Does CDN Bull have any unpatched vulnerabilities?

No. All known vulnerabilities in CDN Bull have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CDN Bull compatible with WordPress 6.8.5?

According to WordPress.org data, CDN Bull 1.0.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is CDN Bull compatible with PHP 7.0+?

CDN Bull requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CDN Bull updated?

CDN Bull was last updated on Jun 20, 2025. Frequent updates are generally a positive security signal.

What is CDN Bull's security score?

CDN Bull has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CDN Bull Security & Risk Analysis

wordpress.org/plugins/cdn-bull

Enable CDN URLs for your static assets such as images, CSS or JavaScript files.

20 active installs v1.0.6 PHP 7.0+ WP 4.7+ Updated Jun 20, 2025

cdncontent-delivery-networkcontent-distribution-networkpagespeedperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CDN Bull Safe to Use in 2026?

Generally Safe

Score 100/100

CDN Bull has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The 'cdn-bull' v1.0.6 plugin exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices in several areas, including 100% use of prepared statements for SQL queries and 95% proper output escaping, significant concerns remain.

The primary risk stems from its attack surface. The plugin exposes 5 AJAX handlers, with a concerning 3 of these lacking authentication checks. This means that unauthenticated users could potentially trigger these handlers, opening the door to unintended actions or information disclosure. Although taint analysis shows no unsanitized flows, the presence of the `shell_exec` function is a major red flag. This function is inherently dangerous as it allows for the execution of arbitrary operating system commands, and its use without strict sanitization or robust access controls presents a high-risk vulnerability.

The plugin's vulnerability history is clean, with no recorded CVEs. This is positive, but it should not lead to complacency, especially given the identified weaknesses in the static analysis. The lack of historical vulnerabilities might be due to the plugin's obscurity or that its current version has not yet been thoroughly scrutinized. In conclusion, while the plugin has strengths in areas like SQL and output handling, the unprotected AJAX endpoints and the presence of `shell_exec` create significant security vulnerabilities that require immediate attention.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function (shell_exec)

Vulnerabilities

None known

CDN Bull Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CDN Bull Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_execif ( ! @shell_exec( 'echo backupwordpress' ) )inc\cdnbull_hm_backup.class.php:229

shell_execif ( is_null( shell_exec( 'hash zip 2>&1' ) ) ) {inc\cdnbull_hm_backup.class.php:697

shell_exec$stderr = shell_exec( 'cd ' . escapeshellarg( $this->get_root() ) . ' && ' . escapeshellcmd( $this->inc\cdnbull_hm_backup.class.php:973

shell_exec$stderr = shell_exec( 'cd ' . escapeshellarg( $this->get_root() ) . ' && ' . escapeshellcmd( $this->inc\cdnbull_hm_backup.class.php:977

shell_execreturn shell_exec( 'cd ' . escapeshellarg( $this->get_root() ) . ' && ' . escapeshellcmd( $this->getinc\cdnbull_hm_backup.class.php:1003

Output Escaping

95% escaped95 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

settings_page (inc\cdnbull_settings.class.php:357)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

CDN Bull Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 5

authwp_ajax_do_backupinc\cdnbull.class.php:30

authwp_ajax_do_uploadinc\cdnbull.class.php:31

authwp_ajax_stop_uploadinc\cdnbull.class.php:33

authwp_ajax_check_syncinc\cdnbull.class.php:34

noprivwp_ajax_cdnbull_calculate_backup_sizeinc\cdnbull_backups.class.php:817

WordPress Hooks 33

actionplugins_loadedcdn-bull.php:52

actionsetup_themeinc\cdnbull.class.php:16

actioninitinc\cdnbull.class.php:19

actioninitinc\cdnbull.class.php:20

actioninitinc\cdnbull.class.php:21

actioninitinc\cdnbull.class.php:22

actionwp_initialize_siteinc\cdnbull.class.php:25

actionadmin_bar_menuinc\cdnbull.class.php:28

actionwp_print_scriptsinc\cdnbull.class.php:36

actionwp_print_footer_scriptsinc\cdnbull.class.php:37

actionadmin_print_stylesinc\cdnbull.class.php:39

actionwp_print_stylesinc\cdnbull.class.php:40

actionadmin_initinc\cdnbull.class.php:46

actionadmin_initinc\cdnbull.class.php:47

actionadmin_menuinc\cdnbull.class.php:48

actionadmin_enqueue_scriptsinc\cdnbull.class.php:49

filterplugin_row_metainc\cdnbull.class.php:52

actionadmin_noticesinc\cdnbull.class.php:54

actionadmin_noticesinc\cdnbull.class.php:55

actionadmin_noticesinc\cdnbull.class.php:56

actionadmin_noticesinc\cdnbull.class.php:57

actionadmin_noticesinc\cdnbull.class.php:58

actionadd_attachmentinc\cdnbull.class.php:65

actiondelete_attachmentinc\cdnbull.class.php:66

filterwp_generate_attachment_metadatainc\cdnbull.class.php:67

actionadmin_footerinc\cdnbull_backups.class.php:79

actionadmin_footerinc\cdnbull_backups.class.php:80

actioninitinc\cdnbull_hm_backup.class.php:301

actionadmin_footerinc\cdnbull_settings.class.php:521

actionadmin_footerinc\cdnbull_settings.class.php:571

actionadmin_footerinc\cdnbull_settings.class.php:586

actionadmin_footerinc\cdnbull_settings.class.php:625

actionadmin_footerinc\cdnbull_upload.class.php:366

Maintenance & Trust

CDN Bull Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 20, 2025

PHP min version7.0

Downloads740

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

CDN Bull Alternatives

RocketCDN – WordPress CDN Plugin

rocketcdn

100

RocketCDN plugin is the easiest WordPress CDN plugin. It automatically rewrites all URLs to be served by our content delivery network (CDN).

100 No CVEs

W3 Total Cache

w3-total-cache

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 28 CVEs

bunny.net – WordPress CDN Plugin

bunnycdn

Enable Bunny CDN to speed up your WordPress website and enjoy greatly improved loading times around the world.

10K 2 CVEs

CDN Enabler

cdn-enabler

100

A content delivery network (CDN) integration plugin for WordPress that rewrites URLs, like for CSS, JavaScript, and images, to be served by a CDN.

10K No CVEs

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce

rabbit-loader

All-in-one AI speed optimization plugin for WordPress & WooCommerce websites. Get faster loading pages and near-perfect PageSpeed scores — in just …

3K 2 CVEs

Developer Profile

CDN Bull Developer Profile

CDN Bull

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CDN Bull

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cdn-bull/assets/css/cdn-bull.css/wp-content/plugins/cdn-bull/assets/js/cdn-bull.js

Script Paths

/wp-content/plugins/cdn-bull/assets/js/cdn-bull.js

Version Parameters

cdn-bull/assets/css/cdn-bull.css?ver=cdn-bull/assets/js/cdn-bull.js?ver=

HTML / DOM Fingerprints

HTML Comments

CDN Bull Copyright

JS Globals

cdnBull

REST Endpoints

/wp-json/cdn-bull/

FAQ