WP-Safety

Cache Master Security & Risk Analysis

wordpress.org/plugins/cache-master

Cache Master is an extremely lightweight, high-performance cache plugin that speeds up your WordPress sites on the fly. The core of Cache Master is dr …

500 active installs v2.1.3 PHP 7.1.0+ WP 4.7+ Updated May 28, 2023
apccachememcachedmongodbredis
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Cache Master Safe to Use in 2026?

Generally Safe

Score 85/100

Cache Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The 'cache-master' v2.1.3 plugin exhibits a generally strong security posture based on the provided static analysis. It has a minimal attack surface, with only one AJAX handler and no REST API routes, shortcodes, or cron events. Encouragingly, the plugin demonstrates good practice by implementing nonce checks and capability checks for its entry points, and all SQL queries utilize prepared statements, eliminating the risk of SQL injection. The absence of external HTTP requests and bundled libraries further reduces potential attack vectors. However, a significant concern arises from the taint analysis, which indicates two flows with unsanitized paths. While the severity is not explicitly categorized as critical or high, unsanitized path traversals can lead to directory traversal vulnerabilities, allowing attackers to access or manipulate files outside the intended directory. Additionally, a low percentage of output escaping (10%) is a concern, suggesting a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed.

Key Concerns

  • Unsanitized paths in taint flows
  • Low percentage of properly escaped output
Vulnerabilities
None known

Cache Master Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Cache Master Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
132
14 escaped
Nonce Checks
1
Capability Checks
3
File Operations
15
External Requests
0
Bundled Libraries
0

Output Escaping

10% escaped146 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
scm_run_expert_mode (inc\expert-mode.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Cache Master Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_scm_action_clear_cacheinc\admin\ajax-action.php:19
WordPress Hooks 16
actionadmin_bar_menuinc\admin\admin-bar.php:15
actionadmin_footerinc\admin\admin-bar.php:16
actionadmin_menuinc\admin\menu.php:15
actionadmin_enqueue_scriptsinc\admin\menu.php:16
actionadmin_enqueue_scriptsinc\admin\menu.php:17
filterplugin_row_metainc\admin\menu.php:19
actionadmin_initinc\admin\setting.php:15
actionpost_updatedinc\admin\update-post.php:15
filterpost_updated_messagesinc\admin\update-post.php:16
actionwoocommerce_payment_completeinc\admin\update-woocommerce.php:15
actionwidgets_initinc\admin\widgets.php:22
actionwp_enqueue_scriptsinc\class-cache-master.php:71
actionlogin_enqueue_scriptsinc\class-cache-master.php:72
actionplugins_loadedinc\class-cache-master.php:87
actionshutdowninc\class-cache-master.php:88
actionwpinc\class-cache-master.php:89
Maintenance & Trust

Cache Master Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedMay 28, 2023
PHP min version7.1.0
Downloads15K

Community Trust

Rating96/100
Number of ratings16
Active installs500
Alternatives

Cache Master Alternatives

atec Cache Info

atec Cache Info

atec-cache-info

A
100

Show system cache status and statistics for OPcache, JIT, Object Cache, APCu, Redis, Memcached, and SQLite Cache.

1K No CVEs
Redis Object Cache

Redis Object Cache

redis-cache

A
100

A persistent object cache backend powered by Redis®¹. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.

300K No CVEs
Nginx Helper

Nginx Helper

nginx-helper

A
100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs
APCu Manager

APCu Manager

apcu-manager

A
100

APCu statistics and management right in the WordPress admin dashboard.

10K No CVEs
WP Redis

WP Redis

wp-redis

A
100

Back your WP Object Cache with Redis, a high-performance in-memory storage backend.

10K No CVEs
Developer Profile

Cache Master Developer Profile

Terry L.

3 plugins · 630 total installs

64
trust score
Avg Security Score
78/100
Avg Patch Time
1100 days
View full developer profile
Detection Fingerprints

How We Detect Cache Master

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cache-master/inc/assets/css/scm.css/wp-content/plugins/cache-master/inc/assets/css/scm-frontend.css/wp-content/plugins/cache-master/inc/assets/js/scm.js/wp-content/plugins/cache-master/inc/assets/js/scm-frontend.js
Script Paths
/wp-content/plugins/cache-master/inc/assets/js/scm.js/wp-content/plugins/cache-master/inc/assets/js/scm-frontend.js
Version Parameters
cache-master/inc/assets/css/scm.css?ver=cache-master/inc/assets/css/scm-frontend.css?ver=cache-master/inc/assets/js/scm.js?ver=cache-master/inc/assets/js/scm-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
scm-logo
HTML Comments
Cache Master - Menu.Cache Master - Settings.Cache Master - Expert Mode.Cache Master - Statistics.+3 more
Data Attributes
data-scm-optiondata-scm-content
JS Globals
scm_settings
FAQ

Frequently Asked Questions about Cache Master