Does commonWP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is commonWP compatible with WordPress 5.1.22?

According to WordPress.org data, commonWP 1.1.0 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

Is commonWP compatible with PHP 5.4+?

commonWP requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is commonWP updated?

commonWP was last updated on Feb 24, 2019. Frequent updates are generally a positive security signal.

What is commonWP's security score?

commonWP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

commonWP Security & Risk Analysis

wordpress.org/plugins/commonwp

Offload open source static assets to the free, public CDN.

400 active installs v1.1.0 PHP 5.4+ WP 4.7+ Updated Feb 24, 2019

cdnfree-cdnjsdelivrperformancepublic-cdn

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is commonWP Safe to Use in 2026?

Generally Safe

Score 85/100

commonWP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The commonwp plugin v1.1.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs and the clean taint analysis indicate that the developers have likely followed good security practices. The code signals also show positive signs, with no dangerous functions, all SQL queries using prepared statements, and all output being properly escaped. There are no file operations or external HTTP requests, further reducing the attack surface.

However, a few areas warrant attention. The plugin has a single cron event which, although not explicitly flagged as unprotected, could potentially become a vector for issues if not properly secured in its implementation. The lack of any nonce checks or capability checks, while not explicitly presenting a risk in the static analysis, suggests a reliance on the broader WordPress environment for authentication and authorization, which can be a concern if the plugin's logic is complex or if it handles sensitive data. The absence of any recorded vulnerabilities in its history is a significant strength, suggesting a mature and secure development process. Overall, commonwp v1.1.0 appears to be a well-developed plugin with a low immediate risk, but some minor areas of potential concern exist due to the absence of explicit security checks for its cron event and interaction points.

Key Concerns

Missing nonce checks
Missing capability checks
Single cron event (potential risk)

Vulnerabilities

None known

commonWP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

commonWP Release Timeline

v1.1.0Current

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

commonWP Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped2 total outputs

Attack Surface

commonWP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 24

actionplugins_loadedcommonwp.php:70

filterscript_loader_srcinc\Main.php:47

filterstyle_loader_srcinc\Main.php:48

filteremoji_svg_urlinc\Main.php:51

filterscript_loader_taginc\Main.php:54

filterstyle_loader_taginc\Main.php:55

actionshutdowninc\Main.php:58

actionshutdowninc\Main.php:59

actionwp_scheduled_deleteinc\Main.php:62

actionadmin_initinc\Main.php:65

actioncli_initinc\Main.php:68

actioninitinc\Main.php:71

actionwp_loadedinc\Main.php:74

filterextra_plugin_headersinc\Main.php:77

filterextra_theme_headersinc\Main.php:78

actionupgrader_process_completeinc\Main.php:81

actiondeactivated_plugininc\Main.php:82

actionswitch_themeinc\Main.php:83

filtercommonwp_inactive_path_ttlinc\Main.php:86

actionfor_recently_upgraded_coreinc\Main.php:89

actionadmin_initinc\Main.php:92

actionadmin_initinc\Main.php:95

filterjetpack_force_disable_site_acceleratorinc\Main.php:98

filtercommonwp_max_items_in_processing_queueinc\WPCLI.php:271

Scheduled Events 1

for_recently_upgraded_core

Maintenance & Trust

commonWP Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedFeb 24, 2019

PHP min version5.4

Downloads12K

Community Trust

Rating94/100

Number of ratings18

Active installs400

Alternatives

commonWP Alternatives

Shift8 CDN

shift8-cdn

100

This is a plugin that integrates a 100% free CDN service operated by Shift8, for your Wordpress site. What this means is that you can simply install t …

800 No CVEs

Easy Speedup by PageCDN

pagecdn

Speed up website by upto 10X in just few clicks. CDN, cache, compression, minify, image optimization, WebP, etc.

20 No CVEs

W3 Total Cache

w3-total-cache

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 29 CVEs

Breeze Cache

breeze

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K 9 CVEs

bunny.net – WordPress CDN Plugin

bunnycdn

Enable Bunny CDN to speed up your WordPress website and enjoy greatly improved loading times around the world.

10K 3 CVEs

Developer Profile

commonWP Developer Profile

Milan Dinić

21 plugins · 48K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect commonWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/commonwp/inc/js/commonwp.js

Script Paths