FeedCache Security & Risk Analysis

wordpress.org/plugins/feedcache

Caches RSS Feeds for display on your WP sidebar.

10 active installs v1.1.1 PHP + WP 2.5+ Updated Aug 12, 2009
atomcachefeedrssruby
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is FeedCache Safe to Use in 2026?

Generally Safe

Score 85/100

FeedCache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago
Risk Assessment

The "feedcache" v1.1.1 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, as all SQL queries utilize prepared statements. It also has a clean vulnerability history with no recorded CVEs, suggesting a generally secure development process.

However, significant concerns arise from the static analysis. The most critical finding is that 100% of output escaping is not properly handled, posing a high risk of cross-site scripting (XSS) vulnerabilities. Additionally, one taint flow was identified with an unsanitized path, which could lead to path traversal or other file system related vulnerabilities, even though no critical or high severity issues were flagged in taint analysis. The absence of nonce checks and capability checks on AJAX handlers (though the attack surface is zero) combined with only one capability check in the entire codebase warrants careful consideration.

While the lack of known vulnerabilities is reassuring, the identified code-level weaknesses, particularly the complete lack of output escaping and the unsanitized path flow, represent actionable security risks. The plugin's strengths lie in its database security and lack of past exploitable issues, but its weaknesses in output sanitization and path handling require immediate attention to mitigate potential security breaches.

Key Concerns

  • 0% of outputs properly escaped
  • 1 flow with unsanitized paths
  • Only 1 capability check found
Vulnerabilities
None known

FeedCache Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

FeedCache Release Timeline

v1.1.1Current
v1.1
v1.0.6.1
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v0.9.9
v0.9.8
v0.9.5
v0.9.1
v0.9
v0.8.1
v0.8
v0.7.2
v0.7.1
v0.7
v0.6.1
Code Analysis
Analyzed Apr 16, 2026

FeedCache Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
17
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped17 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
feedcache_subpanel (feedcache.php:199)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

FeedCache Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_menufeedcache.php:41
actionplugins_loadedfeedcache.php:42
actionin_admin_footerfeedcache.php:201
Maintenance & Trust

FeedCache Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedAug 12, 2009
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

FeedCache Developer Profile

cpjolicoeur

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FeedCache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/feedcache/lib/spyc/spyc.php

HTML / DOM Fingerprints

HTML Comments
DO NOT EDIT BELOW THIS LINE
Data Attributes
FEEDCACHE_WIDGET_ID
FAQ

Frequently Asked Questions about FeedCache