Does Hyper Cache Extended have any unpatched vulnerabilities?

No. All known vulnerabilities in Hyper Cache Extended have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hyper Cache Extended compatible with WordPress 4.9.29?

According to WordPress.org data, Hyper Cache Extended 1.6.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Hyper Cache Extended updated?

Hyper Cache Extended was last updated on Apr 11, 2018. Frequent updates are generally a positive security signal.

What is Hyper Cache Extended's security score?

Hyper Cache Extended has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hyper Cache Extended Security & Risk Analysis

wordpress.org/plugins/hyper-cache-extended

Hyper Cache Extended is flexible and easy to configure cache system for WordPress. It's aim is to work on any installation.

400 active installs v1.6.3 PHP + WP 2.5+ Updated Apr 11, 2018

cachechachingperformancespeedsuper-cache

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hyper Cache Extended Safe to Use in 2026?

Generally Safe

Score 85/100

Hyper Cache Extended has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

Hyper Cache Extended v1.6.3 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by having no known CVEs, a clean vulnerability history, and utilizing prepared statements for all SQL queries. The limited attack surface with no exposed AJAX handlers, REST API routes, or shortcodes is also a strength. However, significant concerns arise from the static analysis. The presence of the `unserialize` function, combined with two identified flows with unsanitized paths in the taint analysis (one high severity), points to a potential for remote code execution or other critical vulnerabilities if user-controlled data is passed to `unserialize`. Furthermore, the complete lack of output escaping for all 23 identified outputs is a major weakness, exposing the plugin to Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks on the identified cron events also indicates potential for privilege escalation or unauthorized actions if these events are susceptible to manipulation.

Key Concerns

High severity taint flow with unsanitized path
All outputs unescaped (XSS risk)
Dangerous function: unserialize
Flows with unsanitized paths detected
No nonce checks on cron events
No capability checks on cron events

Vulnerabilities

None known

Hyper Cache Extended Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Hyper Cache Extended Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$hyper_data = @ unserialize(file_get_contents($hc_file));cache.php:147

Output Escaping

0% escaped23 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<options> (options.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hyper Cache Extended Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionhyper_cleanplugin.php:80

actionadmin_noticesplugin.php:134

filterplugin_action_links_hyper-cache-extended/plugin.phpplugin.php:169

actionadmin_menuplugin.php:176

actionswitch_themeplugin.php:311

actionedit_postplugin.php:312

actionpublish_postplugin.php:313

actiondelete_postplugin.php:314

filterredirect_canonicalplugin.php:321

Scheduled Events 2

hyper_clean

Maintenance & Trust

Hyper Cache Extended Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 11, 2018

PHP min version

Downloads77K

Community Trust

Rating98/100

Number of ratings14

Active installs400

Alternatives

Hyper Cache Extended Alternatives

WPBase Cache

wpbase-cache

A wordpress plugin for using all caches on varnish, nginx, php-fpm stack with php-apc. This plugin includes db-cache-reloaded-fix for dbcache.

4K No CVEs

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

The simplest and fastest WP Cache system

1.0M 35 CVEs

WP Super Cache

wp-super-cache

A very fast caching engine for WordPress that produces static html files.

1.0M 12 CVEs

Jetpack Boost – Website Speed, Performance and Critical CSS

jetpack-boost

Speed up your WordPress site with one-click optimizations like Page Cache, Critical CSS, and Image CDN to improve Core Web Vitals.

200K 2 CVEs

Aruba HiSpeed Cache

aruba-hispeed-cache

Aruba HiSpeed Cache interfaces directly with an Aruba hosting platform's HiSpeed Cache service and automates its management.

100K 6 CVEs

Developer Profile

Hyper Cache Extended Developer Profile

mlazarov

10 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hyper Cache Extended

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hyper-cache-extended/hyper-cache-extended.css/wp-content/plugins/hyper-cache-extended/hyper-cache-extended.js

Script Paths

/wp-content/plugins/hyper-cache-extended/hyper-cache-extended.js

Version Parameters

hyper-cache-extended/hyper-cache-extended.css?ver=hyper-cache-extended/hyper-cache-extended.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-hyper-cache-typedata-hyper-cache-iddata-hyper-cache-timedata-hyper-cache-hash

JS Globals

hyper_cache_status

FAQ