Does Oxyplug Prefetch & Prerender have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Oxyplug Prefetch & Prerender compatible with WordPress 6.8.5?

According to WordPress.org data, Oxyplug Prefetch & Prerender 3.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Oxyplug Prefetch & Prerender compatible with PHP 7.4+?

Oxyplug Prefetch & Prerender requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Oxyplug Prefetch & Prerender updated?

Oxyplug Prefetch & Prerender was last updated on Apr 9, 2025. Frequent updates are generally a positive security signal.

What is Oxyplug Prefetch & Prerender's security score?

Oxyplug Prefetch & Prerender has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Oxyplug Prefetch & Prerender Security & Risk Analysis

wordpress.org/plugins/oxyplug-prefetch

Faster loading next pages by prerendering/prefetching all links a user hovers or addresses you prefer. It improves UX and Core Web Vitals score.

100 active installs v3.0.1 PHP 7.4+ WP 5.3+ Updated Apr 9, 2025

core-web-vitalsoxyprefetchprerenderspeculationrules

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Oxyplug Prefetch & Prerender Safe to Use in 2026?

Generally Safe

Score 92/100

Oxyplug Prefetch & Prerender has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "oxyplug-prefetch" plugin v3.0.1 exhibits a generally good security posture with several strong practices in place. The complete absence of dangerous functions, SQL injection risks due to 100% prepared statements, and a high rate of output escaping (94%) are commendable. Furthermore, the plugin has no known historical vulnerabilities, indicating a history of secure development or timely patching if issues did arise. The presence of nonce and capability checks on most entry points also suggests an awareness of common WordPress security pitfalls.

However, a significant concern arises from the presence of one unprotected AJAX handler. This handler represents a direct entry point into the plugin's functionality without any authentication or authorization checks, making it a prime target for unauthorized actions. While the taint analysis shows no critical or high severity issues, and the attack surface is relatively small, this single unprotected entry point poses a tangible risk.

In conclusion, while "oxyplug-prefetch" demonstrates good core security practices, the single unprotected AJAX handler introduces a specific and exploitable vulnerability. The lack of historical CVEs is a positive indicator, but it doesn't negate the immediate risk presented by the identified code weakness. Addressing the unprotected AJAX handler should be the immediate priority to fully secure the plugin.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Oxyplug Prefetch & Prerender Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Oxyplug Prefetch & Prerender Release Timeline

v3.0.1Current

v3.0.0

v2.1.2

v2.1.1

v2.0.1

v2.0.0

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.1

Code Analysis

Analyzed Mar 16, 2026

Oxyplug Prefetch & Prerender Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped64 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

save_prefetch_settings (oxy-prefetch.php:688)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Oxyplug Prefetch & Prerender Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_save_prefetch_settingsoxy-prefetch.php:102

authwp_ajax_dismiss_prerender_noticeoxy-prefetch.php:107

authwp_ajax_oxy_prefetch_admin_noticesoxy-prefetch.php:117

REST API Routes 1

POST/wp-json/oxy-prefetch/v1/save-links/oxy-prefetch.php:806

WordPress Hooks 12

actionplugins_loadedoxy-prefetch.php:58

actionadmin_menuoxy-prefetch.php:64

actionadmin_headoxy-prefetch.php:66

actionadmin_enqueue_scriptsoxy-prefetch.php:98

actionenqueue_block_editor_assetsoxy-prefetch.php:99

actionsave_postoxy-prefetch.php:103

actionrest_api_initoxy-prefetch.php:104

actionwp_footeroxy-prefetch.php:110

actionadd_meta_boxesoxy-prefetch.php:113

actionadmin_noticesoxy-prefetch.php:116

filterpost_updated_messagesoxy-prefetch.php:118

filterplugin_action_linksoxy-prefetch.php:121

Maintenance & Trust

Oxyplug Prefetch & Prerender Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 9, 2025

PHP min version7.4

Downloads6K

Community Trust

Rating100/100

Number of ratings4

Active installs100

Alternatives

Oxyplug Prefetch & Prerender Alternatives

Speculative Loading

speculation-rules

100

Enables browsers to speculatively prerender or prefetch pages to achieve near-instant loads based on user interaction.

70K No CVEs

Pre* Party Resource Hints

pre-party-browser-hints

Take advantage of browser resource hints and plug-and-play features to improve page load time.

6K 1 unpatched

Prerender and Prefetch

prerender-and-prefetch

Puts Prerender and Prefetch tag in the page. Allowing compatible navigators to do a pre-load of the page you figure the visitor is going to go.

50 No CVEs

Fast Forward

fast-forward

Help browsers preload content to speed up the next page view.

10 No CVEs

LH Prefetch and Render

lh-prefetch-and-render

A simple yet effective way of setting which pages to prefetch and prerender on your site.

10 No CVEs

Developer Profile

Oxyplug Prefetch & Prerender Developer Profile

Oxyplug Team

5 plugins · 730 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Oxyplug Prefetch & Prerender

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oxyplug-prefetch/assets/css/style.css/wp-content/plugins/oxyplug-prefetch/assets/js/dist/tools_page_oxy-prefetch-settings.js/wp-content/plugins/oxyplug-prefetch/assets/js/dist/post.js/wp-content/plugins/oxyplug-prefetch/assets/js/dist/switch.js/wp-content/plugins/oxyplug-prefetch/assets/js/dist/outlined-text-field.js/wp-content/plugins/oxyplug-prefetch/assets/js/dist/icon.js/wp-content/plugins/oxyplug-prefetch/assets/js/dist/icon-button.js/wp-content/plugins/oxyplug-prefetch/assets/js/dist/outlined-button.js+1 more

Version Parameters

oxyplug-prefetch/assets/css/style.css?ver=oxyplug-prefetch/assets/js/dist/tools_page_oxy-prefetch-settings.js?ver=oxyplug-prefetch/assets/js/dist/post.js?ver=oxyplug-prefetch/assets/js/dist/switch.js?ver=oxyplug-prefetch/assets/js/dist/outlined-text-field.js?ver=oxyplug-prefetch/assets/js/dist/icon.js?ver=oxyplug-prefetch/assets/js/dist/icon-button.js?ver=oxyplug-prefetch/assets/js/dist/outlined-button.js?ver=oxyplug-prefetch/assets/js/dist/filled-button.js?ver=

HTML / DOM Fingerprints

CSS Classes

oxy-prefetch-admin-pageoxy-prefetch-admin-headoxy-prefetch-head-titleoxy-prefetch-brand-highlightoxy-prefetch-need-helpoxy-prefetch-settings-wrapperoxy-prefetch-settings-formoxy-prefetch-settings-group+13 more

Data Attributes

data-oxy-prefetch-version

JS Globals

OXY_PREFETCH_VERSION

REST Endpoints

/wp-json/oxyplug-prefetch/v1/settings

FAQ