WP-Safety

Simple Cache Security & Risk Analysis

wordpress.org/plugins/simple-cache

A very simple plugin to make your site run lightning fast with caching.

1K active installs v2.0.0 PHP + WP 3.9+ Updated May 4, 2021
cachememcacheobject-cacheobject-cachingpage-cache
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Cache Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Cache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "simple-cache" plugin v2.0.0 exhibits a generally good security posture, with no recorded CVEs or known vulnerabilities, suggesting a history of stable and secure development. The static analysis reveals no direct attack vectors through AJAX, REST API, or shortcodes. The plugin also demonstrates strong practices in database interaction, with 100% of SQL queries utilizing prepared statements. Furthermore, a high percentage (87%) of output is properly escaped, and robust nonce and capability checks are implemented, indicating an effort to secure entry points. However, the presence of two "dangerous functions" (`create_function` and `unserialize`) raises a red flag. While not explicitly linked to a vulnerability in this analysis, `unserialize` can be a significant risk if used with untrusted data, potentially leading to remote code execution. The taint analysis showing "flows with unsanitized paths" is concerning, even if no critical or high severity issues were identified, as it suggests potential pathways for malicious input to be processed without adequate sanitization. The plugin's file operations and external HTTP requests are not immediately concerning given the lack of associated risks, but the `unserialize` function warrants careful consideration in conjunction with any data it processes.

Key Concerns

  • Dangerous function: unserialize used
  • Dangerous function: create_function used
  • Taint flow with unsanitized path
Vulnerabilities
None known

Simple Cache Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Simple Cache Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
8
52 escaped
Nonce Checks
2
Capability Checks
5
File Operations
26
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_function$fun = create_function( '', $function );inc\dropins\batcache.php:309
unserialize$value = unserialize( $value );inc\dropins\redis-object-cache.php:604

Output Escaping

87% escaped60 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
sc_serve_file_cache (inc\pre-wp-functions.php:152)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Simple Cache Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 20
actionpre_post_updateinc\class-sc-advanced-cache.php:21
actionsave_postinc\class-sc-advanced-cache.php:22
actionwp_trash_postinc\class-sc-advanced-cache.php:23
actionwp_set_comment_statusinc\class-sc-advanced-cache.php:24
actionset_comment_cookiesinc\class-sc-advanced-cache.php:25
actionsc_purge_cacheinc\class-sc-cron.php:22
actioninitinc\class-sc-cron.php:23
filtercron_schedulesinc\class-sc-cron.php:24
actionnetwork_admin_noticesinc\class-sc-notices.php:22
actionnetwork_admin_noticesinc\class-sc-notices.php:23
actionadmin_noticesinc\class-sc-notices.php:25
actionadmin_noticesinc\class-sc-notices.php:26
actionadmin_enqueue_scriptsinc\class-sc-settings.php:21
actionload-settings_page_simple-cacheinc\class-sc-settings.php:23
actionload-settings_page_simple-cacheinc\class-sc-settings.php:24
actionnetwork_admin_menuinc\class-sc-settings.php:27
actionadmin_menuinc\class-sc-settings.php:29
actionadmin_bar_menuinc\class-sc-settings.php:30
actionplugins_loadedsimple-cache.php:52
filterplugin_action_linkssimple-cache.php:74

Scheduled Events 1

sc_purge_cache
Maintenance & Trust

Simple Cache Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedMay 4, 2021
PHP min version
Downloads129K

Community Trust

Rating84/100
Number of ratings57
Active installs1K
Alternatives

Simple Cache Alternatives

Object Cache 4 everyone

Object Cache 4 everyone

object-cache-4-everyone

A
85

Memcached or disk backend support for the WP Object Cache. Memcached server running and PHP Memcached class needed for better performance.

5K No CVEs
atec Cache APCu

atec Cache APCu

atec-cache-apcu

A
100

Super fast APCu-based Object Cache and the only APCu-powered Page Cache plugin for WordPress.

1K No CVEs
atec Cache Info

atec Cache Info

atec-cache-info

A
100

Show system cache status and statistics for OPcache, JIT, Object Cache, APCu, Redis, Memcached, and SQLite Cache.

1K No CVEs
Memcached Redux

Memcached Redux

memcached-redux

A
85

Uses the Memcached class (not the Memcache class) to implement WP Object Cache

100 No CVEs
SnapCache

SnapCache

snapcache

A
100

A high-performance persistent object cache powered by Memcached.

40 No CVEs
Developer Profile

Simple Cache Developer Profile

Taylor Lovett

9 plugins · 8K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
3845 days
View full developer profile
Detection Fingerprints

How We Detect Simple Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-cache/dist/css/settings-styles.css/wp-content/plugins/simple-cache/dist/js/settings.js
Script Paths
/wp-content/plugins/simple-cache/dist/js/settings.js
Version Parameters
simple-cache/dist/css/settings-styles.css?ver=simple-cache/dist/js/settings.js?ver=

HTML / DOM Fingerprints

JS Globals
SC_VERSION
FAQ

Frequently Asked Questions about Simple Cache