
FeedCache Security & Risk Analysis
wordpress.org/plugins/feedcacheCaches RSS Feeds for display on your WP sidebar.
Is FeedCache Safe to Use in 2026?
Generally Safe
Score 85/100FeedCache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "feedcache" v1.1.1 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, as all SQL queries utilize prepared statements. It also has a clean vulnerability history with no recorded CVEs, suggesting a generally secure development process.
However, significant concerns arise from the static analysis. The most critical finding is that 100% of output escaping is not properly handled, posing a high risk of cross-site scripting (XSS) vulnerabilities. Additionally, one taint flow was identified with an unsanitized path, which could lead to path traversal or other file system related vulnerabilities, even though no critical or high severity issues were flagged in taint analysis. The absence of nonce checks and capability checks on AJAX handlers (though the attack surface is zero) combined with only one capability check in the entire codebase warrants careful consideration.
While the lack of known vulnerabilities is reassuring, the identified code-level weaknesses, particularly the complete lack of output escaping and the unsanitized path flow, represent actionable security risks. The plugin's strengths lie in its database security and lack of past exploitable issues, but its weaknesses in output sanitization and path handling require immediate attention to mitigate potential security breaches.
Key Concerns
- 0% of outputs properly escaped
- 1 flow with unsanitized paths
- Only 1 capability check found
FeedCache Security Vulnerabilities
FeedCache Release Timeline
FeedCache Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
FeedCache Attack Surface
WordPress Hooks 3
Maintenance & Trust
FeedCache Maintenance & Trust
Maintenance Signals
Community Trust
FeedCache Alternatives
SuperRSS by Leo Balter
superrss
Totally in Portuguese-Br yet, this add a very customizabole rss or atom feed. Made after the standard wp rss plugin.
Disable Feeds
disable-feeds
Disables all RSS/Atom/RDF feeds on your WordPress site.
Disable Feeds WP
disable-feeds-wp
Disables all RSS/Atom/RDF feeds on your WordPress site.
FeedWordPress
feedwordpress
FeedWordPress syndicates content from feeds you choose into your WordPress weblog.
RSS Just Better
rss-just-better
Displays a list of RSS/Atom feed items given the feed URL and other parameters (optionals). Highly customizable.
FeedCache Developer Profile
2 plugins · 20 total installs
How We Detect FeedCache
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/feedcache/lib/spyc/spyc.phpHTML / DOM Fingerprints
DO NOT EDIT BELOW THIS LINE FEEDCACHE_WIDGET_ID