Does WPS Cleaner have any unpatched vulnerabilities?

No. All known vulnerabilities in WPS Cleaner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPS Cleaner compatible with WordPress 6.8.5?

According to WordPress.org data, WPS Cleaner 1.6.10.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WPS Cleaner updated?

WPS Cleaner was last updated on Jun 24, 2025. Frequent updates are generally a positive security signal.

What is WPS Cleaner's security score?

WPS Cleaner has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPS Cleaner Security & Risk Analysis

wordpress.org/plugins/wps-cleaner

WPS Cleaner cleans your WordPress site as well as your database.

20K active installs v1.6.10.2 PHP + WP 4.2+ Updated Jun 24, 2025

databasenettoyagesecuritywps-cleaner

A · Safe

CVEs total2

Unpatched0

Last CVEJul 23, 2019

Download

Safety Verdict

Is WPS Cleaner Safe to Use in 2026?

Generally Safe

Score 99/100

WPS Cleaner has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 23, 2019Updated 9mo ago

Risk Assessment

The wps-cleaner plugin version 1.6.10.2 presents a mixed security posture. While it shows strengths such as a high percentage of SQL queries using prepared statements and a good number of nonce and capability checks, significant concerns remain. The presence of an unprotected AJAX handler represents a direct entry point for potential attacks that bypass authentication, which is a critical flaw. Furthermore, the taint analysis revealed a flow with unsanitized paths, indicating a risk of path traversal or similar vulnerabilities, even though it was not classified as critical or high. The plugin's vulnerability history, with two known medium-severity CVEs in the past related to authorization bypass and missing authorization, reinforces the concern about input validation and access control. While the lack of currently unpatched vulnerabilities is positive, the past issues suggest a pattern that warrants caution.

Key Concerns

Unprotected AJAX handler (1 found)
Flow with unsanitized paths (taint analysis)
Lower percentage of properly escaped output (46%)
2 Medium severity CVEs in history

Vulnerabilities

WPS Cleaner Security Vulnerabilities

CVEs by Year

2 CVEs in 2019

2019

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

WF-8bd04a52-ed59-4305-831e-646ab5801d36-wps-cleanermedium · 5.3Authorization Bypass Through User-Controlled Key

WPS Cleaner <= 1.4.4 - Arbitrary Media File Disclosure

Jul 23, 2019 Patched in 1.4.5 (1645d)

WF-fb147a5d-65ad-4304-b13a-670f11398e63-wps-cleanermedium · 6.3Missing Authorization

WPS Cleaner <= 1.4.4 - Missing Authorization Checks

Jul 23, 2019 Patched in 1.4.5 (1645d)

Code Analysis

Analyzed Mar 16, 2026

WPS Cleaner Code Analysis

Dangerous Functions

Raw SQL Queries

115 prepared

Unescaped Output

136

116 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

79% prepared146 total queries

Output Escaping

46% escaped252 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

column_whitelist (blocks\settings_media.php:380)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WPS Cleaner Attack Surface

Entry Points38

Unprotected1

AJAX Handlers 38

authwp_ajax_wps_cleaner_clean_allclasses\plugin.php:25

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:28

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:29

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:30

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:31

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:32

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:33

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:36

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:37

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:38

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:39

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:40

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:43

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:44

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:47

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:48

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:51

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:52

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:53

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:54

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:56

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:57

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:60

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:61

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:64

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:67

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:68

authwp_ajax_wps_cleaner_cleanclasses\plugin.php:69

authwp_ajax_delete_old_filesclasses\plugin.php:72

authwp_ajax_delete_dir_fileclasses\plugin.php:73

authwp_ajax_create_zip_archive_mediasclasses\plugin.php:78

authwp_ajax_delete_zip_archive_mediasclasses\plugin.php:79

authwp_ajax_create_zip_archive_filesclasses\plugin.php:82

authwp_ajax_delete_zip_archive_filesclasses\plugin.php:83

authwp_ajax_delete_medias_whitelistclasses\plugin.php:85

authwp_ajax_wpscleaner_ratedclasses\plugin.php:89

authwp_ajax_delete_alertclasses\plugin.php:97

authwp_ajax_check_wps_cleaner_queueclasses\plugin.php:99

WordPress Hooks 33

actionadmin_initclasses\db-table.php:18

actiondelete_blogclasses\db.php:10

filterwps_cleaner_post_indexclasses\index.php:31

filterwps_cleaner_post_indexclasses\index.php:32

filterwps_cleaner_post_indexclasses\index.php:33

filterwps_cleaner_post_indexclasses\index.php:34

filterwps_cleaner_post_indexclasses\index.php:35

filterwps_cleaner_get_media_post_contentclasses\index.php:38

filterwps_cleaner_get_media_post_contentclasses\index.php:39

filterwps_cleaner_get_media_post_contentclasses\index.php:40

filterwps_cleaner_get_media_post_contentclasses\index.php:46

filterwps_cleaner_get_media_post_contentclasses\index.php:50

filterwps_cleaner_get_media_post_contentclasses\index.php:53

filterwps_cleaner_get_media_post_contentclasses\index.php:56

filterwps_cleaner_get_media_post_contentclasses\index.php:59

actionadmin_menuclasses\plugin.php:10

actionwps_cleaner_indexation_medias_queueclasses\plugin.php:12

actionwps_cleaner_indexation_mediasclasses\plugin.php:16

actionsave_postclasses\plugin.php:18

actiondelete_postclasses\plugin.php:19

filterwidget_update_callbackclasses\plugin.php:22

actiondelete_widgetclasses\plugin.php:23

actionadmin_enqueue_scriptsclasses\plugin.php:75

filteradmin_footerclasses\plugin.php:87

filteradmin_footer_textclasses\plugin.php:88

filterwps_bidouille_not_display_pub_arrayclasses\plugin.php:92

filterwps_cleaner_list_files_deleteclasses\plugin.php:94

filterwps_cleaner_excluded_taxonomiesclasses\plugin.php:95

actiontool_boxclasses\plugin.php:101

filterwps_cleaner_db_get_dataclasses\plugin.php:103

filtercron_schedulesclasses\plugin.php:105

actionwpclasses\plugin.php:106

actionplugins_loadedwps-cleaner.php:40

Scheduled Events 2

wps_cleaner_indexation_medias_queue

wps_cleaner_indexation_medias

Maintenance & Trust

WPS Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 24, 2025

PHP min version

Downloads339K

Community Trust

Rating86/100

Number of ratings99

Active installs20K

Alternatives

WPS Cleaner Alternatives

Brozzme DB Prefix & Tools Addons

brozzme-db-prefix-change

100

Easily change your WordPress DB prefix, save time, increase security.

10K No CVEs

The Hack Repair Guy's Plugin Archiver

hackrepair-plugin-archiver

Disable Plugins Without Deleting — Archive and Restore in One Click

400 2 CVEs

Keep Backup Daily

keep-backup-daily

Keep Backup Daily backup your wordpress database and email to you daily, weekly, monthly and even yearly according to the settings.

300 4 CVEs

WP Essentials

wp-essentials

All-in-one bundle of essential plugins and functions for all WordPress websites.

30 No CVEs

Brozzme Change Username

brozzme-change-username

Easily change a WordPress Username, save time, increase security.

20 No CVEs

Developer Profile

WPS Cleaner Developer Profile

NicolasKulka

9 plugins · 149K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

1444 days

View full developer profile

Detection Fingerprints

How We Detect WPS Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wps-cleaner/assets/css/main.css/wp-content/plugins/wps-cleaner/assets/css/wps-cleaner.css/wp-content/plugins/wps-cleaner/assets/js/main.js/wp-content/plugins/wps-cleaner/assets/js/wps-cleaner.js

Script Paths

/wp-content/plugins/wps-cleaner/assets/js/main.js/wp-content/plugins/wps-cleaner/assets/js/wps-cleaner.js

Version Parameters

wps-cleaner/assets/css/main.css?ver=wps-cleaner/assets/css/wps-cleaner.css?ver=wps-cleaner/assets/js/main.js?ver=wps-cleaner/assets/js/wps-cleaner.js?ver=

HTML / DOM Fingerprints

CSS Classes

wps_cleaner_wrapperwps_cleaner_contentwps-cleaner-notice

HTML Comments

Data Attributes

data-wps_cleaner_nonce

JS Globals

wpsCleanerAjax

FAQ