Does Swift Performance Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Swift Performance Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Swift Performance Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Swift Performance Lite 2.3.7.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Swift Performance Lite compatible with PHP 5.6+?

Swift Performance Lite requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Swift Performance Lite updated?

Swift Performance Lite was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Swift Performance Lite's security score?

Swift Performance Lite has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Swift Performance Lite Security & Risk Analysis

wordpress.org/plugins/swift-performance-lite

Swift Performance is a cache and performance booster plugin. It can speed up your site, improve SEO scores and user experience.

7K active installs v2.3.7.3 PHP 5.6+ WP 4.0+ Updated Mar 5, 2026

cachecdnoptimizerperformancespeed

A · Safe

CVEs total4

Unpatched0

Last CVEDec 5, 2024

Plugin page Download

Safety Verdict

Is Swift Performance Lite Safe to Use in 2026?

Generally Safe

Score 96/100

Swift Performance Lite has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 5, 2024Updated 29d ago

Risk Assessment

The Swift Performance Lite plugin exhibits a mixed security posture. While it demonstrates some good practices such as the absence of dangerous functions and a moderate percentage of SQL queries using prepared statements, significant concerns arise from its attack surface and taint analysis. A large number of AJAX handlers (31 out of 37) lack authentication checks, presenting a substantial entry point for attackers. Furthermore, the taint analysis reveals 16 flows with unsanitized paths, including 4 of high severity, indicating potential vulnerabilities like path traversal or insecure file operations if these flows are not adequately handled by the underlying WordPress framework.

The plugin's vulnerability history, with 4 known CVEs including one high severity and three medium severity issues, suggests a pattern of past security weaknesses. The common vulnerability types noted, such as Path Traversal, CSRF, and authorization issues, align with the concerns raised by the taint analysis and the large number of unprotected AJAX endpoints. Although there are currently no unpatched CVEs, the recurring nature of these vulnerability types warrants careful consideration. The plugin has a reasonable number of capability checks and nonces, which is positive, but these are undermined by the extensive unprotected AJAX endpoints.

In conclusion, Swift Performance Lite has areas of strength but is significantly weakened by its exposed attack surface and identified taint flows. The history of past vulnerabilities, particularly in similar categories, combined with the current code analysis, points to a need for heightened vigilance and potential improvements in input validation and authorization for its AJAX endpoints. The presence of unsanitized paths in high-severity taint flows is a particularly critical concern that requires immediate attention.

Key Concerns

Large attack surface without auth on AJAX
High severity taint flows with unsanitized paths
Medium severity taint flows with unsanitized paths
History of 1 high severity CVE (currently unpatched)
History of 3 medium severity CVEs
SQL queries not always using prepared statements (53% not prepared)
Output escaping is not consistently applied (39% not properly escaped)

Vulnerabilities

Swift Performance Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-10516high · 8.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'

Dec 5, 2024 Patched in 2.3.7.2 (2d)

CVE-2024-37511medium · 4.3Cross-Site Request Forgery (CSRF)

Swift Performance Lite <= 2.3.6.20 - Cross-Site Request Forgery

Jul 5, 2024 Patched in 2.3.6.21 (6d)

CVE-2024-3722medium · 5.4Incorrect Authorization

Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification

May 8, 2024 Patched in 2.3.6.19 (10d)

CVE-2023-6289medium · 5.3Missing Authorization

Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export

Nov 27, 2023 Patched in 2.3.6.15 (57d)

Code Analysis

Analyzed Mar 17, 2026

Swift Performance Lite Code Analysis

Dangerous Functions

Raw SQL Queries

78 prepared

Unescaped Output

350

540 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

47% prepared167 total queries

Output Escaping

61% escaped890 total outputs

Data Flows

16 unsanitized

Data Flow Analysis

20 flows16 with unsanitized paths

ajaxify (includes\classes\class.ajax.php:795)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

31 unprotected

Swift Performance Lite Attack Surface

Entry Points37

Unprotected31

AJAX Handlers 37

authwp_ajax_swift_performance_clear_cacheincludes\classes\class.ajax.php:10

authwp_ajax_swift_performance_custom_purgeincludes\classes\class.ajax.php:11

authwp_ajax_swift_performance_clear_assets_cacheincludes\classes\class.ajax.php:12

authwp_ajax_swift_performance_update_prebuild_priorityincludes\classes\class.ajax.php:13

authwp_ajax_swift_performance_prebuild_cacheincludes\classes\class.ajax.php:14

authwp_ajax_swift_performance_stop_prebuild_cacheincludes\classes\class.ajax.php:15

authwp_ajax_swift_performance_single_prebuildincludes\classes\class.ajax.php:16

authwp_ajax_swift_performance_single_clear_cacheincludes\classes\class.ajax.php:17

authwp_ajax_swift_performance_single_dynamic_clear_cacheincludes\classes\class.ajax.php:18

authwp_ajax_swift_performance_single_ajax_clear_cacheincludes\classes\class.ajax.php:19

authwp_ajax_swift_performance_remove_warmup_urlincludes\classes\class.ajax.php:20

authwp_ajax_swift_performance_add_warmup_urlincludes\classes\class.ajax.php:21

authwp_ajax_swift_performance_reset_warmupincludes\classes\class.ajax.php:22

authwp_ajax_swift_performance_show_rewritesincludes\classes\class.ajax.php:23

authwp_ajax_swift_performance_change_thread_limitincludes\classes\class.ajax.php:24

authwp_ajax_swift_performance_cache_statusincludes\classes\class.ajax.php:25

authwp_ajax_swift_performance_show_logincludes\classes\class.ajax.php:26

authwp_ajax_swift_performance_clear_logsincludes\classes\class.ajax.php:27

authwp_ajax_swift_performance_toggle_dev_modeincludes\classes\class.ajax.php:28

authwp_ajax_swift_performance_bypass_cronincludes\classes\class.ajax.php:29

authwp_ajax_swift_performance_previewincludes\classes\class.ajax.php:30

authwp_ajax_swift_performance_dismiss_pointerincludes\classes\class.ajax.php:31

authwp_ajax_swift_performance_dismiss_noticeincludes\classes\class.ajax.php:32

authwp_ajax_swift_performance_debug_apiincludes\classes\class.ajax.php:33

authwp_ajax_swift_performance_ajaxifyincludes\classes\class.ajax.php:35

noprivwp_ajax_swift_performance_ajaxifyincludes\classes\class.ajax.php:36

authwp_ajax_swift_performance_send_license_keyincludes\classes\class.ajax.php:38

authwp_ajax_swift_performance_activateincludes\classes\class.ajax.php:39

authwp_ajax_kinsta_clear_cache_allincludes\classes\class.third-party.php:164

authwp_ajax_kinsta_clear_cache_full_pageincludes\classes\class.third-party.php:170

authwp_ajax_luv_framework_save_metaincludes\luv-framework\classes\class.meta-fields.php:35

authwp_ajax_luv_framework_save_optionsincludes\luv-framework\classes\class.option-fields.php:87

authwp_ajax_luv_framework_importincludes\luv-framework\classes\class.option-fields.php:88

authwp_ajax_swift_performance_setupincludes\setup\setup.php:22

authwp_ajax_swift_performance_db_optimizermodules\db-optimizer\db-optimizer.php:10

authwp_ajax_swift_performance_image_optimizermodules\image-optimizer\image-optimizer.php:112

authwp_ajax_swift_performance_restore_original_imagemodules\image-optimizer\image-optimizer.php:113

WordPress Hooks 177

actionshutdownincludes\classes\class.autocomplete.php:19

filterluv_framework_save_meta_arrayincludes\classes\class.meta-boxes.php:27

actiontemplate_redirectincludes\classes\class.meta-boxes.php:30

filterswift_performance_enabled_hostsincludes\classes\class.third-party.php:11

filternginx_cache_purge_actionsincludes\classes\class.third-party.php:14

actionluv_framework_before_render_sectionsincludes\classes\class.third-party.php:48

filterswift_performance_option_separate-jsincludes\classes\class.third-party.php:129

filterswift_performance_option_separate-cssincludes\classes\class.third-party.php:133

actiontransition_post_statusincludes\classes\class.third-party.php:137

actionpre_post_updateincludes\classes\class.third-party.php:141

actionpost_updatedincludes\classes\class.third-party.php:142

actionwp_trash_postincludes\classes\class.third-party.php:143

actionwp_insert_commentincludes\classes\class.third-party.php:145

actionedit_commentincludes\classes\class.third-party.php:150

actiontransition_comment_statusincludes\classes\class.third-party.php:155

actionwp_update_nav_menuincludes\classes\class.third-party.php:160

actionluv_framework_validate_fieldsincludes\luv-framework\classes\class.fields.php:91

actionadmin_initincludes\luv-framework\classes\class.fields.php:94

actionadd_meta_boxesincludes\luv-framework\classes\class.meta-fields.php:33

actionsave_postincludes\luv-framework\classes\class.meta-fields.php:34

actionadmin_enqueue_scriptsincludes\luv-framework\classes\class.meta-fields.php:36

actionadmin_footerincludes\luv-framework\classes\class.meta-fields.php:42

actionadmin_enqueue_scriptsincludes\luv-framework\classes\class.meta-fields.php:43

actionadmin_footerincludes\luv-framework\classes\class.meta-fields.php:46

actionadmin_menuincludes\luv-framework\classes\class.option-fields.php:64

actioninitincludes\luv-framework\classes\class.option-fields.php:77

actionadmin_initincludes\luv-framework\classes\class.option-fields.php:86

actionadmin_enqueue_scriptsincludes\luv-framework\classes\class.option-fields.php:89

actionadmin_footerincludes\luv-framework\classes\class.option-fields.php:101

actionadmin_footerincludes\luv-framework\classes\class.option-fields.php:104

actionluv_framework_before_fields_initincludes\luv-framework\framework-config.php:225

filterluv_framework_render_field_lazyload-widgetsincludes\luv-framework\framework-config.php:267

filterluv_framework_render_field_lazyload-nav-menusincludes\luv-framework\framework-config.php:278

actionluv_framework_before_framework_headerincludes\luv-framework\framework-config.php:289

actionluv_framework_before_header_buttonsincludes\luv-framework\framework-config.php:315

actionluv_framework_before_framework_outerincludes\luv-framework\framework-config.php:324

filterluv_framework_export_arrayincludes\luv-framework\framework-config.php:343

actionluv_framework_custom_field_image-optimizer-presetincludes\luv-framework\framework-config.php:357

actionluv_framework_after_render_sectionsincludes\luv-framework\framework-config.php:367

actionluv_framework_after_render_sectionsincludes\luv-framework\framework-config.php:379

filterluv_framework_field_file_to_includeincludes\luv-framework\framework-config.php:392

actionadmin_noticesincludes\promo\promo.php:8

actionadmin_initincludes\promo\promo.php:11

actionswift_performance_timeout_testincludes\setup\setup.php:25

actionadmin_initincludes\setup\setup.php:29

actioninitmodules\asset-manager\asset-manager.php:45

filterstyle_loader_srcmodules\asset-manager\asset-manager.php:56

filterscript_loader_srcmodules\asset-manager\asset-manager.php:57

filterget_post_metadatamodules\asset-manager\asset-manager.php:58

actionwp_default_scriptsmodules\asset-manager\asset-manager.php:63

actioninitmodules\asset-manager\asset-manager.php:80

actionwp_headmodules\asset-manager\asset-manager.php:81

actionwp_headmodules\asset-manager\asset-manager.php:97

actionwp_headmodules\asset-manager\asset-manager.php:113

filterwp_lazy_loading_enabledmodules\asset-manager\asset-manager.php:121

actionwp_headmodules\asset-manager\asset-manager.php:133

actionwp_footermodules\asset-manager\asset-manager.php:140

filterwp_resource_hintsmodules\asset-manager\asset-manager.php:148

filterwp_image_editorsmodules\asset-manager\asset-manager.php:163

filterswift_performance_critical_css_filenamemodules\asset-manager\asset-manager.php:181

filterswift_performance_css_filenamemodules\asset-manager\asset-manager.php:185

filterswift_performance_js_filenamemodules\asset-manager\asset-manager.php:192

actionwp_headmodules\asset-manager\asset-manager.php:211

actionwp_headmodules\asset-manager\asset-manager.php:232

actionwp_headmodules\asset-manager\asset-manager.php:244

actionwp_headmodules\asset-manager\asset-manager.php:261

actionwp_footermodules\asset-manager\asset-manager.php:267

actionwp_print_scriptsmodules\asset-manager\asset-manager.php:295

filterswift_performance_critical_css_contentmodules\asset-manager\asset-manager.php:1446

filterswift_performance_is_cacheablemodules\cache\cache.php:47

actionwp_headmodules\cache\cache.php:48

actioninitmodules\cache\cache.php:74

actionsave_postmodules\cache\cache.php:81

actiondelete_postmodules\cache\cache.php:82

actionwp_trash_postmodules\cache\cache.php:83

actionpre_post_updatemodules\cache\cache.php:84

actiondelete_attachmentmodules\cache\cache.php:85

actionwoocommerce_product_object_updated_propsmodules\cache\cache.php:86

actionwoocommerce_product_set_stockmodules\cache\cache.php:87

actionwoocommerce_variation_set_stockmodules\cache\cache.php:88

actionfl_builder_after_save_layoutmodules\cache\cache.php:89

actionsave_postmodules\cache\cache.php:92

actiondelete_postmodules\cache\cache.php:93

actionwp_trash_postmodules\cache\cache.php:94

actiondelete_attachmentmodules\cache\cache.php:95

actionwoocommerce_product_object_updated_propsmodules\cache\cache.php:96

actionwoocommerce_product_set_stockmodules\cache\cache.php:97

actionwoocommerce_variation_set_stockmodules\cache\cache.php:98

actionfl_builder_after_save_layoutmodules\cache\cache.php:99

actionelementor/ajax/register_actionsmodules\cache\cache.php:102

actionautoptimize_action_cachepurgedmodules\cache\cache.php:107

actiontransition_post_statusmodules\cache\cache.php:110

actionwc_after_products_starting_salesmodules\cache\cache.php:126

actionwc_after_products_ending_salesmodules\cache\cache.php:127

actionactivated_pluginmodules\cache\cache.php:135

actiondeactivated_pluginmodules\cache\cache.php:145

actionupgrader_process_completemodules\cache\cache.php:155

actionwp_set_comment_statusmodules\cache\cache.php:169

actionshutdownmodules\cache\cache.php:178

actiondelete_usermodules\cache\cache.php:182

actionshutdownmodules\cache\cache.php:186

filterget_avatar_urlmodules\cache\cache.php:191

filterswift_performance_is_cacheable_dynamicmodules\cache\cache.php:198

actioninitmodules\cache\cache.php:211

actionshutdownmodules\cache\cache.php:238

actionshutdownmodules\cache\cache.php:242

actionwp_headmodules\cache\cache.php:247

filterdo_shortcode_tagmodules\cache\cache.php:252

actionget_template_partmodules\cache\cache.php:257

filterwp_nav_menumodules\cache\cache.php:262

filterrender_blockmodules\cache\cache.php:267

actioninitmodules\cache\cache.php:270

actionenqueue_block_editor_assetsmodules\cache\cache.php:279

filterwidget_display_callbackmodules\cache\cache.php:286

filterelementor/widget/render_contentmodules\cache\cache.php:291

actionelementor/element/before_section_endmodules\cache\cache.php:293

filterswift_performance_option_lazyload-shortcodemodules\cache\cache.php:314

filterwoocommerce_checkout_redirect_empty_cartmodules\cache\cache.php:322

filternonce_user_logged_outmodules\cache\cache.php:325

filterscript_loader_srcmodules\cdn\cdn-manager.php:54

filterstyle_loader_srcmodules\cdn\cdn-manager.php:55

filterswift_performance_media_hostmodules\cdn\cdn-manager.php:56

actionwp_headmodules\cdn\cdn-manager.php:57

filtercron_schedulesmodules\db-optimizer\db-optimizer.php:19

actionwp_footermodules\google-analytics\google-analytics.php:13

actioninitmodules\image-optimizer\image-optimizer.php:61

actionwp_handle_uploadmodules\image-optimizer\image-optimizer.php:64

actionswift_performance_handle_uploadmodules\image-optimizer\image-optimizer.php:65

actionimage_make_intermediate_sizemodules\image-optimizer\image-optimizer.php:66

actionswift_performance_process_optimize_image_queuemodules\image-optimizer\image-optimizer.php:69

actionswift_performance_load_imagesmodules\image-optimizer\image-optimizer.php:72

filterwp_delete_filemodules\image-optimizer\image-optimizer.php:75

actionadmin_enqueue_scriptsmodules\image-optimizer\image-optimizer.php:108

actionadmin_initmodules\plugin-organizer\plugin-organizer.php:19

filteroption_active_pluginsmodules\plugin-organizer\plugin-organizer.php:63

actionplugins_loadedperformance.php:89

filterswift_performance_is_cacheableperformance.php:186

filterluv_framework_option_nameperformance.php:187

actioninitperformance.php:193

actioninitperformance.php:210

filterluv_framework_render_optionsperformance.php:228

filterluv_framework_enqueue_assetsperformance.php:229

filterluv_framework_import_optionsperformance.php:234

actionluv_framework_importperformance.php:240

actiontemplate_redirectperformance.php:261

actionadmin_initperformance.php:279

actionadmin_enqueue_scriptsperformance.php:292

actionswift_performance_prebuild_cacheperformance.php:295

actionswift_performance_prebuild_page_cacheperformance.php:296

actionswift_performance_api_messagesperformance.php:299

actionswift_performance_collect_anonymized_dataperformance.php:302

actionswift_performance_early_loaderperformance.php:305

actionluv_framework_swift_performance_options_savedperformance.php:308

actionswift_performance_options_savedperformance.php:311

actionupgrader_process_completeperformance.php:312

filtercron_schedulesperformance.php:315

actionadmin_bar_menuperformance.php:333

actioninitperformance.php:337

actiontemplate_redirectperformance.php:359

actionadmin_noticesperformance.php:388

actioninitperformance.php:391

filterheartbeat_settingsperformance.php:408

actionswift_performance_clear_short_lifespanperformance.php:418

actionswift_performance_clear_cacheperformance.php:421

actionswift_performance_clear_expiredperformance.php:422

actionswift_performance_clear_assets_proxy_cacheperformance.php:426

filterplugin_action_linksperformance.php:429

actiontemplate_redirectperformance.php:440

actioninitperformance.php:447

actioninitperformance.php:461

actionplugins_loadedperformance.php:469

actioninitperformance.php:482

filterswift_performance_admin_noticesperformance.php:595

filterswift_performance_prebuild_headersperformance.php:1066

filterluv_framework_get_optionsperformance.php:1316

filterwp_mail_content_typeperformance.php:3145

actionplugins_loadedperformance.php:3236

Scheduled Events 17

swift_performance_prebuild_cache

swift_performance_timeout_test

swift_performance_prebuild_cache

swift_performance_prebuild_page_cache

swift_performance_process_optimize_image_queue

swift_performance_load_images

swift_performance_collect_anonymized_data

swift_performance_prebuild_cache

swift_performance_api_messages

swift_performance_clear_short_lifespan

swift_performance_clear_expired

swift_performance_clear_assets_proxy_cache

swift_performance_early_loader

Maintenance & Trust

Swift Performance Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version5.6

Downloads708K

Community Trust

Rating72/100

Number of ratings125

Active installs7K

Alternatives

Swift Performance Lite Alternatives

GoCache

gocache-cdn

Acelere seu site e reduza seus custos com cloud.

1K 1 unpatched

MariCDN by MariHost

maricdn-by-marihost

100

Supercharge your website performance with MariCDN by MariHost. Enjoy faster loading times globally through seamless CDN integration.

0 No CVEs

SmartLift Optimizer

smartlift-optimizer

100

SmartLift Optimizer is an advanced plugin to speed up your WordPress site with one-click optimization and bulk image optimization.

0 No CVEs

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

The simplest and fastest WP Cache system

1.0M 35 CVEs

W3 Total Cache

w3-total-cache

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 28 CVEs

Developer Profile

Swift Performance Lite Developer Profile

swte

1 plugin · 7K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect Swift Performance Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/swift-performance-lite/css/styles.css/wp-content/plugins/swift-performance-lite/includes/setup/css/setup.css/wp-content/plugins/swift-performance-lite/includes/setup/css/animate.css/wp-content/plugins/swift-performance-lite/includes/setup/js/setup.js

Script Paths

/wp-content/plugins/swift-performance-lite/includes/setup/js/setup.js

Version Parameters

swift-performance-lite/css/styles.css?ver=swift-performance-lite/includes/setup/css/setup.css?ver=swift-performance-lite/includes/setup/css/animate.css?ver=swift-performance-lite/includes/setup/js/setup.js?ver=

HTML / DOM Fingerprints

CSS Classes

swift-performance-setup

Data Attributes

data-nonce="swift-performance-setup"data-luv-nonce="luv-framework-fields-ajax"

JS Globals

swift_performance

FAQ

Swift Performance Lite Security & Risk Analysis

Is Swift Performance Lite Safe to Use in 2026?

Generally Safe

Key Concerns

Swift Performance Lite Security Vulnerabilities

CVEs by Year

Severity Breakdown

Swift Performance Lite Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Swift Performance Lite Attack Surface

AJAX Handlers 37

Scheduled Events 17

Swift Performance Lite Maintenance & Trust

Maintenance Signals

Community Trust

Swift Performance Lite Alternatives

GoCache

MariCDN by MariHost

SmartLift Optimizer

WP Fastest Cache – WordPress Cache Plugin

W3 Total Cache

Swift Performance Lite Developer Profile

How We Detect Swift Performance Lite

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Swift Performance Lite