Does Cache-Control have any unpatched vulnerabilities?

No. All known vulnerabilities in Cache-Control have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cache-Control compatible with WordPress 5.2.24?

According to WordPress.org data, Cache-Control 2.2.5 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Cache-Control updated?

Cache-Control was last updated on Aug 30, 2019. Frequent updates are generally a positive security signal.

What is Cache-Control's security score?

Cache-Control has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cache-Control Security & Risk Analysis

wordpress.org/plugins/cache-control

Configurable HTTP Cache-Control response headers for webpages generated by WordPress.

1K active installs v2.2.5 PHP + WP 4.4.1+ Updated Aug 30, 2019

cache-controlcachinghttpperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cache-Control Safe to Use in 2026?

Generally Safe

Score 85/100

Cache-Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "cache-control" plugin v2.2.5 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events, especially those lacking authentication, indicates a minimal attack surface. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and implementing a nonce check and capability checks. The taint analysis revealing no unsanitized paths or critical/high severity flows further reinforces its security. The plugin's clean vulnerability history with zero known CVEs suggests a commitment to security maintenance by its developers.

While the code shows positive security indicators, a notable concern lies in the output escaping. With 41% of outputs properly escaped, there is a significant portion (59%) that is not. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed to users. Despite the overall good security practices and lack of historical vulnerabilities, this escaping issue represents the most immediate area for improvement and potential risk.

Key Concerns

Insufficient output escaping detected

Vulnerabilities

None known

Cache-Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cache-Control Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

41% escaped34 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

cache_control_options_page (admin.php:73)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Cache-Control Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

filterplugin_row_metaadmin.php:27

actionadmin_menuadmin.php:43

actiontemplate_redirectcache-control.php:371

filterwp_redirect_statuscache-control.php:395

actioninitcache-control.php:403

Maintenance & Trust

Cache-Control Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 30, 2019

PHP min version

Downloads99K

Community Trust

Rating100/100

Number of ratings6

Active installs1K

Alternatives

Cache-Control Alternatives

Simple Cache Killer

simple-cache-killer

Allows users to specify that requests to their content not be cached in any way, easily from within the Wordpress admin.

10 No CVEs

beeVisible – Admin HTTP Cache

beevisible-admin-http-cache

100

Speeds up the WordPress admin backend by intelligently caching plugin HTTP requests. Auto-Cache, Auto-Blacklist for faulty domains.

0 No CVEs

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

Speed Optimizer – The All-In-One Performance-Boosting Plugin

sg-cachepress

Boost your website performance and page speed, and increase conversions with powerful caching, frontend, media, and environment optimizations.

1.0M 2 CVEs

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 3 CVEs

Developer Profile

Cache-Control Developer Profile

Dan

1 plugin · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cache-Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cache-control/assets/js/admin.js/wp-content/plugins/cache-control/assets/css/admin.css

Script Paths

/wp-content/plugins/cache-control/assets/js/admin.js

Version Parameters

cache-control/assets/js/admin.js?ver=cache-control/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

cache-control-settings-section

FAQ