Does LCP Accelerator have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is LCP Accelerator compatible with WordPress 6.9.4?

According to WordPress.org data, LCP Accelerator 2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LCP Accelerator compatible with PHP 7.0+?

LCP Accelerator requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LCP Accelerator updated?

LCP Accelerator was last updated on Apr 11, 2026. Frequent updates are generally a positive security signal.

What is LCP Accelerator's security score?

LCP Accelerator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LCP Accelerator Security & Risk Analysis

wordpress.org/plugins/lcp-accelerator

A lightweight plugin to optimize Largest Contentful Paint (LCP) for better page speed.

50 active installs v2.0 PHP 7.0+ WP 5.0+ Updated Apr 11, 2026

lcpoptimizationperformancespeedweb-vitals

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is LCP Accelerator Safe to Use in 2026?

Generally Safe

Score 100/100

LCP Accelerator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The lcp-accelerator plugin version 1.0 exhibits a generally good security posture based on the provided static analysis. It does not utilize dangerous functions, all SQL queries are prepared, and there are no file operations or external HTTP requests, which are all positive signs. The absence of any recorded vulnerabilities in its history further suggests a mature and secure development process up to this point.

However, there are some areas for concern. The plugin has a limited attack surface, with only one shortcode identified, but the complete lack of nonce checks and capability checks across all entry points (even though there are no unprotected AJAX or REST API routes) is a significant oversight. Additionally, only 50% of output is properly escaped, leaving potential for cross-site scripting vulnerabilities in the unescaped outputs.

While the plugin has a clean vulnerability history, this could also be attributed to its relatively small scope or lack of extensive security auditing. The current findings indicate that while the core functionality appears secure, critical security checks are missing, which could be exploited if the attack surface were to expand or if specific edge cases in the unescaped outputs are triggered.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points
Half of outputs not properly escaped

Vulnerabilities

None known

LCP Accelerator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

LCP Accelerator Release Timeline

v1.0

Code Analysis

Analyzed Mar 16, 2026

LCP Accelerator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped2 total outputs

Attack Surface

LCP Accelerator Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[lcp_status] includes\frontend-view.php:10

WordPress Hooks 6

actionwp_enqueue_scriptslcp-accelerator.php:25

actionwp_enqueue_scriptslcp-accelerator.php:32

filterthe_contentlcp-accelerator.php:44

actionwp_headlcp-accelerator.php:60

actionadmin_menulcp-accelerator.php:74

actionadmin_initlcp-accelerator.php:109

Maintenance & Trust

LCP Accelerator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 11, 2026

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

LCP Accelerator Alternatives

Lazy Load Control For Elementor – Remove the Lazy Load attribute from specific images in Elementor

lazy-load-control-for-elementor

100

Remove the Lazy Load attribute from specific images in Elementor.

3K No CVEs

Zero Config Performance Optimization

wpo-tweaks

100

Advanced performance optimizations for WordPress. Improves speed, reduces server resources and optimizes PageSpeed.

2K No CVEs

Core Web Vitals & PageSpeed Booster

core-web-vitals-pagespeed-booster

Core Web Vitals (CWV) is the new ranking factor

1K 1 unpatched

Site Speed Test – SpeedGuard

speedguard

Tracks Core Web Vitals for you. Every single day, for free.

200 No CVEs

Speedup Optimization

speedup-optimization

Boost your website speed by 10x with powerful caching and image optimization! Reduce load times, optimize images, improve Core Web Vitals, and enhance …

100 1 unpatched

Developer Profile

LCP Accelerator Developer Profile

SACHINRAJ CP

10 plugins · 290 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LCP Accelerator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lcp-accelerator/assets/js/lcp-accelerator.js

Script Paths