WP-Safety

Serve Static – Automatic WordPress Static Page generator Security & Risk Analysis

wordpress.org/plugins/serve_static

Serve Static is a static HTML page generator WordPress plugin to create and serve static copies of your existing web pages to avoid PHP/DB load.

100 active installs v2.4 PHP 7.4+ WP 5.0+ Updated Feb 8, 2025
cachecachingperformanceserve-staticwp-cache
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Serve Static – Automatic WordPress Static Page generator Safe to Use in 2026?

Generally Safe

Score 92/100

Serve Static – Automatic WordPress Static Page generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "serve_static" v2.4 plugin demonstrates a generally strong security posture with several positive indicators. The plugin exhibits good practices by having no unprotected AJAX handlers, REST API routes, shortcodes, or cron events, and a high percentage of properly escaped outputs. The absence of dangerous functions and a strong adherence to using prepared statements for SQL queries further contribute to its security. The vulnerability history being completely clean is a significant strength, suggesting a mature and well-maintained codebase.

However, the static analysis does reveal a couple of potential areas for concern. Specifically, there are two identified flows with unsanitized paths in the taint analysis. While these did not result in critical or high severity vulnerabilities, unsanitized paths can be a gateway to directory traversal or other file-related exploits if not handled carefully. Additionally, the plugin performs file operations and external HTTP requests, which inherently carry some risk, although the analysis doesn't provide details on how these are secured.

In conclusion, "serve_static" v2.4 appears to be a relatively secure plugin. Its robust authentication checks on entry points and excellent output escaping are commendable. The primary area requiring attention is the two identified unsanitized path flows, which, despite not currently manifesting as critical vulnerabilities, warrant investigation and remediation to maintain the plugin's strong security profile.

Key Concerns

  • Flows with unsanitized paths found
  • Only 1 capability check found
  • Bundled library Freemius v1.0 may be outdated
Vulnerabilities
None known

Serve Static – Automatic WordPress Static Page generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Serve Static – Automatic WordPress Static Page generator Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
3 prepared
Unescaped Output
2
105 escaped
Nonce Checks
8
Capability Checks
1
File Operations
3
External Requests
4
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

60% prepared5 total queries

Output Escaping

98% escaped107 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
SettingsSave (class\Activate.php:490)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Serve Static – Automatic WordPress Static Page generator Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_get_urlsclass\WarmUpAjax.php:175
authwp_ajax_send_single_requestclass\WarmUpAjax.php:176
authwp_ajax_update_failed_requests_countclass\WarmUpAjax.php:177
WordPress Hooks 53
actionadmin_menuadmin\Admin.php:170
actionadmin_menuadmin\Warmer.php:107
actionin_admin_headeradmin\Warmer.php:108
actionadmin_noticesclass\Activate.php:630
actionadmin_noticesclass\Activate.php:665
actionadmin_menuclass\Activate.php:714
actionadmin_initclass\Activate.php:715
actionadmin_bar_menuclass\Activate.php:716
actionadmin_noticesclass\Activate.php:717
actionserve_static_cache_cron_eventclass\Cron.php:63
actionadmin_initclass\Migrate.php:40
actionadmin_initclass\Migrate.php:41
actioninitclass\Migrate.php:98
actionadmin_noticesclass\Server.php:258
actionadmin_noticesclass\Server.php:289
actionadmin_initclass\Server.php:290
actionadmin_noticesclass\Server.php:292
actionadmin_initclass\Server.php:293
actionadmin_noticesclass\Server.php:295
actionadmin_initclass\Server.php:296
actionadmin_noticesclass\Server.php:298
actionadmin_initclass\Server.php:299
actionadmin_initclass\Server.php:302
actionadmin_noticesclass\Server.php:304
actionadmin_initclass\Server.php:305
actionadmin_initclass\Server.php:309
actionadmin_initclass\Server.php:310
actioninitclass\StaticServe.php:604
actiontemplate_redirectclass\StaticServe.php:612
actiontemplate_redirectclass\StaticServe.php:614
actiontemplate_redirectclass\StaticServe.php:617
actiontemplate_redirectclass\StaticServe.php:621
actionsave_postclass\Triggers.php:220
actionrate_postclass\Triggers.php:225
actionrmp_after_voteclass\Triggers.php:229
actionkksr_rateclass\Triggers.php:233
actionwp_set_comment_statusclass\Triggers.php:237
actioncomment_postclass\Triggers.php:241
actionactivated_pluginclass\Triggers.php:243
actiondeactivated_pluginclass\Triggers.php:244
actionswitch_themeclass\Triggers.php:245
actionadmin_noticesclass\Triggers.php:249
actionadmin_initclass\Triggers.php:250
actionadmin_noticesclass\Triggers.php:255
actionadmin_initclass\Triggers.php:256
actioncustom_warmup_cache_cronclass\WarmUp.php:295
actionwarm_up_cache_request_triggersclass\WarmUp.php:296
actionwarm_up_cache_requestclass\WarmUp.php:299
actionadmin_initclass\WarmUp.php:304
actionadmin_enqueue_scriptsclass\WarmUpAjax.php:173
actionadmin_enqueue_scriptsclass\WarmUpAjax.php:174
actionafter_uninstallserve-static.php:87
actionactivated_pluginserve-static.php:124

Scheduled Events 4

serve_static_cache_cron_event
custom_warmup_cache_cron
warm_up_cache_request
warm_up_cache_request_triggers
Maintenance & Trust

Serve Static – Automatic WordPress Static Page generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 8, 2025
PHP min version7.4
Downloads5K

Community Trust

Rating90/100
Number of ratings10
Active installs100
Alternatives

Serve Static – Automatic WordPress Static Page generator Alternatives

WP Super Cache

WP Super Cache

wp-super-cache

A
95

A very fast caching engine for WordPress that produces static html files.

1.0M 12 CVEs
Breeze Cache

Breeze Cache

breeze

A
95

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K 8 CVEs
DB Cache Reloaded Fix

DB Cache Reloaded Fix

db-cache-reloaded-fix

A
85

The fastest cache engine for WordPress, that produces cache of database queries with easy configuration. Compatible with WordPress 3.4

2K No CVEs
WP Nav Menu Cache

WP Nav Menu Cache

wp-nav-menu-cache

A
85

Create cache for dynamically generated navigation menu HTML and serve from a static file. It reduces some MySQL queries and increases page speed.

100 No CVEs
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

A
97

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 3 CVEs
Developer Profile

Serve Static – Automatic WordPress Static Page generator Developer Profile

Rajin Sharwar

7 plugins · 340 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Serve Static – Automatic WordPress Static Page generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/serve_static/assets/js/ajax-script.js/wp-content/plugins/serve_static/assets/css/ajax-style.css

HTML / DOM Fingerprints

HTML Comments
<!-- BEGIN Serve Static Cache --><!-- END Serve Static Cache -->
Data Attributes
data-fs-id="15144"
JS Globals
ajax_object
FAQ

Frequently Asked Questions about Serve Static – Automatic WordPress Static Page generator