[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsxrDqSHTAwKQ58sG5f87GXm7RYZkrtgSnXlGnE1-NR8":3,"$ftigy69xNWr_tahER8UL5l_y9wsAVT1Xyoa4hksxHhBU":344},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":130,"fingerprints":324},"optimize-redis-post-views","Redis Post Views","1.7","Razvan Stanga","https:\u002F\u002Fprofiles.wordpress.org\u002Frazvanstanga\u002F","\u003Cp>Imagine a high traffic website that needs post views as an algorithm to display posts on the homepage.\u003Cbr \u002F>\nThis website also uses \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvcaching\u002F\" rel=\"ugc\">Varnish Caching\u003C\u002Fa>. So we need an AJAX based post views counter.\u003Cbr \u002F>\nNow imagine a minimum 5000 concurrent users browsing the website, so we can’t use the default “AJAX in Plugins” as live updates on the backend using update_post_meta will be very painful for the backend.\u003C\u002Fp>\n\u003Cp>So what can we do ?\u003C\u002Fp>\n\u003Cp>What if all these post views counts will be done in memory using Redis ?\u003Cbr \u002F>\nThen we run a cornjob using WP-CLI to sync the post views count in Redis to the WordPress database.\u003C\u002Fp>\n\u003Cp>Redis Post Views was born.\u003C\u002Fp>\n","Highly optimized post views counter using Redis",10,1658,0,"2018-07-27T06:32:00.000Z","4.9.29","4.5","5.2.4",[19,20,21,22,23],"cache","caching","optimization","postviews","redis","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Foptimize-redis-post-views\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foptimize-redis-post-views.1.7.zip",85,null,"2026-04-06T09:54:40.288Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"razvanstanga",2,810,62,30,67,"2026-04-07T14:30:35.238Z",[39,62,80,98,114],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":59,"download_link":60,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"redis-cache","Redis Object Cache","2.7.0","Till Krüss","https:\u002F\u002Fprofiles.wordpress.org\u002Ftillkruess\u002F","\u003Cp>A persistent object cache backend powered by Redis®¹. Supports \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpredis\u002Fpredis\u002F\" rel=\"nofollow ugc\">Predis\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fphpredis\u002Fphpredis\" rel=\"nofollow ugc\">PhpRedis (PECL)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frelaycache.com\" rel=\"nofollow ugc\">Relay\u003C\u002Fa>, replication, sentinels, clustering and \u003Ca href=\"https:\u002F\u002Fwp-cli.org\u002F\" rel=\"nofollow ugc\">WP-CLI\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To adjust the connection parameters, prefix cache keys or configure replication\u002Fclustering, see the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frhubarbgroup\u002Fredis-cache\u002F#configuration\" rel=\"nofollow ugc\">configuration options\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Object Cache Pro\u003C\u002Fh4>\n\u003Cp>A \u003Cstrong>business class\u003C\u002Fstrong> Redis®¹ object cache backend. Truly reliable, highly optimized, fully customizable and with a dedicated engineer when you most need it.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rewritten for raw performance\u003C\u002Fli>\n\u003Cli>100% WordPress API compliant\u003C\u002Fli>\n\u003Cli>Faster serialization and compression\u003C\u002Fli>\n\u003Cli>Easy debugging & logging\u003C\u002Fli>\n\u003Cli>Cache prefetching and analytics\u003C\u002Fli>\n\u003Cli>Fully unit tested (100% code coverage)\u003C\u002Fli>\n\u003Cli>Secure connections with TLS\u003C\u002Fli>\n\u003Cli>Health checks via WordPress & WP CLI\u003C\u002Fli>\n\u003Cli>Optimized for WooCommerce, Jetpack & Yoast SEO\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more about \u003Ca href=\"https:\u002F\u002Fobjectcache.pro\u002F?ref=oss&utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">Object Cache Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>¹ Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Redis Object Cache is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and Redis Object Cache.\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Cp>Answers to common questions and troubleshooting of common errors can be found in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frhubarbgroup\u002Fredis-cache\u002Fblob\u002Fdevelop\u002FFAQ.md\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>. Reading these is always faster than waiting for a response in the support forums.\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>The plugin comes with vast set of \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frhubarbgroup\u002Fredis-cache\u002F#configuration\" rel=\"nofollow ugc\">configuration options\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frhubarbgroup\u002Fredis-cache\u002F#connections\" rel=\"nofollow ugc\">connection examples\u003C\u002Fa>. Advanced users may consult \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frhubarbgroup\u002Fredis-cache\u002Fblob\u002Fdevelop\u002FREADME.md#scaling\" rel=\"nofollow ugc\">Scaling and replication\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>WP CLI commands\u003C\u002Fh3>\n\u003Cp>Redis Object Cache has various WP CLI commands, for more information run \u003Ccode>wp help redis\u003C\u002Fcode> after installing the plugin.\u003C\u002Fp>\n","A persistent object cache backend powered by Redis®¹. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.",300000,16129712,90,173,"2026-01-29T16:40:00.000Z","6.9.4","4.6","7.2",[20,56,57,23,58],"object-cache","performance","relay","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fredis-cache\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fredis-cache.2.7.0.zip",100,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":61,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":78,"download_link":79,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"pj-page-cache-red","Redis Page Cache","0.8.3","Pressjitsu","https:\u002F\u002Fprofiles.wordpress.org\u002Fpressjitsu\u002F","\u003Cp>A Redis-backed full page caching plugin for WordPress, extremely flexible and fast. Requires a running \u003Ca href=\"http:\u002F\u002Fredis.io\u002F\" rel=\"nofollow ugc\">Redis server\u003C\u002Fa> and the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fphpredis\u002Fphpredis\" rel=\"nofollow ugc\">PHP Redis PECL\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Serves full cached pages from memory\u003C\u002Fli>\n\u003Cli>Caches redirects, 404s and other response codes\u003C\u002Fli>\n\u003Cli>Just-in-time cache expiry\u002Fregeneration\u003C\u002Fli>\n\u003Cli>Cache status headers for monitoring hit rate\u003C\u002Fli>\n\u003Cli>Smart and flexible cache invalidation\u003C\u002Fli>\n\u003Cli>Serves stale cache during regeneration\u003C\u002Fli>\n\u003Cli>Configurable list of ignored cookies and request variables\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For an installation and configuration guide please visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpressjitsu\u002Fpj-page-cache-red\" rel=\"nofollow ugc\">full documentation on GitHub\u003C\u002Fa>. If you need any assistance please reach out to \u003Ca href=\"https:\u002F\u002Fpressjitsu.com\" rel=\"nofollow ugc\">Pressjitsu\u003C\u002Fa> via live chat or e-mail, or open a new thread in the WordPress.org support forums.\u003C\u002Fp>\n","A Redis-backed full page caching plugin for WordPress, extremely flexible and fast.",17042,86,6,"2020-04-01T08:42:00.000Z","5.4.19","4.4","",[19,20,57,23],"https:\u002F\u002Fpressjitsu.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpj-page-cache-red.0.8.3.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":49,"downloaded":88,"rating":61,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":76,"tags":93,"homepage":96,"download_link":97,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-nav-menu-cache","WP Nav Menu Cache","2.2","Md Jahidul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Fonetarek\u002F","\u003Cp>“\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fonetarek.com\u002Fmy-wordpress-plugins\u002Fwp-nav-menu-cache\u002F\" rel=\"nofollow ugc\">WP Nav Menu Cache\u003C\u002Fa>\u003C\u002Fstrong>” plugin help you to make your WordPress dynamic navigation menu to a static menu. For each page visit WordPress run some MySQL query and complex PHP codes to generate navigation menu that you are using on front-end. Your menu content is not being changed until you change that manually. So why do you need to use your server resource on every page visit to generate a menu? This plugin saves your dynamic menus into some separate static HTML files. When you add, edit or remove any menu item using dashboard then this plugin update its cached files. When a menu is called from website front-end then this plugin stops WordPress to generate that newly and serve from the previouly saved static file. This process reduces some MySQL query , saves your server resource and increases page speed.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Exclude any theme location from caching you don’t want to cache any menu of\u003C\u002Fli>\n\u003Cli>Exclude any menu you don’t want to cache\u003C\u002Fli>\n\u003Cli>Choose wheather this plugin will cache each menu individually for each post\u002Fpage or any visited url.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create cache for dynamically generated navigation menu HTML and serve from a static file. It reduces some MySQL queries and increases page speed.",5398,3,"2023-01-18T13:49:00.000Z","6.1.10","3.8.0",[19,20,57,94,95],"web-performance-optimization","wp-cache","http:\u002F\u002Fonetarek.com\u002Fmy-wordpress-plugins\u002Fwp-nav-menu-cache\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-nav-menu-cache.2.2.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":13,"downloaded":106,"rating":13,"num_ratings":13,"last_updated":107,"tested_up_to":52,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":112,"download_link":113,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"provelopers-cache-manager","Provelopers Cache Manager","1.0.0","Provelopers","https:\u002F\u002Fprofiles.wordpress.org\u002Fprovelopers\u002F","\u003Cp>Managing cache on a modern WordPress site means dealing with multiple independent layers — the edge WAF, the server proxy, the WordPress object cache, and whatever caching plugin happens to be active. Most tools only address one of these layers, leaving the rest to be cleared manually.\u003C\u002Fp>\n\u003Cp>If your site is hosted on GoDaddy or protected by Sucuri Website Security, you know the pain of logging into a separate dashboard just to flush the WAF cache after every update. Provelopers Cache Manager eliminates that step entirely.\u003C\u002Fp>\n\u003Cp>This plugin uses external services only when explicitly configured by the user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Provelopers Cache Manager\u003C\u002Fstrong> brings every cache layer under one clean admin interface. One click ensures your visitors always see the most up-to-date content.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>One-Click Full Flush\u003C\u002Fstrong>\u003Cbr \u002F>\nPurge every cache layer simultaneously — WAF, server proxy, and WordPress — with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Selective Cache Flushing\u003C\u002Fstrong>\u003Cbr \u002F>\nFlush specific layers like WAF or WordPress cache independently without affecting others.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WAF Cache Integration (Sucuri & GoDaddy)\u003C\u002Fstrong>\u003Cbr \u002F>\nConnect your WAF API credentials to purge cache directly via the Sucuri Web Application Firewall API. Fully compatible with GoDaddy Website Security (Sucuri-powered). Includes HTTP fallback if API is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Cache Clearing\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically purge caches when:\u003Cbr \u002F>\n– Posts are published or updated\u003Cbr \u002F>\n– Comments are posted\u003Cbr \u002F>\n– Theme is switched\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Caching Plugin Support\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically detects and clears cache for:\u003Cbr \u002F>\n– WP Rocket\u003Cbr \u002F>\n– W3 Total Cache\u003Cbr \u002F>\n– WP Super Cache\u003Cbr \u002F>\n– LiteSpeed Cache\u003Cbr \u002F>\n– Any plugin using native WordPress object cache\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Persistent Audit Log\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack every cache flush with timestamp, user, and action. Logs are securely stored and manageable from the admin panel.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real-Time Debug Panel\u003C\u002Fstrong>\u003Cbr \u002F>\nView detailed step-by-step feedback after each manual flush to verify which layers were cleared.\u003C\u002Fp>\n\u003Ch4>Why Provelopers Cache Manager?\u003C\u002Fh4>\n\u003Cp>Unlike most cache tools that are limited to a single layer or hosting provider, Provelopers Cache Manager works across all cache layers and environments. It is lightweight, admin-only, and has zero impact on front-end performance.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store personal user data.\u003C\u002Fp>\n\u003Cp>If WAF API integration is enabled, the plugin sends API credentials (API Key and Secret) and cache purge requests to the Sucuri WAF service when a cache flush is triggered. No personal user data or visitor browsing data is transmitted.\u003C\u002Fp>\n\u003Cp>Logs are stored locally on your server and are not shared externally.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services to perform cache purging functionality.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Sucuri WAF API (also used by GoDaddy Website Security)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Purpose:\u003Cbr \u002F>\nThis service is used to remotely clear (purge) the website firewall (WAF) cache.\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– API Key\u003Cbr \u002F>\n– API Secret\u003Cbr \u002F>\n– Cache purge request (clearcache action)\u003C\u002Fp>\n\u003Cp>When data is sent:\u003Cbr \u002F>\n– When a user manually triggers a cache flush from the dashboard\u003Cbr \u002F>\n– When automatic cache clearing is triggered (if enabled)\u003C\u002Fp>\n\u003Cp>This service is provided by Sucuri Inc.\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fsucuri.net\u002Fterms\u002F\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fsucuri.net\u002Fprivacy\u002F\u003C\u002Fp>\n","Flush WAF, server, and WordPress caches from one dashboard. Supports GoDaddy, Sucuri, WP Rocket, W3TC, and LiteSpeed.",52,"2026-03-30T19:58:00.000Z","5.8","7.4",[19,20,111,21,57],"godaddy","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprovelopers-cache-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprovelopers-cache-manager.1.0.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":13,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":52,"requires_at_least":124,"requires_php":109,"tags":125,"homepage":128,"download_link":129,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"snappy","Snappy","0.1","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fsnappy\u002Fissues\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Caching for a snappier website.\u003C\u002Fp>\n\u003Cp>When a WordPress page loads normally, it goes through:\u003C\u002Fp>\n\u003Col>\n\u003Cli>PHP execution\u003C\u002Fli>\n\u003Cli>Database queries (often 20-50+ queries)\u003C\u002Fli>\n\u003Cli>Theme processing\u003C\u002Fli>\n\u003Cli>Plugin execution\u003C\u002Fli>\n\u003Cli>HTML generation\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>With Snappy file-based caching, it skips all that and just serves a static HTML file.\u003C\u002Fp>\n\u003Cp>Estimates for performance improvement:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>2x faster is conservative and achievable for most sites\u003C\u002Fli>\n\u003Cli>5x faster is realistic for database-heavy sites\u003C\u002Fli>\n\u003Cli>10x faster is possible for poorly optimized sites with many plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Version\u003C\u002Fh4>\n\u003Cp>Snappy is fully capable with its core caching capability, but if you want or need additional optimization and control, advanced settings are available at \u003Ca href=\"https:\u002F\u002Fsnappywp.me\u002F\" rel=\"nofollow ugc\">snappywp.me\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>HTML, CSS, and JavaScript minification\u003C\u002Fli>\n\u003Cli>GZIP compression\u003C\u002Fli>\n\u003Cli>Lazy loading for images and videos\u003C\u002Fli>\n\u003Cli>Video embed optimization (YouTube\u002FVimeo facades)\u003C\u002Fli>\n\u003Cli>Font preloading\u003C\u002Fli>\n\u003Cli>Database cleanup (spam, revisions, transients)\u003C\u002Fli>\n\u003Cli>Automatic weekly database optimization\u003C\u002Fli>\n\u003Cli>Cache preloading from sitemap\u003C\u002Fli>\n\u003Cli>Defer JavaScript with exclusions\u003C\u002Fli>\n\u003Cli>Critical CSS extraction and inlining\u003C\u002Fli>\n\u003Cli>WordPress Heartbeat control\u003C\u002Fli>\n\u003Cli>Resource hints (preload, prefetch, DNS-prefetch)\u003C\u002Fli>\n\u003Cli>Browser caching headers via .htaccess\u003C\u002Fli>\n\u003Cli>Security headers (X-Frame-Options, CSP, etc.)\u003C\u002Fli>\n\u003Cli>Cloudflare integration with optimized settings\u003C\u002Fli>\n\u003Cli>CDN integration with URL rewriting\u003C\u002Fli>\n\u003Cli>Settings import\u002Fexport\u003C\u002Fli>\n\u003Cli>Self-hosted update system\u003C\u002Fli>\n\u003C\u002Ful>\n","Caching for a snappier website.",187,"2026-03-04T02:35:00.000Z","5.0",[19,20,126,127],"page-cache","speed-optimization","https:\u002F\u002Fsnappywp.me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnappy.zip",{"attackSurface":131,"codeSignals":159,"taintFlows":256,"riskAssessment":309,"analyzedAt":323},{"hooks":132,"ajaxHandlers":146,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":32,"unprotectedCount":32},[133,138,142],{"type":134,"name":135,"callback":135,"file":136,"line":137},"action","init","classes\\redis_post_views.php",35,{"type":134,"name":139,"callback":140,"file":136,"line":141},"wp_enqueue_scripts","enqueue_js",47,{"type":134,"name":143,"callback":144,"file":136,"line":145},"admin_menu","add_menu_item",49,[147,152],{"action":148,"nopriv":149,"callback":150,"hasNonce":149,"hasCapCheck":149,"file":136,"line":151},"rpv_sync_action",false,"sync_action",50,{"action":153,"nopriv":149,"callback":154,"hasNonce":149,"hasCapCheck":149,"file":136,"line":155},"rpv_sync_all_action","sync_all_action",51,[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":255},[],{"prepared":13,"raw":13,"locations":162},[],{"escaped":72,"rawEcho":145,"locations":164},[165,169,171,173,175,177,178,179,181,182,183,185,186,187,189,191,193,195,197,199,201,202,204,205,207,208,210,212,214,216,218,220,222,224,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253],{"file":166,"line":167,"context":168},"classes\\redis_post_view.php",88,"raw output",{"file":136,"line":170,"context":168},225,{"file":136,"line":172,"context":168},264,{"file":136,"line":174,"context":168},269,{"file":136,"line":176,"context":168},275,{"file":136,"line":176,"context":168},{"file":136,"line":176,"context":168},{"file":136,"line":180,"context":168},276,{"file":136,"line":180,"context":168},{"file":136,"line":180,"context":168},{"file":136,"line":184,"context":168},278,{"file":136,"line":184,"context":168},{"file":136,"line":184,"context":168},{"file":136,"line":188,"context":168},282,{"file":136,"line":190,"context":168},292,{"file":136,"line":192,"context":168},302,{"file":136,"line":194,"context":168},305,{"file":136,"line":196,"context":168},307,{"file":136,"line":198,"context":168},316,{"file":136,"line":200,"context":168},323,{"file":136,"line":200,"context":168},{"file":136,"line":203,"context":168},324,{"file":136,"line":203,"context":168},{"file":136,"line":206,"context":168},325,{"file":136,"line":206,"context":168},{"file":136,"line":209,"context":168},339,{"file":136,"line":211,"context":168},351,{"file":136,"line":213,"context":168},352,{"file":136,"line":215,"context":168},362,{"file":136,"line":217,"context":168},369,{"file":136,"line":219,"context":168},388,{"file":136,"line":221,"context":168},389,{"file":136,"line":223,"context":168},390,{"file":136,"line":223,"context":168},{"file":136,"line":226,"context":168},392,{"file":136,"line":228,"context":168},398,{"file":136,"line":230,"context":168},404,{"file":136,"line":232,"context":168},412,{"file":136,"line":234,"context":168},420,{"file":136,"line":236,"context":168},421,{"file":136,"line":238,"context":168},426,{"file":136,"line":240,"context":168},427,{"file":136,"line":242,"context":168},428,{"file":136,"line":244,"context":168},429,{"file":136,"line":246,"context":168},430,{"file":136,"line":248,"context":168},431,{"file":136,"line":250,"context":168},432,{"file":136,"line":252,"context":168},433,{"file":136,"line":254,"context":168},437,[],[257,275,286,294],{"entryPoint":258,"graph":259,"unsanitizedCount":273,"severity":274},"sync_action (classes\\redis_post_views.php:220)",{"nodes":260,"edges":271},[261,266],{"id":262,"type":263,"label":264,"file":136,"line":265},"n0","source","$_POST",222,{"id":267,"type":268,"label":269,"file":136,"line":170,"wp_function":270},"n1","sink","echo() [XSS]","echo",[272],{"from":262,"to":267,"sanitized":149},1,"medium",{"entryPoint":276,"graph":277,"unsanitizedCount":13,"severity":285},"post_view (classes\\redis_post_view.php:65)",{"nodes":278,"edges":282},[279,281],{"id":262,"type":263,"label":264,"file":166,"line":280},75,{"id":267,"type":268,"label":269,"file":166,"line":167,"wp_function":270},[283],{"from":262,"to":267,"sanitized":284},true,"low",{"entryPoint":287,"graph":288,"unsanitizedCount":13,"severity":285},"\u003Credis_post_view> (classes\\redis_post_view.php:0)",{"nodes":289,"edges":292},[290,291],{"id":262,"type":263,"label":264,"file":166,"line":280},{"id":267,"type":268,"label":269,"file":166,"line":167,"wp_function":270},[293],{"from":262,"to":267,"sanitized":284},{"entryPoint":295,"graph":296,"unsanitizedCount":308,"severity":285},"\u003Credis_post_views> (classes\\redis_post_views.php:0)",{"nodes":297,"edges":305},[298,300,301,303],{"id":262,"type":263,"label":299,"file":136,"line":265},"$_POST (x5)",{"id":267,"type":268,"label":269,"file":136,"line":170,"wp_function":270},{"id":302,"type":263,"label":264,"file":136,"line":265},"n2",{"id":304,"type":268,"label":269,"file":136,"line":221,"wp_function":270},"n3",[306,307],{"from":262,"to":267,"sanitized":149},{"from":302,"to":304,"sanitized":284},5,{"summary":310,"deductions":311},"The 'optimize-redis-post-views' plugin v1.7 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and avoiding dangerous functions, file operations, and external HTTP requests, it has significant security concerns. The primary weaknesses lie in its attack surface, with two AJAX handlers identified, both lacking authentication checks. This means any unauthenticated user can potentially interact with these handlers, leading to risks of unauthorized actions. Furthermore, only 11% of output is properly escaped, increasing the likelihood of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on these entry points exacerbates the risk of these unauthenticated AJAX actions being exploited.\n\nThe vulnerability history is clean, with no known CVEs, which is a positive indicator of past security attention. However, this does not mitigate the immediate risks identified in the static analysis. The taint analysis shows two flows with unsanitized paths, though they are not classified as critical or high severity. This still suggests potential avenues for manipulation if an attacker can control the input to these flows.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL and vulnerable bundled libraries, the lack of authentication and insufficient output escaping on its AJAX endpoints are critical vulnerabilities. These directly expose the plugin to potential attacks by unauthenticated users. The clean vulnerability history is a positive sign but should not lead to complacency given the current static analysis findings.",[312,314,317,319,321],{"reason":313,"points":11},"AJAX handlers without auth checks",{"reason":315,"points":316},"Low percentage of properly escaped output",8,{"reason":318,"points":308},"AJAX handlers without nonce checks",{"reason":320,"points":308},"AJAX handlers without capability checks",{"reason":322,"points":32},"Flows with unsanitized paths (low severity)","2026-03-16T23:14:17.789Z",{"wat":325,"direct":336},{"assetPaths":326,"generatorPatterns":330,"scriptPaths":331,"versionParams":332},[327,328,329],"\u002Fwp-content\u002Fplugins\u002Foptimize-redis-post-views\u002Fadmin\u002Fjs\u002Fposts-queue.js","\u002Fwp-content\u002Fplugins\u002Foptimize-redis-post-views\u002Fadmin\u002Fjs\u002FChart.min.js","\u002Fwp-content\u002Fplugins\u002Foptimize-redis-post-views\u002Fjs\u002Finit.js",[],[327,328,329],[333,334,335],"optimize-redis-post-views\u002Fadmin\u002Fjs\u002Fposts-queue.js?ver=","optimize-redis-post-views\u002Fadmin\u002Fjs\u002FChart.min.js?ver=","optimize-redis-post-views\u002Fjs\u002Finit.js?ver=",{"cssClasses":337,"htmlComments":338,"htmlAttributes":339,"restEndpoints":340,"jsGlobals":341,"shortcodeOutput":343},[],[],[],[],[342],"var _rpv",[],{"slug":4,"current_version":6,"total_versions":273,"versions":345},[346],{"version":6,"download_url":25,"svn_tag_url":347,"released_at":27,"has_diff":149,"diff_files_changed":348,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":349,"is_current":284},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Foptimize-redis-post-views\u002Ftags\u002F1.7\u002F",[],[]]