Does PageSpeed Module have any unpatched vulnerabilities?

No. All known vulnerabilities in PageSpeed Module have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PageSpeed Module compatible with WordPress 6.9.4?

According to WordPress.org data, PageSpeed Module 2.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PageSpeed Module compatible with PHP 7.4+?

PageSpeed Module requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PageSpeed Module updated?

PageSpeed Module was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is PageSpeed Module's security score?

PageSpeed Module has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PageSpeed Module Security & Risk Analysis

wordpress.org/plugins/kagg-pagespeed-module

PageSpeed Module plugin supports WordPress installation under Apache or Nginx with PageSpeed Module.

200 active installs v2.2.0 PHP 7.4+ WP 6.0+ Updated Mar 3, 2026

apachecachemod_pagespeednginxpagespeed-module

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PageSpeed Module Safe to Use in 2026?

Generally Safe

Score 100/100

PageSpeed Module has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "kagg-pagespeed-module" v2.2.0 plugin demonstrates a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, file operations, or unsanitized taint flows is highly encouraging. Furthermore, the plugin exhibits excellent output escaping practices and correctly uses prepared statements for its SQL queries. The presence of a nonce check, even with a limited attack surface, also suggests a basic level of security awareness in its development.

However, there are a few areas that warrant attention. The plugin performs external HTTP requests, which can introduce risks if the target endpoints are compromised or if the requests are not properly validated or secured. The lack of capability checks on any potential entry points (though none were identified) is a concern; if new entry points were to be introduced in future versions, they might lack proper access control. The vulnerability history is clean, indicating a lack of known past issues, which is a positive sign, but it doesn't negate the potential for undiscovered vulnerabilities.

Overall, the plugin appears to be developed with security in mind, especially regarding common web vulnerabilities like SQL injection and cross-site scripting. The primary concerns lie in the potential risks associated with external HTTP requests and the absence of explicit capability checks, which could be a weakness if the attack surface expands. Continued vigilance and code reviews are recommended.

Key Concerns

External HTTP requests present potential risks
Lack of capability checks on entry points

Vulnerabilities

None known

PageSpeed Module Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PageSpeed Module Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped21 total outputs

Attack Surface

PageSpeed Module Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menusrc\php\Main.php:57

actionadmin_initsrc\php\Main.php:64

actionplugins_loadedsrc\php\Main.php:65

actionadmin_enqueue_scriptssrc\php\Main.php:66

actionparse_requestsrc\php\Main.php:68

Maintenance & Trust

PageSpeed Module Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.4

Downloads17K

Community Trust

Rating90/100

Number of ratings4

Active installs200

Alternatives

PageSpeed Module Alternatives

Nginx Helper

nginx-helper

100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs

Proxy Cache Purge

varnish-http-purge

100

Automatically empty proxy cached content when your site is modified.

40K No CVEs

Nginx Cache

nginx-cache

Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.

10K No CVEs

LWSCache

lwscache

This plugin lets you manage and automatically purge your hosting's LWSCache whenever you edit your website's content

8K 1 CVE

Hestia Nginx Cache

hestia-nginx-cache

Purged the Nginx cache automatically after making website changes. Uses the new HestiaCP API, released in 1.6.0.

1K 1 CVE

Developer Profile

PageSpeed Module Developer Profile

kaggdesign

4 plugins · 2K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PageSpeed Module

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kagg-pagespeed-module/assets/css/admin.css/wp-content/plugins/kagg-pagespeed-module/assets/js/admin.js

Version Parameters

kagg-pagespeed-module/assets/css/admin.css?ver=kagg-pagespeed-module/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ps-menu-imageps-menu-titleps-cardps-card-sectionps-card-contentps-card-titleps-card-controlps-btn+2 more

Data Attributes

id="dev_mode"class="ps-checkbox"id="ps-success"id="ps-error"id="purge_styles"id="purge_entire_cache"+2 more

JS Globals

window.mod_pagespeed_ajax_object

FAQ