Does PhastPress have any unpatched vulnerabilities?

No. All known vulnerabilities in PhastPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PhastPress compatible with WordPress 6.8.5?

According to WordPress.org data, PhastPress 3.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is PhastPress compatible with PHP 7.3+?

PhastPress requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PhastPress updated?

PhastPress was last updated on Feb 11, 2026. Frequent updates are generally a positive security signal.

What is PhastPress's security score?

PhastPress has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PhastPress Security & Risk Analysis

wordpress.org/plugins/phastpress

PhastPress automatically optimizes your site for the best possible performance.

10K active installs v3.9 PHP 7.3+ WP 6.2+ Updated Feb 11, 2026

optimisationoptimizationpage-speedpagespeed-insightsspeed

A · Safe

CVEs total2

Unpatched0

Last CVEDec 22, 2025

Download

Safety Verdict

Is PhastPress Safe to Use in 2026?

Generally Safe

Score 93/100

PhastPress has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 22, 2025Updated 1mo ago

Risk Assessment

The PhastPress plugin v3.9 exhibits a mixed security posture, with several concerning aspects that outweigh its strengths. While the plugin demonstrates good practices in its SQL query handling, utilizing prepared statements exclusively, and includes nonces and capability checks, these are overshadowed by critical vulnerabilities in its attack surface and code signals. The presence of an unprotected AJAX handler presents a significant entry point for potential attacks. Furthermore, the use of the `unserialize` function is a known risk, as it can lead to arbitrary code execution if fed untrusted data, and the low percentage of properly escaped output further exacerbates this risk. The plugin's vulnerability history is also a major concern, with two known CVEs, including a past critical vulnerability. While currently unpatched vulnerabilities are reported as zero, the nature of past vulnerabilities (Null Byte injection, Open Redirect) suggests a pattern of weaknesses that attackers could exploit. The overall risk is moderate to high due to the combination of an exposed attack vector, dangerous function usage, and a history of significant security flaws.

Key Concerns

Unprotected AJAX handler
Dangerous function: unserialize
Low output escaping percentage
Past critical CVE
Past medium CVE
Flows with unsanitized paths

Vulnerabilities

PhastPress Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-14388critical · 9.8Improper Neutralization of Null Byte or NUL Character

PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection

Dec 22, 2025 Patched in 3.8 (1d)

CVE-2021-24210medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

PhastPress <= 1.110 - Open Redirect

Mar 19, 2021 Patched in 1.111 (1040d)

Code Analysis

Analyzed Mar 16, 2026

PhastPress Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = @unserialize($value);sdk\phast.php:164

unserialize$config = unserialize($json);sdk\phast.php:9753

SQL Query Safety

100% prepared7 total queries

Output Escaping

13% escaped15 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

exitWithError (sdk\phast.php:5036)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

PhastPress Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_phastpress_ajax_dispatchbootstrap.php:52

WordPress Hooks 30

actionadmin_noticesbootstrap.php:13

actionplugins_loadedbootstrap.php:36

actionadmin_footerbootstrap.php:58

actionplugins_loadedbootstrap.php:69

actioninitbootstrap.php:78

actionafter_setup_themebootstrap.php:87

actionadmin_print_scriptsbootstrap.php:97

actionadmin_menubootstrap.php:101

actionwp_headbootstrap.php:111

actionai1wm_exclude_content_from_exportbootstrap.php:141

filterphastpress_cdn_urlclasses\CDN.php:8

actiontemplate_redirectclasses\Compat\AdThrive.php:6

actioninitclasses\Compat\Ajax.php:23

filterwp_enqueue_scriptsclasses\Compat\BurstStatistics.php:10

filterga_google_analytics_script_atts_extclasses\Compat\GAGoogleAnalytics.php:7

filterga_google_analytics_script_attsclasses\Compat\GAGoogleAnalytics.php:11

filterwp_print_scriptsclasses\Compat\GoogleSiteKit.php:7

actionwp_headclasses\Compat\Log.php:8

filtermonsterinsights_tracking_analytics_script_attributesclasses\Compat\MonsterInsights.php:7

actioninitclasses\Compat\NextGenGallery.php:26

filterwp_print_scriptsclasses\Compat\Slimstat.php:7

filterscript_loader_tagclasses\Compat\Slimstat.php:13

actionafter_setup_themeclasses\Compat\TwentyTwentyOneDarkMode.php:10

filterwp_body_openclasses\Compat\TwentyTwentyOneDarkMode.php:45

filterscript_loader_tagfunctions\deployment.php:57

filterwp_print_scriptsfunctions\deployment.php:65

actiontemplate_redirectfunctions\deployment.php:93

actionwp_headfunctions\deployment.php:103

actionwp_footerfunctions\deployment.php:104

actionadmin_noticeslow-php-version.php:7

Maintenance & Trust

PhastPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 11, 2026

PHP min version7.3

Downloads501K

Community Trust

Rating98/100

Number of ratings99

Active installs10K

Alternatives

PhastPress Alternatives

Insights from Google PageSpeed

google-pagespeed-insights

Use Insights from Google PageSpeed to increase your sites performance, your search engine ranking, and your visitors browsing experience.

20K 2 CVEs

GTmetrix for WordPress

gtmetrix-for-wordpress

GTmetrix can help you develop a faster, more efficient, and all-around improved website experience for your users. Your users will love you for it.

9K 3 CVEs

Page Speed

page-speed

Fast and optimized pages lead to higher visitor engagement, retention, and conversions.

200 No CVEs

Speedup Optimization

speedup-optimization

100

Boost your website speed by 10x with powerful caching and image optimization! Reduce load times, optimize images, improve Core Web Vitals, and enhance …

100 No CVEs

Plugin Optimizer – Speed Up Your WordPress Like Never Before

plugin-optimizer

The Most Powerful Performance Plugin for WordPress is now available for FREE.

80 1 unpatched

Developer Profile

PhastPress Developer Profile

Albert Peschar

2 plugins · 11K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

521 days

View full developer profile

Detection Fingerprints

How We Detect PhastPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/phastpress/assets/js/phastpress-settings.js/wp-content/plugins/phastpress/assets/css/phastpress-settings.css

Script Paths

/wp-content/plugins/phastpress/assets/js/phastpress-settings.js

Version Parameters

phastpress/assets/js/phastpress-settings.js?ver=phastpress/assets/css/phastpress-settings.css?ver=

HTML / DOM Fingerprints

CSS Classes

phastpress-admin-wrap

Data Attributes

data-phast-no-defer

JS Globals

phastpress_script

FAQ