Does Nginx Cache Purge Preload have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Nginx Cache Purge Preload compatible with WordPress 6.9.4?

According to WordPress.org data, Nginx Cache Purge Preload 2.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Nginx Cache Purge Preload compatible with PHP 7.4+?

Nginx Cache Purge Preload requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Nginx Cache Purge Preload updated?

Nginx Cache Purge Preload was last updated on Mar 23, 2026. Frequent updates are generally a positive security signal.

What is Nginx Cache Purge Preload's security score?

Nginx Cache Purge Preload has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nginx Cache Purge Preload Security & Risk Analysis

wordpress.org/plugins/fastcgi-cache-purge-and-preload-nginx

The most comprehensive solution for managing Nginx (FastCGI, Proxy, SCGI, UWSGI) cache operations directly from your WordPress dashboard.

100 active installs v2.1.5 PHP 7.4+ WP 6.5+ Updated Mar 23, 2026

cachenginxperformancepreloadpurge

A · Safe

CVEs total1

Unpatched0

Last CVEJul 21, 2025

Plugin page Download

Safety Verdict

Is Nginx Cache Purge Preload Safe to Use in 2026?

Generally Safe

Score 98/100

Nginx Cache Purge Preload has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jul 21, 2025Updated 1mo ago

Risk Assessment

The 'fastcgi-cache-purge-and-preload-nginx' plugin exhibits a concerning security posture, primarily due to a significant number of unprotected entry points and critical taint analysis findings. With 32 out of 37 total entry points lacking authentication or permission checks, an attacker could potentially leverage these to execute unauthorized actions. The presence of four critical taint flows with unsanitized paths is particularly alarming, suggesting a high risk of code injection vulnerabilities if user-supplied data is not properly validated and escaped before being used in sensitive operations like file operations or external requests.

While the plugin does implement a good number of capability checks and nonces, their effectiveness is undermined by the sheer volume of unprotected endpoints. The history of one high-severity CVE, even if currently patched, indicates a past tendency towards exploitable weaknesses. The use of dangerous functions like shell_exec and exec further amplifies the risk, especially when combined with unsanitized input. The fact that 0% of SQL queries use prepared statements is also a significant concern, increasing the risk of SQL injection. Despite the presence of numerous output escaping functions, the 52% proper escaping rate suggests that a substantial portion of output might still be vulnerable.

In conclusion, while the plugin shows some positive security practices like nonce and capability checks, the overwhelming number of unprotected entry points, critical taint flows, and the lack of prepared statements for SQL queries represent significant security weaknesses. The historical CVE further reinforces the need for caution. This plugin should be carefully reviewed and ideally updated or patched to address these critical vulnerabilities before being used in a production environment.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Critical taint flows with unsanitized paths
SQL queries without prepared statements
Dangerous functions (shell_exec, exec, proc_open)
Low output escaping rate
High severity CVE history

Vulnerabilities

1 published

Nginx Cache Purge Preload Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-6213high · 7.2Improper Control of Generation of Code ('Code Injection')

Nginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution

Jul 21, 2025 Patched in 2.1.3 (4d)

Version History

Nginx Cache Purge Preload Release Timeline

v2.1.5Current

v2.1.4

v2.1.3

v2.1.21 CVE

v2.1.11 CVE

v2.1.01 CVE

v2.0.91 CVE

v2.0.81 CVE

v2.0.71 CVE

v2.0.61 CVE

v2.0.51 CVE

v2.0.41 CVE

v2.0.31 CVE

v2.0.21 CVE

v2.0.11 CVE

Code Analysis

Analyzed Mar 16, 2026

Nginx Cache Purge Preload Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

268

287 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_exec$out = @shell_exec('command -v ' . escapeshellarg($cmd));includes\class-setup.php:431

shell_execreturn trim(shell_exec($command));includes\configuration-parser.php:20

shell_exec$output = shell_exec($command);includes\configuration-parser.php:189

shell_execif (shell_exec('command -v nginx')) {includes\configuration-parser.php:349

shell_exec$output = shell_exec('nginx -V 2>&1');includes\configuration-parser.php:350

shell_exec$sudo_path = trim(shell_exec('command -v sudo'));includes\configuration-parser.php:694

shell_exec$systemctl_path = trim(shell_exec('command -v systemctl'));includes\configuration-parser.php:695

execexec($restart_command . ' 2>&1', $output, $return_var);includes\configuration-parser.php:706

shell_exec$status = trim(shell_exec($status_command));includes\configuration-parser.php:720

shell_exec$result = shell_exec("command -v {$command}");includes\enqueue-assets.php:189

shell_exec$output = shell_exec('echo "Test"');includes\enqueue-assets.php:409

exec$output = exec('echo "Test"');includes\enqueue-assets.php:422

shell_exec$ps_path = trim(shell_exec('command -v ps'));includes\pre-checks.php:170

execexec("$escaped_ps_path aux | grep -w $escaped_pid | grep -v 'grep'", $output);includes\pre-checks.php:177

execexec('nginx -V 2>&1', $output, $return_var);includes\pre-checks.php:200

shell_exec$output = shell_exec('echo "Test"');includes\pre-checks.php:559

exec$output = exec('echo "Test"');includes\pre-checks.php:567

shell_exec$detected = trim(shell_exec('command -v safexec 2>/dev/null'));includes\preload.php:125

proc_open$process = proc_open($testCommand, $descriptors, $pipes);includes\preload.php:311

shell_exec$output = shell_exec($kill_cmd);includes\preload.php:337

shell_exec$kill_path = trim(shell_exec('command -v kill'));includes\preload.php:347

shell_execshell_exec(escapeshellcmd("$kill_path -9 " . (int)$test_pid));includes\preload.php:348

shell_exec$cpulimitPath = shell_exec('type cpulimit');includes\preload.php:452

shell_exec$output = shell_exec($command);includes\preload.php:582

shell_execshell_exec($command);includes\preload.php:604

shell_exec$cpulimitPath = shell_exec('type cpulimit');includes\preload.php:668

shell_exec$output = shell_exec($command);includes\preload.php:796

shell_execshell_exec($command);includes\preload.php:818

shell_exec$output_desktop = shell_exec($command_desktop);includes\preload.php:1003

shell_exec$output_mobile = shell_exec($command_mobile);includes\preload.php:1045

shell_exec$output_desktop = shell_exec($command_desktop);includes\preload.php:1290

shell_exec$output_mobile = shell_exec($command_mobile);includes\preload.php:1332

shell_exec$process_user = trim(shell_exec("ps -o user= -p " . escapeshellarg($pid)));includes\purge.php:634

shell_exec$detected = trim(shell_exec('command -v safexec 2>/dev/null'));includes\purge.php:642

shell_exec$output = shell_exec(escapeshellcmd($safexec_path) . " --kill=" . escapeshellarg($pid) . " 2>&1");includes\purge.php:662

shell_exec$kill_path = trim(shell_exec('command -v kill'));includes\purge.php:697

shell_execshell_exec(escapeshellcmd("$kill_path -9 $pid"));includes\purge.php:699

shell_exec$nginx_path = trim(shell_exec('command -v nginx'));includes\settings.php:2655

shell_exec$sudo_path = trim(shell_exec('command -v sudo'));includes\settings.php:2656

shell_exec$systemctl_path = trim(shell_exec('command -v systemctl'));includes\settings.php:2657

execexec($nginx_command, $output, $return_var);includes\settings.php:2669

execexec($restart_command . ' 2>&1', $output, $return_var);includes\settings.php:2683

shell_exec$output = shell_exec("command -v $command");includes\status.php:172

shell_exec$output = shell_exec('echo "Test"');includes\status.php:244

shell_exec$process_owner = shell_exec($command);includes\status.php:293

Bundled Libraries

DataTables

SQL Query Safety

0% prepared2 total queries

Output Escaping

52% escaped555 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

<fastcgi-cache-purge-and-preload-nginx-admin> (admin\fastcgi-cache-purge-and-preload-nginx-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

32 unprotected

Nginx Cache Purge Preload Attack Surface

Entry Points37

Unprotected32

AJAX Handlers 28

authwp_ajax_nppp_clear_nginx_cache_logsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:169

authwp_ajax_nppp_get_nginx_cache_logsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:170

authwp_ajax_nppp_update_send_mail_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:171

authwp_ajax_nppp_update_auto_preload_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:172

authwp_ajax_nppp_update_auto_purge_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:173

authwp_ajax_nppp_cache_statusadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:174

authwp_ajax_nppp_load_premium_contentadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:175

authwp_ajax_nppp_purge_cache_premiumadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:176

authwp_ajax_nppp_preload_cache_premiumadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:177

authwp_ajax_nppp_update_api_key_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:178

authwp_ajax_nppp_update_default_reject_regex_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:179

authwp_ajax_nppp_update_default_reject_extension_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:180

authwp_ajax_nppp_update_api_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:181

authwp_ajax_nppp_update_api_key_copy_valueadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:182

authwp_ajax_nppp_rest_api_purge_url_copyadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:183

authwp_ajax_nppp_rest_api_preload_url_copyadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:184

authwp_ajax_nppp_get_save_cron_expressionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:185

authwp_ajax_nppp_update_cache_schedule_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:186

authwp_ajax_nppp_cancel_scheduled_eventadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:187

authwp_ajax_nppp_get_active_cron_events_ajaxadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:192

authwp_ajax_nppp_clear_plugin_cacheadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:193

authwp_ajax_nppp_restart_systemd_serviceadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:194

authwp_ajax_nppp_update_default_cache_key_regex_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:200

authwp_ajax_nppp_update_auto_preload_mobile_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:204

authwp_ajax_nppp_update_enable_proxy_optionadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:207

authwp_ajax_nppp_update_related_fieldsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:208

authwp_ajax_nppp_locate_cache_fileadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:209

authwp_ajax_nppp_update_pctnorm_modeadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:210

REST API Routes 5

GET/wp-json/nppp_nginx_cache/v2/preload-progressincludes\preload-progress.php:24

POST/wp-json/nppp_nginx_cache/v2/purgeincludes\rest-api-helper.php:83

POST/wp-json/nppp_nginx_cache/v2/preloadincludes\rest-api-helper.php:90

POST/wp-json/nppp_nginx_cache/v2/purgeincludes\rest-api.php:206

POST/wp-json/nppp_nginx_cache/v2/preloadincludes\rest-api.php:215

Shortcodes 4

[nppp_svg_icon] admin\fastcgi-cache-purge-and-preload-nginx-admin.php:295

[nppp_my_status] admin\fastcgi-cache-purge-and-preload-nginx-admin.php:296

[nppp_my_faq] admin\fastcgi-cache-purge-and-preload-nginx-admin.php:297

[nppp_nginx_config] admin\fastcgi-cache-purge-and-preload-nginx-admin.php:298

WordPress Hooks 47

actionload-settings_page_nginx_cache_settingsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:159

actionload-settings_page_nginx_cache_settingsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:160

actionadmin_enqueue_scriptsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:161

actionwp_enqueue_scriptsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:162

actionadmin_bar_menuadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:163

actionadmin_initadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:164

actionadmin_initadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:165

actionadmin_menuadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:166

actionload-settings_page_nginx_cache_settingsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:167

actionload-settings_page_nginx_cache_settingsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:168

filtercron_schedulesadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:188

filtercron_schedulesadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:189

actionnpp_cache_preload_eventadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:190

actionnpp_cache_preload_status_eventadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:191

actiontransition_post_statusadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:195

actionwp_insert_commentadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:196

actiontransition_comment_statusadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:197

actionadmin_post_save_nginx_cache_settingsadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:198

actionupgrader_process_completeadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:199

actionswitch_themeadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:201

actionactivated_pluginadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:202

actiondeactivated_pluginadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:203

actionnpp_plugin_tracking_eventadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:205

actionwp_dashboard_setupadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:206

actionautoptimize_action_cachepurgedadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:215

actionnppp_plugin_admin_noticesadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:217

actionwpadmin\fastcgi-cache-purge-and-preload-nginx-admin.php:243

actionadmin_initincludes\class-setup.php:28

actionadmin_initincludes\class-setup.php:29

actionadmin_menuincludes\class-setup.php:30

actionadmin_initincludes\class-setup.php:31

actionadmin_post_nppp_setup_actionsincludes\class-setup.php:32

actionadmin_noticesincludes\class-setup.php:589

actionplugins_loadedincludes\compat-elementor.php:22

actionelementor/editor/after_saveincludes\compat-elementor.php:26

actionelementor/document/after_saveincludes\compat-elementor.php:27

actionelementor/core/files/clear_cacheincludes\compat-elementor.php:30

actioninitincludes\compat-gutenberg.php:15

actionadmin_noticesincludes\pre-checks.php:717

actionrest_api_initincludes\rest-api-helper.php:19

actionrest_api_initincludes\rest-api-helper.php:59

actionrest_api_initincludes\rest-api-helper.php:63

actionrest_api_initincludes\rest-api-helper.php:72

filterrest_pre_dispatchincludes\rest-api-helper.php:77

actionrest_api_initincludes\rest-api.php:77

actionrest_pre_serve_requestincludes\rest-api.php:81

actionnpp_cache_preload_eventincludes\schedule.php:265

Scheduled Events 3

npp_plugin_tracking_event

npp_cache_preload_event

npp_cache_preload_status_event

Maintenance & Trust

Nginx Cache Purge Preload Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 23, 2026

PHP min version7.4

Downloads5K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Nginx Cache Purge Preload Alternatives

TNC Toolbox: Web Performance

tnc-toolbox

Multi-stack caching for WordPress: ea-NGINX (cPanel) and LiteSpeed (OpenLS/Enterprise). Auto-detects web server!

1K 2 CVEs

NGINX Manager

nginx-manager

Easily purge Nginx cache. Each time a post is modified clear the cached version of the page and of all the related page.

20 No CVEs

Nginx Helper

nginx-helper

100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs

Proxy Cache Purge

varnish-http-purge

100

Automatically empty proxy cached content when your site is modified.

40K No CVEs

Nginx Cache

nginx-cache

Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.

10K No CVEs

Developer Profile

Nginx Cache Purge Preload Developer Profile

Hasan CALISIR

1 plugin · 100 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect Nginx Cache Purge Preload

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/nppp-admin-script.js/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/nppp-admin-style.css/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/bootstrap-grid.min.css/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/jquery-ui.css/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/bootstrap.min.css

Script Paths

/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/nppp-admin-script.js/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/bootstrap.bundle.min.js/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/jquery-ui.js/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/jquery.js

Version Parameters

/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/nppp-admin-style.css?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/bootstrap-grid.min.css?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/jquery-ui.css?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/css/bootstrap.min.css?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/bootstrap.bundle.min.js?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/jquery-ui.js?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/jquery.js?ver=/wp-content/plugins/fastcgi-cache-purge-and-preload-nginx/admin/js/nppp-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

nppp-premium-containernppp-premium-wrapnppp-accordionnppp-questionnppp-answernppp-answer-contentnginx-list

JS Globals

window.nppp_admin_script

FAQ

Nginx Cache Purge Preload Security & Risk Analysis

Is Nginx Cache Purge Preload Safe to Use in 2026?

Generally Safe

Key Concerns

Nginx Cache Purge Preload Security Vulnerabilities

CVEs by Year

Severity Breakdown

Nginx Cache Purge Preload Release Timeline

Nginx Cache Purge Preload Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Nginx Cache Purge Preload Attack Surface

AJAX Handlers 28

REST API Routes 5

Shortcodes 4

Scheduled Events 3

Nginx Cache Purge Preload Maintenance & Trust

Maintenance Signals

Community Trust

Nginx Cache Purge Preload Alternatives

TNC Toolbox: Web Performance

NGINX Manager

Nginx Helper

Proxy Cache Purge

Nginx Cache

Nginx Cache Purge Preload Developer Profile

How We Detect Nginx Cache Purge Preload

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Nginx Cache Purge Preload