated users to trigger potentially harmful actions. While the plugin does include some nonce and capability checks, their limited application to only two entry points leaves the majority of the AJAX functionality vulnerable.

While the vulnerability history is clean, this does not negate the inherent risks identified in the code. The lack of proper authentication on a majority of its AJAX handlers is a critical security flaw that requires immediate attention. The plugin's strengths in SQL and output handling are overshadowed by this significant exposure.

Key Concerns

  • AJAX handlers without authentication checks
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

WP EzPz Tweaks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP EzPz Tweaks Release Timeline

v1.2.0Current
v1.1.0
v1.0.17
v1.0.16
v1.0.15
v1.0.14
v1.0.13
v1.0.12
v1.0.11
v1.0.10
Code Analysis
Analyzed Apr 16, 2026

WP EzPz Tweaks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
25
81 escaped
Nonce Checks
2
Capability Checks
2
File Operations
8
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

76% escaped106 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
settings_import (engine/Backups/ImpExp.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP EzPz Tweaks Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_ezpz_tweaks_create_backupengine/Backups/Import_Export.php:88
authwp_ajax_ezpz_tweaks_delete_backupengine/Backups/Import_Export.php:89
authwp_ajax_ezpz_tweaks_restore_backupengine/Backups/Import_Export.php:90
authwp_ajax_wpezpz_change_page_editorengine/Features/Editor_Changer.php:21
WordPress Hooks 81
actionadmin_enqueue_scriptsbackend/Enqueue.php:32
actionadmin_enqueue_scriptsbackend/Enqueue.php:33
actionadmin_enqueue_scriptsbackend/Settings_Page.php:49
actionadmin_enqueue_scriptsbackend/Settings_Page.php:50
actionadmin_enqueue_scriptsbackend/Settings_Page.php:51
actionwp_enqueue_scriptsbackend/Settings_Page.php:54
actionlogin_headbackend/Settings_Page.php:55
actionadmin_menubackend/Settings_Page.php:57
actionadmin_headbackend/Settings_Page.php:58
actionadmin_initbackend/Settings_Page.php:59
actionadmin_initbackend/Settings_Page.php:65
actioncmb2_save_options-page_fieldsbackend/Settings_Page.php:66
actionadmin_noticesbackend/Settings_Page.php:67
actionadmin_footer_textbackend/Settings_Page.php:68
actioninitbackend/Settings_Page.php:69
filterupload_mimesbackend/Settings_Page.php:72
filterwp_check_filetype_and_extbackend/Settings_Page.php:73
actionadmin_enqueue_scriptsbackend/Settings_Page.php:147
actionadmin_footerengine/Features/Custom_Admin_CSS.php:29
actionadmin_footerengine/Features/Dashboard_Colors.php:49
actionadmin_initengine/Features/Dashboard_Widgets.php:22
actionwp_dashboard_setupengine/Features/Dashboard_Widgets.php:23
actionwp_enqueue_scriptsengine/Features/Font/Font.php:163
actionadmin_enqueue_scriptsengine/Features/Font/Font.php:164
actionpre_user_queryengine/Features/Hidden_Users.php:29
actionviews_usersengine/Features/Hidden_Users.php:30
filtercmb2_repeat_table_row_typesengine/cmb2/Type_Select2_Multiple.php:23
filterbody_classfrontend/Extras/Body_Class.php:39
actioninitfrontend/Settings.php:42
actioninitfrontend/Settings.php:43
actioninitfrontend/Settings.php:44
actioninitfrontend/Settings.php:46
actionwp_headfrontend/Settings.php:47
actionadmin_enqueue_scriptsfrontend/Settings.php:48
actionwp_enqueue_scriptsfrontend/Settings.php:49
actionafter_setup_themefrontend/Settings.php:50
filterafter_setup_themefrontend/Settings.php:51
actionlogin_headfrontend/Settings.php:52
actionwp_enqueue_scriptsfrontend/Settings.php:53
filterrest_authentication_errorsfrontend/Settings.php:55
filtercomment_form_default_fieldsfrontend/Settings.php:56
filterlogin_messagefrontend/Settings.php:57
actionezpz_register_fieldsfrontend/Settings.php:60
filterlogin_errorsfrontend/Settings.php:62
actionadmin_enqueue_scriptsfrontend/Settings.php:63
actionwp_enqueue_scriptsfrontend/Settings.php:64
filterheartbeat_settingsfrontend/Settings.php:65
filtertiny_mce_pluginsfrontend/Settings.php:77
filterwp_resource_hintsfrontend/Settings.php:78
filterwp_revisions_to_keepfrontend/Settings.php:85
filterembed_oembed_discoverfrontend/Settings.php:165
filtertiny_mce_pluginsfrontend/Settings.php:175
filterrewrite_rules_arrayfrontend/Settings.php:178
filterxmlrpc_enabledfrontend/Settings.php:204
filterxmlrpc_methodsfrontend/Settings.php:205
filterwp_headersfrontend/Settings.php:206
filterbloginfo_urlfrontend/Settings.php:207
filterbloginfofrontend/Settings.php:208
filterpre_option_default_ping_statusfrontend/Settings.php:211
filterpre_option_default_pingback_flagfrontend/Settings.php:212
filterthe_generatorfrontend/Settings.php:339
filterstyle_loader_srcfrontend/Settings.php:342
filterscript_loader_srcfrontend/Settings.php:343
actionplugins_loadedintegrations/Custom_Login_Url.php:27
actionwp_loadedintegrations/Custom_Login_Url.php:28
actiontemplate_redirectintegrations/Custom_Login_Url.php:29
filtersite_urlintegrations/Custom_Login_Url.php:31
filternetwork_site_urlintegrations/Custom_Login_Url.php:32
filterwp_redirectintegrations/Custom_Login_Url.php:33
filtersite_option_welcome_emailintegrations/Custom_Login_Url.php:34
filterlogin_urlintegrations/Custom_Login_Url.php:35
actioninitwp-ezpz-tweaks.php:36
actionadmin_initwp-ezpz-tweaks.php:44
actionadmin_noticeswp-ezpz-tweaks.php:50
actionplugins_loadedwp-ezpz-tweaks.php:87
actionlogin_headwp-ezpz-tweaks.php:118
actionadmin_initwp-ezpz-tweaks.php:140
actionadmin_noticeswp-ezpz-tweaks.php:183
actionadmin_initwp-ezpz-tweaks.php:184
actionactivated_pluginwp-ezpz-tweaks.php:209
filtercmb2_render_rangewp-ezpz-tweaks.php:229
Maintenance & Trust

WP EzPz Tweaks Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 14, 2023
PHP min version7.0
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WP EzPz Tweaks Alternatives

JetHost Total Care – Security & Enhancements

JetHost Total Care – Security & Enhancements

jethost-total-care

A
100

JetHost Total Care simplifies WordPress management by consolidating features like security, site enhancements and performance into a single plugin.

700 No CVEs
WP safely disable directory browsing

WP safely disable directory browsing

wp-safely-disable-directory-browsing

A
85

This essential .htaccess rules plugin allow you to improve security of your wordpress blog.

300 No CVEs
DiveWP – Boost Site Performance with Clear, Actionable Steps

DiveWP – Boost Site Performance with Clear, Actionable Steps

divewp-boost-site-performance

A
100

Learn WP Best Practices Through Your Own Site! Get clear insights about Performance, Security, and Best Practices – explained in plain English.

200 No CVEs
RationalCleanup

RationalCleanup

rationalcleanup

A
100

Clean up legacy WordPress bloat, improve security, and optimize performance with toggleable, opinionated defaults.

200 No CVEs
WP Tweaks

WP Tweaks

wp-tweaks

A
92

Several opinionated WordPress tweaks focused in security and performance.

200 No CVEs
Developer Profile

WP EzPz Tweaks Developer Profile

WP EzPz

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP EzPz Tweaks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpezpz-tweaks/assets/css/admin.css/wp-content/plugins/wpezpz-tweaks/assets/css/persianfonts.css/wp-content/plugins/wpezpz-tweaks/assets/js/admin.js
Script Paths
/wp-content/plugins/wpezpz-tweaks/assets/js/admin.js
Version Parameters
wpezpz-tweaks/assets/css/admin.css?ver=wpezpz-tweaks/assets/css/persianfonts.css?ver=wpezpz-tweaks/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpezpz-tweaks
FAQ

Frequently Asked Questions about WP EzPz Tweaks