WP-Safety

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Security & Risk Analysis

wordpress.org/plugins/rabbit-loader

All-in-one AI speed optimization plugin for WordPress & WooCommerce websites. Get faster loading pages and near-perfect PageSpeed scores — in just …

3K active installs v2.24.5 PHP 5.6+ WP 5.0+ Updated Jan 29, 2026
cachingcdncore-web-vitalspagespeedperformance
99
A · Safe
CVEs total2
Unpatched0
Last CVEOct 1, 2024
Plugin page Download
Safety Verdict

Is RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 1, 2024Updated 2mo ago
Risk Assessment

The rabbit-loader plugin v2.24.5 exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers. The static analysis reveals 5 AJAX handlers, all of which lack proper authentication checks, creating a substantial attack surface. While the plugin avoids dangerous functions and uses prepared statements for SQL queries, the lack of authorization on key entry points is a critical weakness. Furthermore, only 37% of output is properly escaped, which, combined with unprotected AJAX endpoints, strongly suggests a risk of Cross-Site Scripting (XSS) vulnerabilities.

The vulnerability history shows 2 known medium-severity CVEs, both related to XSS and missing authorization. The fact that there are no currently unpatched vulnerabilities is a positive sign, suggesting the developers address reported issues. However, the recurring pattern of missing authorization and XSS vulnerabilities, coupled with the current code analysis findings, indicates a persistent oversight in secure coding practices. While the plugin shows some strengths like avoiding raw SQL and dangerous functions, the unprotected entry points and output escaping issues present a clear and present danger to WordPress sites using this plugin.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
  • Missing authorization on AJAX
  • Medium severity vulnerabilities historically
Vulnerabilities
2

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-8800medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

Oct 1, 2024 Patched in 2.21.1 (1d)
CVE-2024-21751medium · 5.4Missing Authorization

RabbitLoader <= 2.19.13 - Missing Authorization via multiple AJAX actions

Jan 8, 2024 Patched in 2.19.14 (15d)
Code Analysis
Analyzed Mar 16, 2026

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
65
38 escaped
Nonce Checks
1
Capability Checks
4
File Operations
37
External Requests
13
Bundled Libraries
0

Output Escaping

37% escaped103 total outputs
Attack Surface
5 unprotected

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_rabbitloader_ajax_purgeinc\admin.php:59
noprivwp_ajax_rabbitloader_ajax_purgeinc\admin.php:60
authwp_ajax_rabbitloader_mode_changeinc\admin.php:62
authwp_ajax_rabbitloader_ajax_croninc\admin.php:90
authwp_ajax_rabbitloader_warmup_urlsinc\admin.php:94
WordPress Hooks 44
actionadmin_noticesinc\admin.php:17
actionadmin_initinc\admin.php:18
actionnetwork_admin_noticesinc\admin.php:19
actionadmin_menuinc\admin.php:20
actionadmin_enqueue_scriptsinc\admin.php:21
actionrl_site_connectedinc\admin.php:107
actionplugins_loadedinc\admin.php:110
actionwp_print_scriptsinc\admin.php:113
actionadmin_headinc\admin.php:137
actionadmin_headinc\admin.php:145
actionadmin_enqueue_scriptsinc\ad_ad.php:10
actioninitinc\public.php:22
actionshutdowninc\public.php:23
filterwp_redirectinc\public.php:24
filterredirect_canonicalinc\public.php:25
filterpre_handle_404inc\public.php:26
filterpaginate_linksinc\public.php:27
filternonce_lifeinc\public.php:28
actionkirki_output_inline_stylesinc\public.php:34
actionadmin_bar_menuinc\public.php:45
actionwp_enqueue_scriptsinc\public.php:46
filterscript_loader_taginc\pub_cdn.php:32
filterscript_loader_srcinc\pub_cdn.php:33
filterstyle_loader_srcinc\pub_cdn.php:34
filterwp_get_attachment_urlinc\pub_cdn.php:35
filterwp_calculate_image_srcsetinc\pub_cdn.php:36
actionwp_headinc\rl_can_url.php:15
actiontemplate_redirectinc\util_wp.php:14
actionsave_postrabbit-loader.php:20
actionwp_insert_postrabbit-loader.php:27
actiondraft_to_publishrabbit-loader.php:30
actionpending_to_publishrabbit-loader.php:35
actiontransition_post_statusrabbit-loader.php:40
actiontransition_comment_statusrabbit-loader.php:47
actioncomment_postrabbit-loader.php:50
actionswitch_themerabbit-loader.php:57
actionwoocommerce_updated_product_stockrabbit-loader.php:61
actionwoocommerce_updated_product_pricerabbit-loader.php:64
actionwoocommerce_rest_insert_productrabbit-loader.php:67
actionwoocommerce_rest_insert_product_objectrabbit-loader.php:70
actionwoocommerce_product_object_updated_propsrabbit-loader.php:73
actionadmin_enqueue_scriptsrabbit-loader.php:85
actionadmin_initrabbit-loader.php:93
filterplugin_action_links_rabbit-loader/rabbit-loader.phprabbit-loader.php:121
Maintenance & Trust

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 29, 2026
PHP min version5.6
Downloads235K

Community Trust

Rating92/100
Number of ratings65
Active installs3K
Alternatives

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Alternatives

W3 Total Cache

W3 Total Cache

w3-total-cache

B
75

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 28 CVEs
DigitalDive Edge Cache for Cloudflare

DigitalDive Edge Cache for Cloudflare

digitaldive-edge-cache-cloudflare

A
100

Conservative Cloudflare full-page edge caching for WordPress with safe defaults.

0 No CVEs
LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

B
82

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
Developer Profile

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce Developer Profile

RabbitLoader

1 plugin · 3K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rabbit-loader/admin/css/index.css
Script Paths
/wp-content/plugins/rabbit-loader/admin/js/index.js
Version Parameters
rabbit-loader/admin/js/index.js?ver=rabbit-loader/admin/css/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
rabbitloader-container
HTML Comments
<!-- RabbitLoader -->
Data Attributes
data-rl-id
JS Globals
RLAdmin
FAQ

Frequently Asked Questions about RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce