Free CDN Security & Risk Analysis

wordpress.org/plugins/free-cdn

For busy websites, using a CDN (Content Delivery Network) to transfer static content such as images, javascripts, stylesheets, Flash etc.

10 active installs v1.1.2 PHP + WP 2.2+ Updated Dec 25, 2009
bandwidthcdncontent-delivery-networkcoral
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Free CDN Safe to Use in 2026?

Generally Safe

Score 85/100

Free CDN has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago
Risk Assessment

The "free-cdn" plugin version 1.1.2 exhibits a generally positive security posture based on the provided static analysis. The absence of identified entry points in AJAX, REST API, shortcodes, and cron events, along with a complete lack of critical or high-severity taint flows, suggests a well-contained codebase. The use of prepared statements for its single SQL query is also a strong indication of good practice against SQL injection vulnerabilities.

However, a significant concern arises from the "Output escaping" signal, indicating that 100% of the 5 identified outputs are not properly escaped. This presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the plugin's output, impacting users who interact with it. While the vulnerability history is clean, this is not a guarantee of future security, and the identified output escaping issue needs immediate attention.

In conclusion, the "free-cdn" plugin has a strong foundation in terms of attack surface and SQL handling. Nevertheless, the complete lack of output escaping is a critical weakness that overshadows these strengths. Addressing this XSS risk should be the top priority to improve the plugin's overall security.

Key Concerns

  • Unescaped output identified
Vulnerabilities
None known

Free CDN Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Free CDN Release Timeline

v1.1.2Current
v1.1.1
v1.1.0
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Free CDN Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
5
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped5 total outputs
Attack Surface

Free CDN Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionget_headerfree_cdn.php:550
actionwp_footerfree_cdn.php:551
actionwp_footerfree_cdn.php:552
actionadmin_menufree_cdn.php:556
actioninitfree_cdn.php:557
Maintenance & Trust

Free CDN Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedDec 25, 2009
PHP min version
Downloads29K

Community Trust

Rating74/100
Number of ratings3
Active installs10
Developer Profile

Free CDN Developer Profile

Phoenixheart

4 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Free CDN

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/free-cdn/free_cdn.php

HTML / DOM Fingerprints

CSS Classes
fCDNForm
Data Attributes
name="apply[css]"name="apply[js]"name="apply[img]"name="apply[bgr]"name="apply[embed]"name="included"+16 more
FAQ

Frequently Asked Questions about Free CDN