Does ZenPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ZenPress compatible with WordPress 6.9.4?

According to WordPress.org data, ZenPress 2.2.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ZenPress compatible with PHP 8.1+?

ZenPress requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ZenPress updated?

ZenPress was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is ZenPress's security score?

ZenPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZenPress Security & Risk Analysis

wordpress.org/plugins/zenpress

Speed up and harden your site with a single click: cleans up unused features, protects security gaps, and configures cache integrations automatically.

50 active installs v2.2.5 PHP 8.1+ WP 6.0+ Updated Feb 26, 2026

bloatoptimizationperformancesecuritywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ZenPress Safe to Use in 2026?

Generally Safe

Score 100/100

ZenPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "zenpress" plugin v2.2.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a mature and well-maintained codebase. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security profile.

However, there are significant concerns regarding the attack surface. A total of 4 entry points are identified, with 3 of them, all REST API routes, lacking proper permission callbacks. This means these routes are accessible without authentication, potentially exposing sensitive functionalities or data. While taint analysis shows no critical or high severity flows, the lack of authorization on these REST API routes presents a direct risk of unauthorized access and manipulation. The output escaping also needs improvement, with 57% being properly escaped, leaving a substantial portion potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is involved.

Key Concerns

REST API routes without permission callbacks
Unescaped output (43% of total)

Vulnerabilities

None known

ZenPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ZenPress Release Timeline

v2.2.5Current

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.5

v2.0.4.1

v2.0.4

v2.0.3.1

v2.0.3

v2.0.2

v2.0.1

v2.0

v1.0.9.1

v1.0.9

v1.0.8

v1.0.6

v1.0.5

Code Analysis

Analyzed Mar 16, 2026

ZenPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped35 total outputs

Attack Surface

3 unprotected

ZenPress Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 1

authwp_ajax_zenpress_clear_cachesinc\classes\integrations.php:77

REST API Routes 3

POST/wp-json/zenpress/v1autoconfig/autoptimizeinc\classes\integrations.php:90

POST/wp-json/zenpress/v1autoconfig/cache-enablerinc\classes\integrations.php:95

POST/wp-json/zenpress/v1autoconfig/sqlite-object-cacheinc\classes\integrations.php:100

WordPress Hooks 76

actionadmin_enqueue_scriptsinc\admin\enqueue.php:10

actionadmin_enqueue_scriptsinc\admin\enqueue.php:50

filterplugin_row_metainc\admin\links.php:26

actionadmin_menuinc\admin\menu.php:10

actionzenpress_caches_clearinc\classes\autoptimize.php:43

filterautoptimize_filter_toolbar_showinc\classes\autoptimize.php:50

actionzenpress_caches_clearinc\classes\cache-enabler.php:45

actionadmin_bar_menuinc\classes\cache-enabler.php:52

actioninitinc\classes\integrations.php:75

actionadmin_bar_menuinc\classes\integrations.php:76

actionrest_api_initinc\classes\integrations.php:78

actionadmin_noticesinc\classes\integrations.php:79

actionzenpress_caches_clearinc\classes\sqlite-object-cache.php:41

actionadmin_bar_menuinc\classes\sqlite-object-cache.php:48

actioninitinc\settings\loader.php:43

actioninitinc\settings\options.php:10

filterredirect_canonicalinc\snippets\functions\block-user-enumeration.php:15

actionadmin_bar_menuinc\snippets\functions\clean-admin-bar.php:7

actionwp_dashboard_setupinc\snippets\functions\clean-dashboard-items.php:7

filterwp_is_application_passwords_availableinc\snippets\functions\disable-application-passwords.php:7

actiontemplate_redirectinc\snippets\functions\disable-author-archives.php:10

actionadmin_enqueue_scriptsinc\snippets\functions\disable-autosave.php:8

actionwp_enqueue_scriptsinc\snippets\functions\disable-dashicons.php:7

actioninitinc\snippets\functions\disable-default-pattern-categories.php:13

filteremoji_svg_urlinc\snippets\functions\disable-emoji-scripts.php:21

filtertiny_mce_pluginsinc\snippets\functions\disable-emoji-scripts.php:24

actionwp_default_scriptsinc\snippets\functions\disable-jquery-migrate.php:7

filterlogin_display_language_dropdowninc\snippets\functions\disable-login-language-selector.php:7

actioninitinc\snippets\functions\disable-oembed.php:7

filterembed_oembed_discoverinc\snippets\functions\disable-oembed.php:21

filtertiny_mce_pluginsinc\snippets\functions\disable-oembed.php:27

filterrewrite_rules_arrayinc\snippets\functions\disable-oembed.php:32

actionwp_enqueue_scriptsinc\snippets\functions\disable-password-strength-meter.php:12

actionadmin_enqueue_scriptsinc\snippets\functions\disable-password-strength-meter.php:13

actionlogin_enqueue_scriptsinc\snippets\functions\disable-password-strength-meter.php:14

filterfallback_intermediate_image_sizesinc\snippets\functions\disable-pdf-thumbnails.php:7

filterwp_headersinc\snippets\functions\disable-pingback-trackback.php:8

actionafter_setup_themeinc\snippets\functions\disable-pingback-trackback.php:15

actionpre_pinginc\snippets\functions\disable-pingback-trackback.php:21

filterrest_authentication_errorsinc\snippets\functions\disable-rest-api.php:54

filterjson_enabledinc\snippets\functions\disable-rest-api.php:65

filterjson_jsonp_enabledinc\snippets\functions\disable-rest-api.php:66

filterrest_enabledinc\snippets\functions\disable-rest-api.php:69

filterrest_jsonp_enabledinc\snippets\functions\disable-rest-api.php:70

actiondo_feedinc\snippets\functions\disable-rss.php:14

actiondo_feed_rdfinc\snippets\functions\disable-rss.php:15

actiondo_feed_rssinc\snippets\functions\disable-rss.php:16

actiondo_feed_rss2inc\snippets\functions\disable-rss.php:17

actiondo_feed_atominc\snippets\functions\disable-rss.php:18

actiondo_feed_rss2_commentsinc\snippets\functions\disable-rss.php:19

actiondo_feed_atom_commentsinc\snippets\functions\disable-rss.php:20

actionwp_enqueue_scriptsinc\snippets\functions\disable-woocommerce-cart-fragments.php:8

actionwp_enqueue_scriptsinc\snippets\functions\disable-woocommerce-scripts-styles.php:8

filterwc_stripe_load_scripts_on_product_page_when_prbs_disabledinc\snippets\functions\disable-woocommerce-stripe-scripts.php:8

filterwc_stripe_load_scripts_on_cart_page_when_prbs_disabledinc\snippets\functions\disable-woocommerce-stripe-scripts.php:9

actionwidgets_initinc\snippets\functions\disable-woocommerce-widgets.php:8

filterwp_lazy_loading_enabledinc\snippets\functions\disable-wordpress-default-lazy-loading.php:7

filterxmlrpc_enabledinc\snippets\functions\disable-xmlrpc-rsdlink.php:7

filterwp_headersinc\snippets\functions\hide-woocommerce-version.php:9

filterstyle_loader_srcinc\snippets\functions\hide-woocommerce-version.php:16

filterscript_loader_srcinc\snippets\functions\hide-woocommerce-version.php:25

filterthe_generatorinc\snippets\functions\hide-wordpress-version.php:11

filterscript_loader_srcinc\snippets\functions\hide-wordpress-version.php:16

filterstyle_loader_srcinc\snippets\functions\hide-wordpress-version.php:25

filterwp_revisions_to_keepinc\snippets\functions\limit-post-revisions.php:7

filterlogin_errorsinc\snippets\functions\protect-wp-login.php:8

filterauthenticateinc\snippets\functions\protect-wp-login.php:13

filtershould_load_remote_block_patternsinc\snippets\functions\remove-gutenberg-unwanted-block-patterns.php:8

actionafter_setup_themeinc\snippets\functions\remove-gutenberg-unwanted-block-patterns.php:11

actionadmin_headinc\snippets\functions\remove-help-button.php:7

filteradmin_footer_textinc\snippets\functions\remove-thanks-for-using-wordpress-in-footer.php:7

actionwoocommerce_blocks_loadedinc\snippets\functions\remove-woocommerce-patterns.php:14

actioninitinc\snippets\functions\remove-woocommerce-patterns.php:39

filterwoocommerce_admin_featuresinc\snippets\functions\remove-woocommerce-patterns.php:58

actionadmin_bar_menuinc\snippets\functions\remove-wordpress-logo.php:7

filtershould_load_separate_core_block_assetsinc\snippets\functions\separate-gutenberg-core-block-styles.php:7

Maintenance & Trust

ZenPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version8.1

Downloads2K

Community Trust

Rating100/100

Number of ratings3

Active installs50

Alternatives

ZenPress Alternatives

SbS Settings

sbs-settings

100

All-in-one WordPress & WooCommerce optimization. Modern AJAX toggle UI, completely free.

10 No CVEs

Disable Bloat for WordPress & WooCommerce

disable-dashboard-for-woocommerce

All-in-One solution to speed up your WordPress & WooCommerce. Remove unnecessary features and make your site faster and cleaner.

10K No CVEs

JetHost Total Care – Security & Enhancements

jethost-total-care

100

JetHost Total Care simplifies WordPress management by consolidating features like security, site enhancements and performance into a single plugin.

700 No CVEs

WP safely disable directory browsing

wp-safely-disable-directory-browsing

This essential .htaccess rules plugin allow you to improve security of your wordpress blog.

300 No CVEs

DiveWP – Boost Site Performance with Clear, Actionable Steps

divewp-boost-site-performance

100

Learn WP Best Practices Through Your Own Site! Get clear insights about Performance, Security, and Best Practices – explained in plain English.

200 No CVEs

Developer Profile

ZenPress Developer Profile

Quentin Le Duff

2 plugins · 60 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ZenPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zenpress/assets/build/index.js/wp-content/plugins/zenpress/assets/build/index.css

Script Paths

/wp-content/plugins/zenpress/assets/build/index.js

Version Parameters

/wp-content/plugins/zenpress/assets/build/index.js?ver=/wp-content/plugins/zenpress/assets/build/index.css?ver=

HTML / DOM Fingerprints

JS Globals

zenpressSnippetsMetazenpressIntegrationsActive

FAQ