Does ****** cos-html-cache ****** have any unpatched vulnerabilities?

No. All known vulnerabilities in ****** cos-html-cache ****** have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is ****** cos-html-cache ****** updated?

****** cos-html-cache ****** was last updated on Sep 19, 2012. Frequent updates are generally a positive security signal.

What is ****** cos-html-cache ******'s security score?

****** cos-html-cache ****** has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

cos-html-cache Security & Risk Analysis

wordpress.org/plugins/cos-html-cache

cos-html-cache is an extremely efficient WordPress page caching plugin designed to make your WordPress site much faster and more responsive.

400 active installs v2.7.4 PHP + WP + Updated Sep 19, 2012

cachehtmlperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is cos-html-cache Safe to Use in 2026?

Generally Safe

Score 85/100

****** cos-html-cache ****** has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The static analysis of cos-html-cache v2.7.4 reveals a mixed security posture. While the plugin boasts a clean vulnerability history with no known CVEs and a seemingly small attack surface in terms of entry points (AJAX, REST API, shortcodes, cron events), the code signals raise significant concerns. Specifically, 100% of its SQL queries are not using prepared statements, and similarly, 100% of its outputs are not properly escaped. This, combined with 5 unsanitized path taint flows identified, indicates a high potential for SQL injection and cross-site scripting (XSS) vulnerabilities, despite the absence of direct indications of these in the vulnerability history. The lack of nonce and capability checks on file operations and potentially other sensitive functions further exacerbates these risks, as there's no built-in protection against unauthorized actions or privilege escalation.

Key Concerns

All SQL queries are raw (no prepared statements)
All outputs are not properly escaped
Taint flows with unsanitized paths (2 high severity)
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

cos-html-cache Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

cos-html-cache Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared4 total queries

Output Escaping

0% escaped5 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

cos_cache_ob_callback (cos-html-cache.php:115)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

cos-html-cache Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_menucos-html-cache.php:221

actionget_footercos-html-cache.php:319

actioncomment_formcos-html-cache.php:320

actionpublish_postcos-html-cache.php:323

actionpublish_postcos-html-cache.php:324

actiondelete_postcos-html-cache.php:326

actiondelete_postcos-html-cache.php:327

actionedit_postcos-html-cache.php:330

actionedit_postcos-html-cache.php:331

Maintenance & Trust

cos-html-cache Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedSep 19, 2012

PHP min version

Downloads84K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

cos-html-cache Alternatives

Servebolt Optimizer

servebolt-optimizer

100

This plugin implements Servebolt's WordPress best practices, and connects your site to the Servebolt Admin Panel.

1K No CVEs

All in one Minifier

all-in-one-minifier

Reduce your page load by minify your HTML source on page with all the CSS and JS code present in your page.

10 1 unpatched

Appcachify

appcachify

Adds an HTML5 appcache manifest to speed up your site by storing static assets client-side.

10 No CVEs

Jinx Fast-Cache

jinx-fast-cache

100

Blazing fast full-page caching for WordPress. Jinx Fast-Cache serves static HTML files, bypassing PHP and database overhead entirely.

0 No CVEs

Mesi Cache

mesi-cache

100

Ultra-light static HTML caching system for WordPress.

0 No CVEs

Developer Profile

cos-html-cache Developer Profile

storyday

2 plugins · 410 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect cos-html-cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cos-html-cache/cosbeta-css.css

Generator Patterns

HTML / DOM Fingerprints

HTML Comments

FAQ

****** cos-html-cache ****** Security & Risk Analysis

Is ****** cos-html-cache ****** Safe to Use in 2026?