WPPerformanceTester Security & Risk Analysis
wordpress.org/plugins/wpperformancetesterWPPerformanceTester benchmarks your server's performance through a variety of PHP, MySql and WordPress tests
Is WPPerformanceTester Safe to Use in 2026?
Mostly Safe
Score 71/100WPPerformanceTester is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.
The wpperformancetester plugin version 2.0.0 presents a mixed security posture. On the positive side, the static analysis indicates a very small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks. The plugin also demonstrates good practices by using prepared statements for all SQL queries and implementing nonce and capability checks in some areas. However, significant concerns arise from the output escaping, where only 15% of outputs are properly escaped, leaving a substantial portion vulnerable to cross-site scripting (XSS) attacks. Furthermore, the taint analysis revealed two flows with unsanitized paths, which could potentially be exploited for path traversal or similar vulnerabilities, even though they are not currently categorized as critical or high severity.
The vulnerability history reveals a medium severity Cross-Site Request Forgery (CSRF) vulnerability that remains unpatched, as of the last recorded date. The presence of this history, even if only one medium-severity issue, coupled with the observed output escaping and taint flow issues, suggests a need for greater diligence in secure coding practices. While the plugin's attack surface is minimal, the lack of comprehensive output escaping and the presence of unpatched vulnerabilities are significant weaknesses that could be exploited by attackers.
Key Concerns
- Unpatched medium severity CVE
- Low percentage of properly escaped output
- Taint flows with unsanitized paths
WPPerformanceTester Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WPPerformanceTester <= 2.0.0 - Cross-Site Request Forgery
WPPerformanceTester Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WPPerformanceTester Attack Surface
WordPress Hooks 5
Maintenance & Trust
WPPerformanceTester Maintenance & Trust
Maintenance Signals
Community Trust
WPPerformanceTester Alternatives
Code Profiler – WordPress Performance Profiling and Debugging Made Easy
code-profiler
A profiler to measure the performance of your WordPress plugins and themes.
Hosting Benchmark tool
wpbenchmark
Benchmark your hosting server CPU, memory and disk, compare with others using simple Wordpress plugin.
Falcon – WordPress Optimizations & Tweaks
falcon
A lightweight WordPress optimization and tweak plugin for a better performance
MO Cache
mo-cache
Improving the site performance by caching translation files using the WordPress standard cache mechanism.
Dynamic Front-End Heartbeat Control
dynamic-front-end-heartbeat-control
An enhanced solution to optimize the performance of your WordPress website and automatically achieve the best Heartbeat API values.
WPPerformanceTester Developer Profile
1 plugin · 1K total installs
How We Detect WPPerformanceTester
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wpperformancetester/wppert.css/wp-content/plugins/wpperformancetester/wppert.jswpperformancetester/wppert.css?ver=wpperformancetester/wppert.js?ver=HTML / DOM Fingerprints
wrapupdatedfadedata-chartjs-color-defaultdata-chartjs-color-primarydata-chartjs-color-warningindustryDataWPPerformanceTester