WP-Safety

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Security & Risk Analysis

wordpress.org/plugins/add-expires-headers

AEH Speed Optimization boosts site speed with caching, minification, lazy loading, and image optimization to improve performance and SEO.

3K active installs v3.1.0 PHP + WP 3.5+ Updated Dec 4, 2025
cachecore-web-vitalsoptimizepagespeedperformance
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 9, 2026
Plugin page Download
Safety Verdict

Is AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Safe to Use in 2026?

Mostly Safe

Score 76/100

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 9, 2026Updated 4mo ago
Risk Assessment

The "add-expires-headers" v3.1.0 plugin presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and implementing a reasonable number of nonce and capability checks, significant concerns remain. The presence of two AJAX handlers without proper authentication checks creates a notable attack surface, as these endpoints could potentially be exploited by unauthenticated users. Taint analysis shows no critical or high severity flows, which is positive, and the plugin avoids dangerous functions and raw SQL.

Key Concerns

  • Unpatched CVE found
  • AJAX handlers without auth checks
  • Moderate percentage of unescaped output
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
2

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24633medium · 5.3Missing Authorization

Add Expires Headers & Optimized Minify <= 3.1.0 - Missing Authorization

Jan 9, 2026Unpatched
CVE-2023-27457medium · 4.3Cross-Site Request Forgery (CSRF)

Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder]

Mar 2, 2023 Patched in 2.7.1 (327d)
Code Analysis
Analyzed Mar 16, 2026

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
17 escaped
Nonce Checks
6
Capability Checks
5
File Operations
25
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

37% escaped46 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
<cache> (inc\view\cache.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_hide_review_noticemain\class-aeh-main.php:20
noprivwp_ajax_hide_review_noticemain\class-aeh-main.php:21
authwp_ajax_purge_cachemain\class-aeh-main.php:23
noprivwp_ajax_purge_cachemain\class-aeh-main.php:24
WordPress Hooks 25
actionadmin_noticesadd-expires-headers.php:164
actionplugins_loadedadd-expires-headers.php:176
actionafter_uninstalladd-expires-headers.php:177
actionadmin_enqueue_scriptsmain\class-aeh-admin.php:15
actionwp_enqueue_scriptsmain\class-aeh-admin.php:16
actionadmin_menumain\class-aeh-admin.php:17
filterthe_contentmain\class-aeh-lazy-loading.php:21
actionwp_footermain\class-aeh-lazy-loading.php:22
filterdo_shortcode_tagmain\class-aeh-lazy-loading.php:24
filterwidget_display_callbackmain\class-aeh-lazy-loading.php:27
actionwp_enqueue_scriptsmain\class-aeh-lazy-loading.php:29
actionadmin_noticesmain\class-aeh-main.php:19
actionrefresh_cachemain\class-aeh-main.php:22
actionupgrader_process_completemain\class-aeh-minify.php:59
actionafter_switch_thememain\class-aeh-minify.php:60
actiondeactivated_pluginmain\class-aeh-minify.php:61
actionactivated_pluginmain\class-aeh-minify.php:62
actionadmin_initmain\class-aeh-minify.php:63
actionadmin_bar_menumain\class-aeh-minify.php:64
actionsetup_thememain\class-aeh-minify.php:66
actionwp_print_stylesmain\class-aeh-minify.php:134
actionwp_print_footer_scriptsmain\class-aeh-minify.php:135
actiontemplate_redirectmain\class-aeh-minify.php:138
filterstyle_loader_tagmain\class-aeh-minify.php:140
actionadmin_noticesmain\class-aeh-minify.php:926
Maintenance & Trust

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version
Downloads205K

Community Trust

Rating64/100
Number of ratings19
Active installs3K
Alternatives

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Alternatives

WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
Aruba HiSpeed Cache

Aruba HiSpeed Cache

aruba-hispeed-cache

A
95

Aruba HiSpeed Cache interfaces directly with an Aruba hosting platform's HiSpeed Cache service and automates its management.

100K 6 CVEs
10Web Booster – Website speed optimization, Cache & Page Speed optimizer

10Web Booster – Website speed optimization, Cache & Page Speed optimizer

tenweb-speed-optimizer

A
86

Speed up your site with 10Web Booster. Pass Core Web Vitals by optimizing HTML / CSS / JavaScript, Image Optimization, Lazy Loading, Cache, Google Fon &hellip;

90K 5 CVEs
Seraphinite Accelerator

Seraphinite Accelerator

seraphinite-accelerator

A
95

Turns on site high speed to be attractive for people and search engines.

60K 9 CVEs
Developer Profile

AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Developer Profile

Passionate Brains

4 plugins · 8K total installs

64
trust score
Avg Security Score
78/100
Avg Patch Time
327 days
View full developer profile
Detection Fingerprints

How We Detect AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/add-expires-headers/assests/css/aeh-frontend.css/wp-content/plugins/add-expires-headers/assets/css/aeh-admin.css/wp-content/plugins/add-expires-headers/assets/css/materialize.min.css/wp-content/plugins/add-expires-headers/assets/js/materialize.min.js/wp-content/plugins/add-expires-headers/assets/js/admin.js
Script Paths
/wp-content/plugins/add-expires-headers/assets/js/admin.js
Version Parameters
add-expires-headers/assets/css/aeh-admin.css?ver=add-expires-headers/assets/css/materialize.min.css?ver=add-expires-headers/assets/js/materialize.min.js?ver=add-expires-headers/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
aeh-admin-containeraeh-settings-titleaeh-input-wrapperaeh-section-header
HTML Comments
<!-- AEH Admin Section -->
Data Attributes
data-aeh-tab
JS Globals
AEH_Admin
FAQ

Frequently Asked Questions about AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization