WP-Safety

Speed Optimizer – The All-In-One Performance-Boosting Plugin Security & Risk Analysis

wordpress.org/plugins/sg-cachepress

Boost your website performance and page speed, and increase conversions with powerful caching, frontend, media, and environment optimizations.

1.0M active installs v7.7.7 PHP 7.0+ WP 4.7+ Updated Feb 16, 2026
cachingnginxperformancesitegroundspeed
96
A · Safe
CVEs total2
Unpatched0
Last CVEApr 15, 2024
Plugin page Download
Safety Verdict

Is Speed Optimizer – The All-In-One Performance-Boosting Plugin Safe to Use in 2026?

Generally Safe

Score 96/100

Speed Optimizer – The All-In-One Performance-Boosting Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 15, 2024Updated 1mo ago
Risk Assessment

The sg-cachepress plugin v7.7.7 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in SQL query preparation (96%) and output escaping (99%), which are crucial for preventing common web vulnerabilities. The absence of bundled libraries and a relatively low number of file operations and external HTTP requests are also good signs. However, significant concerns arise from the extensive attack surface exposed through AJAX handlers, with all 7 handlers lacking authentication checks. Furthermore, the taint analysis reveals 3 flows with unsanitized paths, including 2 of critical severity, indicating potential for privilege escalation or arbitrary code execution if these paths are reachable by an attacker. The vulnerability history shows a past critical vulnerability, underscoring the need for vigilance, especially since the last known vulnerability was recent. While the current version is unpatched, the historical trend of 'Missing Authorization' vulnerabilities, coupled with the current lack of authorization on AJAX handlers, is a major red flag.

Key Concerns

  • All AJAX handlers lack authentication checks
  • 2 critical severity taint flows with unsanitized paths
  • 3 flows with unsanitized paths
  • 1 critical CVE in vulnerability history (even if patched)
  • Common vulnerability type: Missing Authorization
Vulnerabilities
2

Speed Optimizer – The All-In-One Performance-Boosting Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2024-32532medium · 5.3Missing Authorization

Speed Optimizer <= 7.4.6 - Missing Authorization via purge_on_other_events()

Apr 15, 2024 Patched in 7.5.0 (9d)
CVE-2019-25217critical · 9.8Missing Authorization

SiteGround Optimizer <= 5.0.12 - Missing Authorization

Mar 14, 2019 Patched in 5.0.13 (2043d)
Code Analysis
Analyzed Mar 16, 2026

Speed Optimizer – The All-In-One Performance-Boosting Plugin Code Analysis

Dangerous Functions
5
Raw SQL Queries
1
23 prepared
Unescaped Output
3
336 escaped
Nonce Checks
1
Capability Checks
8
File Operations
21
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

execexec(core\Images_Optimizer\Images_Optimizer.php:317
execexec( "find $basedir -regextype posix-extended -type f -regex '.*bak.(png|jpg|jpeg|gif)$' -exec renacore\Images_Optimizer\Images_Optimizer.php:419
execexec(core\Images_Optimizer\Images_Optimizer_Webp.php:176
execexec(core\Minifier\Minifier.php:257
execexec(core\Ssl\Ssl.php:229

SQL Query Safety

96% prepared24 total queries

Output Escaping

99% escaped339 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
initialize (core\Images_Optimizer\Abstract_Images_Optimizer.php:41)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Speed Optimizer – The All-In-One Performance-Boosting Plugin Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_admin_bar_purge_cachecore\Loader\Loader.php:289
authwp_ajax_dismiss_memcache_noticecore\Loader\Loader.php:325
authwp_ajax_dismiss_blocking_plugins_noticecore\Loader\Loader.php:327
authwp_ajax_dismiss_cache_plugins_noticecore\Loader\Loader.php:329
authwp_ajax_siteground_optimizer_start_image_optimizationcore\Loader\Loader.php:579
noprivwp_ajax_siteground_optimizer_start_image_optimizationcore\Loader\Loader.php:580
authwp_ajax_siteground_optimizer_start_webp_conversioncore\Loader\Loader.php:602
WordPress Hooks 89
actionadmin_menucore\Loader\Loader.php:129
actionadmin_initcore\Loader\Loader.php:131
filterallowed_optionscore\Loader\Loader.php:133
actionrest_api_initcore\Loader\Loader.php:136
actionadmin_initcore\Loader\Loader.php:155
actionwp_logincore\Loader\Loader.php:159
actionsiteground_data_collector_croncore\Loader\Loader.php:163
actionsiteground_data_collector_croncore\Loader\Loader.php:165
actioncron_schedulescore\Loader\Loader.php:167
actionplugins_loadedcore\Loader\Loader.php:245
actioninitcore\Loader\Loader.php:247
filtersite_status_testscore\Loader\Loader.php:249
actionafter_setup_themecore\Loader\Loader.php:259
actionupgrader_process_completecore\Loader\Loader.php:261
actionupgrader_process_completecore\Loader\Loader.php:271
actioninitcore\Loader\Loader.php:275
actionadmin_bar_menucore\Loader\Loader.php:287
actionnetwork_admin_menucore\Loader\Loader.php:304
actionadmin_enqueue_scriptscore\Loader\Loader.php:308
actionadmin_enqueue_scriptscore\Loader\Loader.php:310
actionadmin_print_stylescore\Loader\Loader.php:312
actionadmin_initcore\Loader\Loader.php:314
filteradmin_footer_textcore\Loader\Loader.php:315
actionadmin_menucore\Loader\Loader.php:319
filtercustom_menu_ordercore\Loader\Loader.php:322
filtermenu_ordercore\Loader\Loader.php:323
actionadmin_noticescore\Loader\Loader.php:340
actionadmin_noticescore\Loader\Loader.php:342
actionnetwork_admin_noticescore\Loader\Loader.php:343
actionnetwork_admin_noticescore\Loader\Loader.php:345
actionplugins_loadedcore\Loader\Loader.php:349
actionrest_api_initcore\Loader\Loader.php:360
actionload-toplevel_page_sg-cachepresscore\Loader\Loader.php:376
actionadmin_initcore\Loader\Loader.php:380
filterpre_cache_alloptionscore\Loader\Loader.php:383
actionsiteground_optimizer_check_assets_dircore\Loader\Loader.php:393
actionupdate_option_siteground_optimizer_combine_csscore\Loader\Loader.php:394
filterstyle_loader_srccore\Loader\Loader.php:419
filterscript_loader_srccore\Loader\Loader.php:420
actionwp_print_scriptscore\Loader\Loader.php:426
filterscript_loader_tagcore\Loader\Loader.php:429
filteroption_use_smiliescore\Loader\Loader.php:450
filtertiny_mce_pluginscore\Loader\Loader.php:451
filterwp_resource_hintscore\Loader\Loader.php:452
filterwp_lazy_loading_enabledcore\Loader\Loader.php:479
actionwp_enqueue_scriptscore\Loader\Loader.php:500
actionwp_print_scriptscore\Loader\Loader.php:511
actionwp_print_footer_scriptscore\Loader\Loader.php:518
actionwp_print_footer_scriptscore\Loader\Loader.php:520
actionwp_print_stylescore\Loader\Loader.php:526
actionwp_print_footer_scriptscore\Loader\Loader.php:527
actioninitcore\Loader\Loader.php:554
actionshutdowncore\Loader\Loader.php:555
filterbig_image_size_thresholdcore\Loader\Loader.php:571
actionsiteground_optimizer_start_image_optimization_croncore\Loader\Loader.php:581
actiondelete_attachmentcore\Loader\Loader.php:585
actionwp_generate_attachment_metadatacore\Loader\Loader.php:586
actionwp_generate_attachment_metadatacore\Loader\Loader.php:588
actionedit_attachmentcore\Loader\Loader.php:591
filterattachment_fields_to_editcore\Loader\Loader.php:592
actionsiteground_optimizer_start_webp_conversion_croncore\Loader\Loader.php:603
actiondelete_attachmentcore\Loader\Loader.php:607
actionedit_attachmentcore\Loader\Loader.php:608
actionwp_generate_attachment_metadatacore\Loader\Loader.php:609
actionwp_generate_attachment_metadatacore\Loader\Loader.php:611
actioninitcore\Loader\Loader.php:623
actionadmin_enqueue_scriptscore\Loader\Loader.php:637
actionwp_enqueue_scriptscore\Loader\Loader.php:638
filterheartbeat_settingscore\Loader\Loader.php:639
actionsiteground_optimizer_database_optimization_croncore\Loader\Loader.php:649
actionsiteground_optimizer_purge_cron_cachecore\Loader\Loader.php:660
actionpll_save_postcore\Loader\Loader.php:672
actioncustomize_save_aftercore\Loader\Loader.php:673
filterrest_post_dispatchcore\Loader\Loader.php:683
actionwp_headerscore\Loader\Loader.php:685
actioncron_schedulescore\Loader\Loader.php:698
actionsiteground_optimizer_cache_preheatcore\Loader\Loader.php:699
actionsiteground_optimizer_clear_cache_dircore\Loader\Loader.php:700
actionwp_logincore\Loader\Loader.php:703
actionupdate_option_siteurlcore\Loader\Loader.php:754
actionwp_logincore\Loader\Loader.php:757
actionsgo_campaign_croncore\Loader\Loader.php:783
actionsgo_campaign_croncore\Loader\Loader.php:786
actionsgo_campaign_croncore\Loader\Loader.php:789
actionupdated_optioncore\Loader\Loader.php:803
actionadded_optioncore\Loader\Loader.php:804
filtercron_schedulescore\Loader\Loader.php:824
actionupdate_option_admin_emailcore\Loader\Loader.php:836
actionsiteground_optimizer_performance_report_croncore\Loader\Loader.php:839

Scheduled Events 9

siteground_optimizer_database_optimization_cron
siteground_optimizer_database_optimization_cron
siteground_optimizer_cache_preheat
siteground_optimizer_cache_preheat
siteground_optimizer_clear_cache_dir
siteground_optimizer_purge_cron_cache
siteground_optimizer_clear_cache_dir
siteground_optimizer_check_assets_dir
siteground_optimizer_database_optimization_cron
Maintenance & Trust

Speed Optimizer – The All-In-One Performance-Boosting Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 16, 2026
PHP min version7.0
Downloads95.4M

Community Trust

Rating84/100
Number of ratings628
Active installs1.0M
Alternatives

Speed Optimizer – The All-In-One Performance-Boosting Plugin Alternatives

LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

B
82

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
W3 Total Cache

W3 Total Cache

w3-total-cache

B
75

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 28 CVEs
Super Page Cache

Super Page Cache

wp-cloudflare-page-cache

A
96

Boost PageSpeed, SEO, and Core Web Vitals with full page caching, JS/CSS optimization, media optimization, and Cloudflare CDN.

50K 2 CVEs
WP Meteor Website Speed Optimization Addon

WP Meteor Website Speed Optimization Addon

wp-meteor

A
98

2x-5x improvement in your Page Speed score. A completely new way of optimizing your page speed.

20K 3 CVEs
Cachify

Cachify

cachify

A
100

Smart, efficient cache solution for WordPress. Use DB, HDD, Redis or Memcached for storing your blog pages. Make WordPress faster!

10K No CVEs
Developer Profile

Speed Optimizer – The All-In-One Performance-Boosting Plugin Developer Profile

SiteGround

4 plugins · 2.1M total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
483 days
View full developer profile
Detection Fingerprints

How We Detect Speed Optimizer – The All-In-One Performance-Boosting Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sg-cachepress/assets/css/main.min.css/wp-content/plugins/sg-cachepress/assets/js/admin.js/wp-content/plugins/sg-cachepress/assets/js/main.min.js/wp-content/plugins/sg-cachepress/assets/js/optimizer.bundle.js
Script Paths
/assets/js/admin.js/assets/js/main.min.js/assets/js/optimizer.bundle.js
Version Parameters
sg-cachepress/assets/css/main.min.css?ver=sg-cachepress/assets/js/admin.js?ver=sg-cachepress/assets/js/main.min.js?ver=sg-cachepress/assets/js/optimizer.bundle.js?ver=

HTML / DOM Fingerprints

CSS Classes
sgo-pagesgo-notice-text
HTML Comments
SG Optimizer Admin PageSpeed Optimizer by SiteGround has detected that Memcached was turned off.
Data Attributes
data-sgo-noncedata-sgo-nonce-save
JS Globals
siteground_optimizer_dashboard_params
REST Endpoints
/wp-json/sg-cachepress/
FAQ

Frequently Asked Questions about Speed Optimizer – The All-In-One Performance-Boosting Plugin