Does Speed Kit have any unpatched vulnerabilities?

Yes — Speed Kit currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Speed Kit compatible with WordPress 6.2.9?

According to WordPress.org data, Speed Kit 2.0.2 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Speed Kit compatible with PHP 7.3.0+?

Speed Kit requires PHP 7.3.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Speed Kit updated?

Speed Kit was last updated on May 2, 2024. Frequent updates are generally a positive security signal.

What is Speed Kit's security score?

Speed Kit has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Speed Kit Security & Risk Analysis

wordpress.org/plugins/baqend

Speed Kit makes your WordPress website load instantly with one simple click.

2K active installs v2.0.2 PHP 7.3.0+ WP 4.6.0+ Updated May 2, 2024

cachingfastoptimizationperformancesecure

B · Generally Safe

CVEs total1

Unpatched1

Last CVEJan 7, 2026

Plugin page Download

Safety Verdict

Is Speed Kit Safe to Use in 2026?

Mostly Safe

Score 70/100

Speed Kit is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 7, 2026Updated 1yr ago

Risk Assessment

The Baqend plugin version 2.0.2 exhibits a mixed security posture. While the plugin demonstrates good practices by using prepared statements for all SQL queries and avoiding external HTTP requests, significant concerns arise from its output escaping and a notable vulnerability history. The static analysis reveals a very low percentage of properly escaped output (2%), which is a major red flag for potential Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a known medium severity vulnerability that remains unpatched, specifically related to missing authorization. This suggests a recurring pattern of authorization weaknesses. The absence of apparent AJAX handlers, REST API routes, and shortcodes with authentication checks in the static analysis might indicate a limited attack surface, but the overall security is significantly undermined by the unpatched vulnerability and the prevalent output escaping issues. The presence of bundled libraries like Guzzle also warrants attention for potential outdated versions that might introduce vulnerabilities, though this is not explicitly detailed in the provided data.

Key Concerns

Unpatched Medium Severity CVE
Low percentage of properly escaped output
Missing Authorization vulnerability history
Bundled library (Guzzle) present

Vulnerabilities

Speed Kit Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-22487medium · 4.3Missing Authorization

Speed Kit <= 2.0.2 - Missing Authorization

Jan 7, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

Speed Kit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

Output Escaping

2% escaped94 total outputs

Attack Surface

Speed Kit Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionadmin_enqueue_scriptsincludes\Controller\AdminController.php:43

actionadmin_initincludes\Controller\AdminController.php:44

actionadmin_menuincludes\Controller\AdminController.php:45

actionadmin_noticesincludes\Controller\AdminController.php:46

actioncron_revalidate_htmlincludes\Controller\CronController.php:21

actioncron_update_speed_kitincludes\Controller\CronController.php:22

actionwp_dashboard_setupincludes\Controller\DashboardController.php:30

actionwp_headincludes\Controller\FrontendController.php:18

actionadmin_headincludes\Controller\FrontendController.php:19

actionsave_postincludes\Controller\TriggerController.php:22

actiondelete_postincludes\Controller\TriggerController.php:23

actionadd_attachmentincludes\Controller\TriggerController.php:24

actionattachment_updatedincludes\Controller\TriggerController.php:25

actiondelete_attachmentincludes\Controller\TriggerController.php:26

actionset_object_termsincludes\Controller\TriggerController.php:27

actioncomment_postincludes\Controller\TriggerController.php:30

actionedit_commentincludes\Controller\TriggerController.php:31

actiondelete_commentincludes\Controller\TriggerController.php:32

actiontransition_comment_statusincludes\Controller\TriggerController.php:33

actionedited_termincludes\Controller\TriggerController.php:36

actiondelete_termincludes\Controller\TriggerController.php:37

actionprofile_updateincludes\Controller\TriggerController.php:40

actionuser_registerincludes\Controller\TriggerController.php:41

actiondelete_userincludes\Controller\TriggerController.php:42

actionswitch_themeincludes\Controller\TriggerController.php:45

filterwidget_update_callbackincludes\Controller\TriggerController.php:48

actiondelete_widgetincludes\Controller\TriggerController.php:49

actionupgrader_process_completeincludes\Controller\TriggerController.php:52

actionupgrader_process_completeincludes\Controller\TriggerController.php:53

actionshutdownincludes\Controller\TriggerController.php:56

actionshutdownincludes\Controller\TriggerController.php:57

actionplugins_loadedincludes\Plugin.php:141

actionplugins_loadedincludes\Plugin.php:144

actionplugins_loadedincludes\Plugin.php:145

actionactivated_pluginincludes\Plugin.php:146

filterinitincludes\Plugin.php:147

Scheduled Events 2

cron_update_speed_kit

cron_revalidate_html

Maintenance & Trust

Speed Kit Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMay 2, 2024

PHP min version7.3.0

Downloads99K

Community Trust

Rating80/100

Number of ratings11

Active installs2K

Alternatives

Speed Kit Alternatives

Flying Pages: Preload Pages for Faster Navigation & Improved User Experience

flying-pages

100

Preload pages intelligently to boost site speed and enhance user experience by loading pages before users click, ensuring instant page transitions.

20K No CVEs

WP Meteor Website Speed Optimization Addon

wp-meteor

2x-5x improvement in your Page Speed score. A completely new way of optimizing your page speed.

20K 3 CVEs

Quicklink for WordPress

quicklink

100

⚡️ Faster subsequent page-loads by prefetching in-viewport links during idle time.

1K No CVEs

WP Nav Menu Cache

wp-nav-menu-cache

Create cache for dynamically generated navigation menu HTML and serve from a static file. It reduces some MySQL queries and increases page speed.

100 No CVEs

Mega Cache

mega-cache

Mega Cache is an ultra-fast page caching plugin designed to enhance your WordPress site's performance, including WooCommerce product caching.

50 No CVEs

Developer Profile

Speed Kit Developer Profile

baqend

1 plugin · 2K total installs

trust score

Avg Security Score

70/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Speed Kit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/baqend/assets/css/baqend-admin.css/wp-content/plugins/baqend/assets/js/baqend-admin.js/wp-content/plugins/baqend/assets/js/baqend-vendor.js

Version Parameters

baqend/assets/css/baqend-admin.css?ver=baqend/assets/js/baqend-admin.js?ver=baqend/assets/js/baqend-vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-baqend-admin

Data Attributes

data-baqend-app-tokendata-baqend-app-id

JS Globals

SPEED_KIT_MESSAGES

FAQ