WP-Safety

Cache Warmer Security & Risk Analysis

wordpress.org/plugins/cache-warmer

Visits website pages to warm (create) the cache if you have any caching solutions configured.

1K active installs v1.3.8 PHP 7.4+ WP + Updated Nov 17, 2024
cachecloudflareobject-cacherediswarming
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Cache Warmer Safe to Use in 2026?

Generally Safe

Score 92/100

Cache Warmer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'cache-warmer' plugin, version 1.3.8, exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs in its history, coupled with a robust implementation of prepared statements for SQL queries and proper output escaping, suggests a history of secure development practices. The low number of taint flows and the lack of any identified vulnerabilities in this category are also positive indicators. However, a notable concern arises from the complete absence of capability checks across all entry points. While the static analysis reports zero unprotected entry points, the lack of explicit capability checks means that any entry point, if discovered or if the static analysis is incomplete, would not have proper authorization enforced. The two flows with unsanitized paths, although not flagged as critical or high severity, warrant attention as they represent potential avenues for unexpected behavior or unintended data handling. Overall, the plugin demonstrates good technical security implementation in critical areas, but the lack of capability checks across its interface presents a potential, albeit currently abstract, risk.

Key Concerns

  • No capability checks implemented
  • Taint flows with unsanitized paths detected
Vulnerabilities
None known

Cache Warmer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Cache Warmer Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
50 prepared
Unescaped Output
15
137 escaped
Nonce Checks
14
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

91% prepared55 total queries

Output Escaping

90% escaped152 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
save (src\class-ajax.php:60)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Cache Warmer Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionplugins_loadedcache-warmer.php:90
actionadmin_noticescache-warmer.php:106
actionwp_dashboard_setupcache-warmer.php:145
actioninitcache-warmer.php:153
actionadmin_menusrc\class-admin-menu.php:21
actionadmin_noticessrc\class-admin-menu.php:29
actioncache-warmer-start-from-clisrc\class-extend-wp-cli.php:24
actioncache-warmer-stop-from-clisrc\class-extend-wp-cli.php:25
actionaction_scheduler_initsrc\class-extend-wp-cli.php:42
actionaction_scheduler_initsrc\class-extend-wp-cli.php:60
actioninitsrc\class-intervals-scheduler.php:32
actionaction_scheduler_initsrc\class-intervals-scheduler.php:89
actioninitsrc\class-migrations.php:57
actionaction_scheduler_initsrc\class-migrations.php:120
actionaction_scheduler_initsrc\class-migrations.php:135
actiontransition_post_statussrc\posts-warming\class-posts-enqueue.php:30
actionadd_meta_boxessrc\representation\class-publish-box.php:24
Maintenance & Trust

Cache Warmer Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0
Last updatedNov 17, 2024
PHP min version7.4
Downloads19K

Community Trust

Rating96/100
Number of ratings19
Active installs1K
Alternatives

Cache Warmer Alternatives

Redis Object Cache

Redis Object Cache

redis-cache

A
100

A persistent object cache backend powered by Redis®¹. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.

300K No CVEs
WP Redis

WP Redis

wp-redis

A
100

Back your WP Object Cache with Redis, a high-performance in-memory storage backend.

10K No CVEs
atec Cache Info

atec Cache Info

atec-cache-info

A
100

Show system cache status and statistics for OPcache, JIT, Object Cache, APCu, Redis, Memcached, and SQLite Cache.

1K No CVEs
Redis Object Cache

Redis Object Cache

redis-object-cache

A
85

A persistent object cache powered by Redis.

10 No CVEs
Nginx Helper

Nginx Helper

nginx-helper

A
100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs
Developer Profile

Cache Warmer Developer Profile

TMM Technology

2 plugins · 1K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Cache Warmer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cache-warmer/assets/css/cache-warmer-logs.css/wp-content/plugins/cache-warmer/assets/css/cache-warmer-main.css/wp-content/plugins/cache-warmer/assets/css/cache-warmer-settings.css/wp-content/plugins/cache-warmer/assets/css/cache-warmer-post.css/wp-content/plugins/cache-warmer/assets/css/cache-warmer-dashboard.css/wp-content/plugins/cache-warmer/assets/js/cache-warmer-logs.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-main.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-settings.js+3 more
Script Paths
/wp-content/plugins/cache-warmer/assets/js/cache-warmer-logs.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-main.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-settings.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-post.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-dashboard.js/wp-content/plugins/cache-warmer/assets/js/cache-warmer-utils.js
Version Parameters
cache-warmer/assets/css/cache-warmer-logs.css?ver=cache-warmer/assets/css/cache-warmer-main.css?ver=cache-warmer/assets/css/cache-warmer-settings.css?ver=cache-warmer/assets/css/cache-warmer-post.css?ver=cache-warmer/assets/css/cache-warmer-dashboard.css?ver=cache-warmer/assets/js/cache-warmer-logs.js?ver=cache-warmer/assets/js/cache-warmer-main.js?ver=cache-warmer/assets/js/cache-warmer-settings.js?ver=cache-warmer/assets/js/cache-warmer-post.js?ver=cache-warmer/assets/js/cache-warmer-dashboard.js?ver=cache-warmer/assets/js/cache-warmer-utils.js?ver=

HTML / DOM Fingerprints

CSS Classes
cache-warmer-logs-pagecache-warmer-main-pagecache-warmer-settings-pagecache-warmer-post-pagecache-warmer-dashboard-widgetcache-warmer-notice
HTML Comments
<!-- Cache Warmer Settings -->
Data Attributes
data-cache-warmer-ajax-urldata-cache-warmer-noncedata-cache-warmer-action
JS Globals
cacheWarmer
FAQ

Frequently Asked Questions about Cache Warmer