Does Comet Cache have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Comet Cache compatible with WordPress 6.9.4?

According to WordPress.org data, Comet Cache 170220 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Comet Cache updated?

Comet Cache was last updated on Jul 2, 2025. Frequent updates are generally a positive security signal.

What is Comet Cache's security score?

Comet Cache has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Comet Cache Security & Risk Analysis

wordpress.org/plugins/comet-cache

Author: WP Sharks Author URI: https://cometcache.com Contributors: WebSharks, JasWSInc, raamdev, clavaque Donate link: https://cometcache.

20K active installs v170220 PHP + WP 4.2+ Updated Jul 2, 2025

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Comet Cache Safe to Use in 2026?

Generally Safe

Score 100/100

Comet Cache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The security posture of Comet Cache v170220 shows a mixed bag of strengths and potential weaknesses. On the positive side, there are no known vulnerabilities (CVEs) recorded for this plugin, and the static analysis reveals a very small attack surface with no direct entry points exposed through AJAX, REST API, shortcodes, or cron events. The plugin also includes a reasonable number of capability checks (28) and nonce checks (7), suggesting some thought has been given to access control.

However, the static analysis also flags several significant concerns. The presence of dangerous functions like `create_function`, `unserialize`, and `shell_exec` is a serious red flag, as these can be exploited for code execution if user-supplied data is not meticulously sanitized. Furthermore, 100% of the SQL queries are not using prepared statements, which makes the plugin highly susceptible to SQL injection vulnerabilities. The output escaping rate of 43% is also alarmingly low, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.

The absence of any recorded vulnerabilities in the plugin's history is a positive trend, suggesting that developers have either been diligent in patching issues or that previous versions have not been subject to widespread exploitation. However, this historical strength does not negate the immediate risks identified in the current version's code. The overall conclusion is that while Comet Cache v170220 benefits from a small attack surface and a clean vulnerability history, the presence of dangerous functions, unescaped output, and raw SQL queries creates significant security risks that require immediate attention.

Key Concerns

Dangerous functions (create_function, unserialize, shell_exec)
100% of SQL queries not using prepared statements
Low output escaping rate (43%)

Vulnerabilities

None known

Comet Cache Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Comet Cache Release Timeline

v170220Current

v161221

v161119

v160917

v160706

v160521

v160417

v160416

v160227

v160223.1

v160223

v160211.2

v160211.1

v160211

Code Analysis

Analyzed Mar 16, 2026

Comet Cache Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

465

350 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functioncreate_function(plugin.php:27

create_functioncreate_function(plugin.php:53

create_functioncreate_function(plugin.php:77

unserializeforeach (unserialize($headers) as $_header) {src\includes\traits\Ac\ObUtils.php:241

create_function$dir_file = preg_replace_callback('/^(?P<drive_letter>[a-zA-Z])\:[\/\\\\]/u', create_function('$m', src\includes\traits\Shared\FsUtils.php:33

shell_execif (!($free = trim((string) @shell_exec('free')))) {src\includes\traits\Shared\SysUtils.php:48

unserializeif (!is_file($blog_paths_file) || !in_array($token, unserialize(file_get_contents($blog_paths_file))src\includes\traits\Shared\TokenUtils.php:189

unserializeif (!is_file($blog_paths_file) || !in_array($token, unserialize(file_get_contents($blog_paths_file))src\includes\traits\Shared\TokenUtils.php:241

SQL Query Safety

0% prepared10 total queries

Output Escaping

43% escaped815 total outputs

Attack Surface

Comet Cache Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 68

actionall_admin_noticesplugin.php:25

actionall_admin_noticesplugin.php:51

actionall_admin_noticesplugin.php:75

actionadmin_initsrc\includes\classes\Conflicts.php:50

actionall_admin_noticessrc\includes\classes\Conflicts.php:75

actionplugins_loadedsrc\includes\classes\Plugin.php:157

actioninitsrc\includes\classes\Plugin.php:475

actioninitsrc\includes\classes\Plugin.php:476

actioninitsrc\includes\classes\Plugin.php:477

actioninitsrc\includes\classes\Plugin.php:478

actionwp_loadedsrc\includes\classes\Plugin.php:480

actionadmin_bar_menusrc\includes\classes\Plugin.php:490

actionwp_headsrc\includes\classes\Plugin.php:491

actionwp_enqueue_scriptssrc\includes\classes\Plugin.php:492

actionwp_enqueue_scriptssrc\includes\classes\Plugin.php:493

actionadmin_headsrc\includes\classes\Plugin.php:495

actionadmin_enqueue_scriptssrc\includes\classes\Plugin.php:496

actionadmin_enqueue_scriptssrc\includes\classes\Plugin.php:497

actionadmin_enqueue_scriptssrc\includes\classes\Plugin.php:499

actionadmin_enqueue_scriptssrc\includes\classes\Plugin.php:500

actionadmin_menusrc\includes\classes\Plugin.php:502

actionnetwork_admin_menusrc\includes\classes\Plugin.php:503

actionall_admin_noticessrc\includes\classes\Plugin.php:505

filterenable_live_network_countssrc\includes\classes\Plugin.php:509

actionadmin_initsrc\includes\classes\Plugin.php:511

actionsafecss_save_presrc\includes\classes\Plugin.php:513

actionactivated_pluginsrc\includes\classes\Plugin.php:515

actiondeactivated_pluginsrc\includes\classes\Plugin.php:516

actionupgrader_process_completesrc\includes\classes\Plugin.php:518

actionupgrader_process_completesrc\includes\classes\Plugin.php:519

actionswitch_themesrc\includes\classes\Plugin.php:521

actionwp_create_nav_menusrc\includes\classes\Plugin.php:522

actionwp_update_nav_menusrc\includes\classes\Plugin.php:523

actionwp_delete_nav_menusrc\includes\classes\Plugin.php:524

actionupdate_option_sidebars_widgetssrc\includes\classes\Plugin.php:525

actionsave_postsrc\includes\classes\Plugin.php:527

actiondelete_postsrc\includes\classes\Plugin.php:528

actionclean_post_cachesrc\includes\classes\Plugin.php:529

actionpost_updatedsrc\includes\classes\Plugin.php:530

actionpre_post_updatesrc\includes\classes\Plugin.php:531

actionwoocommerce_product_set_stocksrc\includes\classes\Plugin.php:533

actionwoocommerce_product_set_stock_statussrc\includes\classes\Plugin.php:534

actionupdate_option_comment_mail_optionssrc\includes\classes\Plugin.php:535

actionadded_term_relationshipsrc\includes\classes\Plugin.php:537

actiondelete_term_relationshipssrc\includes\classes\Plugin.php:538

actiontrackback_postsrc\includes\classes\Plugin.php:540

actionpingback_postsrc\includes\classes\Plugin.php:541

actioncomment_postsrc\includes\classes\Plugin.php:542

actiontransition_comment_statussrc\includes\classes\Plugin.php:543

actioncreate_termsrc\includes\classes\Plugin.php:545

actionedit_termssrc\includes\classes\Plugin.php:546

actiondelete_termsrc\includes\classes\Plugin.php:547

actionadd_linksrc\includes\classes\Plugin.php:549

actionedit_linksrc\includes\classes\Plugin.php:550

actiondelete_linksrc\includes\classes\Plugin.php:551

actiondelete_usersrc\includes\classes\Plugin.php:555

actionremove_user_from_blogsrc\includes\classes\Plugin.php:556

filterakismet_comment_noncesrc\includes\classes\Plugin.php:559

filtercron_schedulessrc\includes\classes\Plugin.php:569

actionwpsrc\includes\functions\wp-cache-postload.php:29

actionplugins_loadedsrc\includes\plugin.php:21

filterstatus_headersrc\includes\traits\Ac\PostloadUtils.php:118

actionshutdownsrc\includes\traits\Ac\PostloadUtils.php:150

actiontemplate_redirectsrc\includes\traits\Ac\PostloadUtils.php:183

actionshutdownsrc\includes\traits\Plugin\WcpPluginUtils.php:29

actionshutdownsrc\includes\traits\Plugin\WcpUpdaterUtils.php:56

actionshutdownsrc\includes\traits\Plugin\WcpUpdaterUtils.php:97

actionshutdownsrc\includes\traits\Plugin\WcpUpdaterUtils.php:104

Maintenance & Trust

Comet Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJul 2, 2025

PHP min version

Downloads506K

Community Trust

Rating88/100

Number of ratings108

Active installs20K

Alternatives

Comet Cache Alternatives

No alternatives data available yet.

Developer Profile

Comet Cache Developer Profile

Cristián Lávaque

3 plugins · 29K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

380 days

View full developer profile

Detection Fingerprints

How We Detect Comet Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/comet-cache/comet-cache.php/wp-content/plugins/comet-cache/styles/styles.css

Generator Patterns

Comet Cache

Script Paths

/wp-content/plugins/comet-cache/js/comet-cache-admin.js/wp-content/plugins/comet-cache/js/comet-cache-wp-admin-bar.js

Version Parameters

comet-cache/comet-cache.php?ver=comet-cache/styles/styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

comet-cache-noticecomet-cache-admin-bar-wrapper

HTML Comments

Data Attributes

data-comet-cache-nonce

JS Globals

cometCacheAdmincometCacheWpAdminBar

REST Endpoints

/wp-json/comet-cache/v1

FAQ