WP-Safety

ezCache Security & Risk Analysis

wordpress.org/plugins/ezcache

EzCache is an easy and innovative cache plugin that will help you significantly improve your site speed.

10K active installs v1.6.6 PHP 5.6+ WP 4.6+ Updated Jul 30, 2025
boostcachehostingspeedupress
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ezCache Safe to Use in 2026?

Generally Safe

Score 100/100

ezCache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "ezcache" v1.6.6 plugin presents a mixed security posture. On one hand, the static analysis reveals a relatively small attack surface with no identified AJAX handlers, REST API routes, or shortcodes that lack authentication or permission checks. The plugin also demonstrates some good practices with a moderate percentage of SQL queries using prepared statements and a reasonable number of capability checks. However, significant concerns arise from the presence of the `unserialize` function without explicit taint analysis results suggesting this is handled safely. Furthermore, the low percentage of properly escaped output (38%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of any recorded vulnerabilities in its history is a positive indicator of past security diligence, but it doesn't negate the current code-level risks.

Key Concerns

  • Unescaped output is a concern
  • Presence of unserialize function
Vulnerabilities
None known

ezCache Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ezCache Code Analysis

Dangerous Functions
1
Raw SQL Queries
12
18 prepared
Unescaped Output
10
6 escaped
Nonce Checks
2
Capability Checks
4
File Operations
36
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize( $decrypted );includes\Utilities\Encrypter.php:64

SQL Query Safety

60% prepared30 total queries

Output Escaping

38% escaped16 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
maybe_serve_cached_data (includes\Cache.php:720)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ezCache Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 21
actioninitezcache.php:104
filtercron_schedulesezcache.php:105
actioninitezcache.php:106
actionezcache_clear_expired_cacheezcache.php:111
actionplugins_loadedezcache.php:300
filtershow_admin_barincludes\Admin.php:27
actionadmin_initincludes\Admin.php:28
actionadmin_menuincludes\Admin.php:29
actionadmin_enqueue_scriptsincludes\Admin.php:30
actionadmin_noticesincludes\Admin.php:35
actionadmin_bar_menuincludes\Admin.php:37
actionadmin_post_wpb_clear_cacheincludes\Admin.php:38
actiondelete_attachmentincludes\Admin.php:39
actioninitincludes\Admin.php:41
actionadd_meta_boxesincludes\Admin.php:42
actionsave_postincludes\Admin.php:43
actionpre_post_updateincludes\Admin.php:44
actioninitincludes\Cache.php:777
filteremoji_svg_urlincludes\Cache.php:785
actionwp_enqueue_scriptsincludes\Cache.php:791
actionrest_api_initincludes\RestApi.php:23

Scheduled Events 1

ezcache_clear_expired_cache
Maintenance & Trust

ezCache Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 30, 2025
PHP min version5.6
Downloads114K

Community Trust

Rating92/100
Number of ratings5
Active installs10K
Alternatives

ezCache Alternatives

A2 Optimized WP – Turbocharge and secure your WordPress site

A2 Optimized WP – Turbocharge and secure your WordPress site

a2-optimized-wp

A
92

Make your site faster and more secure with the click of a few buttons

70K 1 CVE
LWS Optimize – All-in-One Speed Booster & Cache Tools

LWS Optimize – All-in-One Speed Booster & Cache Tools

lws-optimize

A
99

All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!

10K 2 CVEs
Instant Page Load – SPA Speed & Turbo Cache

Instant Page Load – SPA Speed & Turbo Cache

instant-page-load

A
92

Turn Your WordPress into a React-like Single Page App (SPA) – Zero Coding Needed! Instant Page Load doesn’t just speed up your site—it transforms Word …

30 No CVEs
All in one Minifier

All in one Minifier

all-in-one-minifier

B
76

Reduce your page load by minify your HTML source on page with all the CSS and JS code present in your page.

10 1 unpatched
Easy & Fast Optimization

Easy & Fast Optimization

easy-fast-optimization

A
85

Start optimization your website without the need for setup and code information. You can run this plugin with one click.

10 No CVEs
Developer Profile

ezCache Developer Profile

SecuPress

4 plugins · 65K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
156 days
View full developer profile
Detection Fingerprints

How We Detect ezCache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ezcache/css//wp-content/plugins/ezcache/js/
Script Paths
/wp-content/plugins/ezcache/js/ezcache-admin.js/wp-content/plugins/ezcache/js/ezcache-frontend.js
Version Parameters
ezcache/style.css?ver=ezcache/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ezcache-wrapperezcache-container
HTML Comments
<!-- ezcache_hook_start --><!-- ezcache_hook_end --><!-- Generated by ezCache -->
Data Attributes
data-ezcache-id
JS Globals
ezcache_data
REST Endpoints
/wp-json/ezcache/v1/flush/wp-json/ezcache/v1/settings
FAQ

Frequently Asked Questions about ezCache