GoCache Security & Risk Analysis
wordpress.org/plugins/gocache-cdnAcelere seu site e reduza seus custos com cloud.
Is GoCache Safe to Use in 2026?
Mostly Safe
Score 70/100GoCache is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.
The "gocache-cdn" v1.3.6 plugin presents a significant security risk primarily due to its unprotected AJAX handlers. The static analysis revealed a substantial attack surface with 6 AJAX handlers, all of which lack proper authorization checks. This is a critical vulnerability that could allow unauthenticated users to trigger arbitrary actions within the plugin.
While the plugin shows some good practices, such as using prepared statements for SQL queries and generally good output escaping, these strengths are overshadowed by the fundamental security flaws. The absence of capability checks further exacerbates the risk associated with the unprotected AJAX endpoints. The vulnerability history, showing a known medium severity CVE from 2025-10-17 related to "Missing Authorization," reinforces this concern and indicates a recurring pattern of authorization issues. The fact that this CVE is currently unpatched is a serious red flag.
In conclusion, despite some positive coding practices, the "gocache-cdn" plugin is highly vulnerable. The unprotected AJAX handlers, combined with a history of authorization-related vulnerabilities that remain unpatched, make this plugin a prime target for attackers. Remediation of the authorization checks on AJAX endpoints is paramount.
Key Concerns
- 6 unprotected AJAX handlers
- 0 capability checks
- 1 unpatched medium severity CVE
- Missing Authorization vulnerability pattern
GoCache Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
GoCache <= 1.3.6 - Missing Authorization
GoCache Release Timeline
GoCache Code Analysis
Output Escaping
GoCache Attack Surface
AJAX Handlers 6
WordPress Hooks 11
Maintenance & Trust
GoCache Maintenance & Trust
Maintenance Signals
Community Trust
GoCache Alternatives
LWS Optimize – All-in-One Speed Booster & Cache Tools
lws-optimize
All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!
WP Compress – Instant Performance & Speed Optimization
wp-compress-image-optimizer
Everything you need for a faster website – smart optimization, advanced caching, adaptive images, WebP creation, script improvements, optional CDN del …
Swift Performance Lite
swift-performance-lite
Swift Performance is a cache and performance booster plugin. It can speed up your site, improve SEO scores and user experience.
Core Web Vitals & PageSpeed Booster
core-web-vitals-pagespeed-booster
Core Web Vitals (CWV) is the new ranking factor
F12 Profiler
f12-profiler
Comprehensive WordPress performance analysis with crawling, load time measurement, server diagnostics, and integrated optimization tools. Free.
GoCache Developer Profile
6 plugins · 1K total installs
How We Detect GoCache
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/gocache-cdn/assets/javascripts/built.js/wp-content/plugins/gocache-cdn/assets/stylesheets/style.css/wp-content/plugins/gocache-cdn/assets/javascripts/built.jsgocache-cdn/assets/javascripts/built.js?ver=gocache-cdn/assets/stylesheets/style.css?ver=HTML / DOM Fingerprints
AdminGlobalVars