Does Redis Object Cache have any unpatched vulnerabilities?

No. All known vulnerabilities in Redis Object Cache have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Redis Object Cache compatible with WordPress 6.9.4?

According to WordPress.org data, Redis Object Cache 2.7.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Redis Object Cache compatible with PHP 7.2+?

Redis Object Cache requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Redis Object Cache updated?

Redis Object Cache was last updated on Jan 29, 2026. Frequent updates are generally a positive security signal.

What is Redis Object Cache's security score?

Redis Object Cache has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Redis Object Cache Security & Risk Analysis

wordpress.org/plugins/redis-cache

A persistent object cache backend powered by Redis®¹. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.

300K active installs v2.7.0 PHP 7.2+ WP 4.6+ Updated Jan 29, 2026

cachingobject-cacheperformanceredisrelay

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Redis Object Cache Safe to Use in 2026?

Generally Safe

Score 100/100

Redis Object Cache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "redis-cache" plugin version 2.7.0 demonstrates a generally strong security posture, with excellent adherence to best practices in several key areas. Notably, there are no known CVEs associated with this plugin, and it exhibits a perfect record of using prepared statements for all SQL queries. The plugin also performs well in output escaping, with 93% of outputs being properly sanitized, and it incorporates nonce checks and capability checks where expected. The absence of any taint analysis findings further contributes to a positive security assessment.

However, the presence of two instances of the `unserialize` function represents a potential security concern. While the static analysis did not reveal any exploitable flows, `unserialize` is inherently risky as it can lead to object injection vulnerabilities if the serialized data originates from an untrusted source and is not adequately validated or sanitized. The static analysis reports no unprotected entry points, which is a significant strength, but the inherent risk associated with `unserialize` warrants caution. Overall, the plugin is well-secured with no immediate critical vulnerabilities detected, but the use of `unserialize` should be carefully reviewed for potential mitigation strategies or enhanced validation.

Key Concerns

Dangerous function: unserialize used

Vulnerabilities

None known

Redis Object Cache Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Redis Object Cache Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

109 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$metrics[] = unserialize( $serialized );includes\class-metrics.php:201

unserialize$value = @unserialize( $original );includes\object-cache.php:2789

Output Escaping

93% escaped117 total outputs

Attack Surface

Redis Object Cache Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_roc_dismiss_noticeincludes\class-plugin.php:112

authwp_ajax_roc_flush_cacheincludes\class-plugin.php:113

WordPress Hooks 30

actionshutdownincludes\class-metrics.php:85

actionrediscache_discard_metricsincludes\class-metrics.php:86

actiondeactivate_pluginincludes\class-plugin.php:91

actionadmin_initincludes\class-plugin.php:92

actionadmin_initincludes\class-plugin.php:93

actioninitincludes\class-plugin.php:94

actionadmin_noticesincludes\class-plugin.php:98

actionnetwork_admin_noticesincludes\class-plugin.php:99

actionadmin_enqueue_scriptsincludes\class-plugin.php:101

actionadmin_enqueue_scriptsincludes\class-plugin.php:102

actionadmin_enqueue_scriptsincludes\class-plugin.php:103

actionadmin_bar_menuincludes\class-plugin.php:105

actionload-settings_page_redis-cacheincludes\class-plugin.php:107

actionwp_dashboard_setupincludes\class-plugin.php:109

actionwp_network_dashboard_setupincludes\class-plugin.php:110

filtergettext_redis-cacheincludes\class-plugin.php:115

filterplugin_row_metaincludes\class-plugin.php:117

actionwp_headincludes\class-plugin.php:120

filterqm/collectorsincludes\class-plugin.php:122

filterqm/outputter/htmlincludes\class-plugin.php:123

filterperflab_disable_object_cache_dropinincludes\class-plugin.php:125

filterw3tc_config_item_objectcache.enabledincludes\class-plugin.php:126

actionlitespeed_initincludes\class-plugin.php:127

actionshutdownincludes\class-plugin.php:1203

actionshutdownincludes\class-plugin.php:1445

filterqm/output/menusincludes\class-qm-output.php:27

filterqm/output/panel_menusincludes\class-qm-output.php:28

filterpre_determine_localeincludes\object-cache.php:2952

filterpre_get_language_files_from_pathincludes\object-cache.php:2956

actionplugins_loadedredis-cache.php:42

Scheduled Events 1

rediscache_discard_metrics

Maintenance & Trust

Redis Object Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version7.2

Downloads15.9M

Community Trust

Rating88/100

Number of ratings172

Active installs300K

Alternatives

Redis Object Cache Alternatives

Redis Page Cache

pj-page-cache-red

100

A Redis-backed full page caching plugin for WordPress, extremely flexible and fast.

100 No CVEs

QuantumCache

quantumcache

100

Speeds up WordPress by caching database queries and fragments for anonymous visitors using Redis or MySQL, without storing cache data in wp_options.

0 No CVEs

WPS-Cache

wps-cache

Boost your WordPress speed with multi-layer caching: HTML, Redis, and Varnish for fast performance.

0 No CVEs

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

Speed Optimizer – The All-In-One Performance-Boosting Plugin

sg-cachepress

Boost your website performance and page speed, and increase conversions with powerful caching, frontend, media, and environment optimizations.

1.0M 2 CVEs

Developer Profile

Redis Object Cache Developer Profile

Till Krüss

5 plugins · 411K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

33 days

View full developer profile

Detection Fingerprints

How We Detect Redis Object Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

FAQ