WP-Safety

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Security & Risk Analysis

wordpress.org/plugins/tenweb-speed-optimizer

Speed up your site with 10Web Booster. Pass Core Web Vitals by optimizing HTML / CSS / JavaScript, Image Optimization, Lazy Loading, Cache, Google Fon …

90K active installs v2.32.11 PHP 7.4+ WP 5.0+ Updated Nov 25, 2025
cacheoptimizepagespeedperformancespeed
86
A · Safe
CVEs total5
Unpatched0
Last CVEDec 5, 2025
Plugin page Download
Safety Verdict

Is 10Web Booster – Website speed optimization, Cache & Page Speed optimizer Safe to Use in 2026?

Generally Safe

Score 86/100

10Web Booster – Website speed optimization, Cache & Page Speed optimizer has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 5, 2025Updated 4mo ago
Risk Assessment

The tenweb-speed-optimizer v2.32.11 plugin presents a mixed security posture. While it demonstrates good practices in output escaping (96%) and prepared statement usage for SQL queries (82%), significant concerns arise from its attack surface. A substantial number of AJAX handlers (11 out of 31) and REST API routes (3 out of 31) lack proper authentication or permission checks. This creates a broad entry point for potential unauthorized access and manipulation. The presence of the `unserialize` function is a notable risk signal, as it can be a vector for remote code execution if not handled with extreme caution and proper input validation. Taint analysis did not reveal any critical or high severity issues with unsanitized paths, which is a positive sign, but the analysis covered a small number of flows. The plugin's vulnerability history is a significant concern. With 5 known CVEs, including 1 critical and 2 high severity, and a recent vulnerability dated 2025-12-05, it suggests a pattern of exploitable weaknesses. The common vulnerability types like Path Traversal and Authorization Bypass further highlight areas where the plugin has historically struggled with robust security. While there are no currently unpatched vulnerabilities, the historical prevalence and severity of past issues necessitate vigilance. In conclusion, the plugin has some strengths in core coding practices, but the large, unprotected attack surface and a history of serious vulnerabilities are substantial risks that outweigh these strengths. The use of `unserialize` and outdated bundled libraries also adds to the overall risk profile.

Key Concerns

  • Unprotected AJAX handlers
  • REST API routes without permission callbacks
  • Dangerous function: unserialize
  • Bundled outdated library: DataTables v1.10.20
  • Bundled outdated library: Select2
  • Historical critical vulnerability
  • Historical high severity vulnerabilities
  • Recent vulnerability history
Vulnerabilities
5

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
3 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
2

5 total CVEs

CVE-2025-13377critical · 9.6Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache

Dec 5, 2025 Patched in 2.32.11 (1d)
CVE-2023-5559medium · 6.5Authorization Bypass Through User-Controlled Key

10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion

Oct 29, 2023 Patched in 2.24.18 (86d)
WF-9c8b0de4-e3ee-4711-8f27-097dee843dd8-tenweb-speed-optimizerhigh · 7.2Missing Authorization

10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting

Feb 21, 2023 Patched in 2.13.45 (483d)
WF-4f3f0ef8-8a13-4110-a402-e1bcf493560a-tenweb-speed-optimizerhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.12.23 - Unauthenticated SQL Injection

Jan 25, 2023 Patched in 2.12.23 (363d)
WF-f62063c8-7559-492a-9caf-fae256052d1a-tenweb-speed-optimizermedium · 5.4Missing Authorization

10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.8.34 - Missing Authorization to Plugin Deactivation

Nov 19, 2022 Patched in 2.8.35 (430d)
Code Analysis
Analyzed Mar 16, 2026

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
9 prepared
Unescaped Output
37
801 escaped
Nonce Checks
27
Capability Checks
10
File Operations
80
External Requests
17
Bundled Libraries
2

Dangerous Functions Found

unserialize$result[ $row->post_id ] = unserialize($row->meta_value); // phpcs:ignoreincludes\OptimizerUtils.php:1663

Bundled Libraries

DataTables1.10.20Select2

SQL Query Safety

82% prepared11 total queries

Output Escaping

96% escaped838 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

12 flows6 with unsanitized paths
download_critical (includes\OptimizerUtils.php:2408)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Attack Surface

Entry Points62
Unprotected14

AJAX Handlers 31

authwp_ajax_two_set_autoupdate_from_bannerincludes\OptimizerOnInit.php:26
authwp_ajax_two_optimized_notif_closedincludes\OptimizerOnInit.php:32
authwp_ajax_two_is_page_optimizedincludes\OptimizerOnInit.php:33
authwp_ajax_two_recount_scoreincludes\OptimizerOnInit.php:34
authwp_ajax_two_get_page_scoreincludes\OptimizerOnInit.php:35
authwp_ajax_two_get_optimized_imagesincludes\OptimizerOnInit.php:36
authwp_ajax_two_sign_up_dashboard_magic_linkincludes\OptimizerOnInit.php:37
authwp_ajax_two_setFlowIdNotificationIdincludes\OptimizerOnInit.php:38
noprivwp_ajax_two_manager_clear_cacheOptimizerAdmin.php:173
authwp_ajax_two_settingsOptimizerAdmin.php:183
authwp_ajax_two_update_settingOptimizerAdmin.php:184
authwp_ajax_two_criticalOptimizerAdmin.php:185
authwp_ajax_two_critical_statusesOptimizerAdmin.php:186
authwp_ajax_two_deactivate_pluginsOptimizerAdmin.php:187
authwp_ajax_two_white_labelOptimizerAdmin.php:188
authwp_ajax_two_elementor_regenerate_ccssOptimizerAdmin.php:189
authwp_ajax_two_css_optionsOptimizerAdmin.php:197
authwp_ajax_two_get_posts_for_criticalOptimizerAdmin.php:199
authwp_ajax_two_flow_set_modeOptimizerAdmin.php:243
authwp_ajax_two_update_flow_statusOptimizerAdmin.php:244
authwp_ajax_two_finish_flowOptimizerAdmin.php:245
authwp_ajax_two_flow_incompatible_pluginsOptimizerAdmin.php:246
authwp_ajax_two_clear_cloudflare_cacheOptimizerAdmin.php:247
authwp_ajax_two_deactivate_pluginstenweb_speed_optimizer.php:84
authwp_ajax_two_set_criticaltenweb_speed_optimizer.php:225
noprivwp_ajax_two_set_criticaltenweb_speed_optimizer.php:226
authwp_ajax_two_init_flow_scoretenweb_speed_optimizer.php:228
noprivwp_ajax_two_init_flow_scoretenweb_speed_optimizer.php:229
authwp_ajax_two_activate_score_checktenweb_speed_optimizer.php:231
noprivwp_ajax_two_activate_score_checktenweb_speed_optimizer.php:232
authwp_ajax_two_optimize_pagetenweb_speed_optimizer.php:234

REST API Routes 31

POST/wp-json/tenweb_so/v1set_scoreOptimizerApi.php:36
POST/wp-json/tenweb_so/v1set_criticalOptimizerApi.php:51
GET/wp-json/tenweb_so/v1optimization_dataOptimizerApi.php:73
POST/wp-json/tenweb_so/v1optimization_dataOptimizerApi.php:85
POST/wp-json/tenweb_so/v1set_modesOptimizerApi.php:97
GET/wp-json/tenweb_so/v1get_modesOptimizerApi.php:123
POST/wp-json/tenweb_so/v1get_modesOptimizerApi.php:140
POST/wp-json/tenweb_so/v1clear_cacheOptimizerApi.php:157
GET/wp-json/tenweb_so/v1get_page_idOptimizerApi.php:174
POST/wp-json/tenweb_so/v1get_page_idOptimizerApi.php:191
GET/wp-json/tenweb_so/v1get_pagesOptimizerApi.php:208
POST/wp-json/tenweb_so/v1get_pagesOptimizerApi.php:218
POST/wp-json/tenweb_so/v1delete_so_pageOptimizerApi.php:228
POST/wp-json/tenweb_so/v1logoutOptimizerApi.php:245
GET/wp-json/tenweb_so/v1check_domainOptimizerApi.php:258
POST/wp-json/tenweb_so/v1check_domainOptimizerApi.php:271
POST/wp-json/tenweb_so/v1connect_from_coreOptimizerApi.php:284
GET/wp-json/tenweb_so/v1get_webp_statusOptimizerApi.php:294
POST/wp-json/tenweb_so/v1get_webp_statusOptimizerApi.php:304
POST/wp-json/tenweb_so/v1set_webp_statusOptimizerApi.php:314
POST/wp-json/tenweb_so/v1page_cacheOptimizerApi.php:336
GET/wp-json/tenweb_so/v1get_page_cache_statusOptimizerApi.php:352
POST/wp-json/tenweb_so/v1update_settingsOptimizerApi.php:362
GET/wp-json/tenweb_so/v1get_settingsOptimizerApi.php:383
GET/wp-json/tenweb_so/v1get_incompatible_active_pluginsOptimizerApi.php:393
POST/wp-json/tenweb_so/v1set_cloudflare_statusOptimizerApi.php:403
GET/wp-json/tenweb_so/v1two_settingsOptimizerApi.php:420
POST/wp-json/tenweb_so/v1two_settingsOptimizerApi.php:435
POST/wp-json/tenweb_so/v1regenerate_criticalOptimizerApi.php:450
POST/wp-json/tenweb_so/v1regenerate_webpOptimizerApi.php:467
POST/wp-json/tenweb_so/v1delete_webp_imagesOptimizerApi.php:477
WordPress Hooks 103
actionelementor/editor/after_enqueue_scriptsincludes\OptimizerElementor.php:14
actionelementor/initincludes\OptimizerElementor.php:15
actionelementor/documents/register_controlsincludes\OptimizerElementor.php:16
filtertwoptimize_html_after_minifyincludes\OptimizerImages.php:90
filtertwoptimize_html_after_minify_iframeincludes\OptimizerImages.php:91
filtertwoptimize_html_after_minify_videoincludes\OptimizerImages.php:92
filtertwoptimize_html_imagesincludes\OptimizerImages.php:93
actionhttp_api_debugincludes\OptimizerLogger.php:18
actiontwo_daily_cron_hookincludes\OptimizerLogger.php:23
actionelementor/widget/render_contentincludes\OptimizerMain.php:133
actionsend_headersincludes\OptimizerMain.php:134
actionwpincludes\OptimizerMain.php:140
actionelementor/frontend/before_renderincludes\OptimizerMain.php:387
filterwp_lazy_loading_enabledincludes\OptimizerMain.php:402
actionelementor/widget/render_contentincludes\OptimizerMain.php:405
actionwp_headincludes\OptimizerMain.php:416
actionwp_default_scriptsincludes\OptimizerMain.php:417
actionwp_print_stylesincludes\OptimizerMain.php:420
actionwp_enqueue_scriptsincludes\OptimizerMain.php:424
actionwp_metaincludes\OptimizerMain.php:448
actioninitincludes\OptimizerOnInit.php:9
actioninitincludes\OptimizerOnInit.php:10
actionadmin_bar_menuincludes\OptimizerOnInit.php:11
actionenqueue_block_editor_assetsincludes\OptimizerOnInit.php:14
filtermanage_post_posts_columnsincludes\OptimizerOnInit.php:22
filtermanage_page_posts_columnsincludes\OptimizerOnInit.php:23
actionadmin_noticesincludes\OptimizerOnInit.php:25
actiontwo_page_optimizedincludes\OptimizerOnInit.php:28
actiontwo_page_optimized_removedincludes\OptimizerOnInit.php:30
actionelementor/editor/before_enqueue_scriptsincludes\OptimizerOnInit.php:39
actionet_epanel_update_optionincludes\OptimizerOnInit.php:43
filterget_two_enable_htaccess_webp_deliveryincludes\OptimizerSettings.php:991
filtertwo_save_settings_messageincludes\OptimizerSettings.php:998
filtertwo_save_settings_codeincludes\OptimizerSettings.php:1001
filterget_two_enable_htaccess_caching_headersincludes\OptimizerSettings.php:1011
filtertwo_save_settings_messageincludes\OptimizerSettings.php:1018
filtertwo_save_settings_codeincludes\OptimizerSettings.php:1021
filterget_two_enable_htaccess_webp_deliveryincludes\OptimizerSettings.php:1529
filterget_two_enable_htaccess_webp_deliveryincludes\OptimizerSettings.php:1543
actionshutdownincludes\OptimizerUtils.php:1908
filtercontent_save_preincludes\OptimizerUtils.php:2379
actionpre_current_active_pluginsincludes\OptimizerWhiteLabel.php:29
actionadmin_menuincludes\OptimizerWhiteLabel.php:30
actionadmin_bar_menuincludes\OptimizerWhiteLabel.php:31
actionadmin_initincludes\WebPageCache\OptimizerWebPageCacheWP.php:33
actiontransition_post_statusincludes\WebPageCache\OptimizerWebPageCacheWP.php:39
actionupdate_option_two_settingsincludes\WebPageCache\OptimizerWebPageCacheWP.php:44
filterpage_row_actionsincludes\WebPageCache\OptimizerWebPageCacheWP.php:47
filterpost_row_actionsincludes\WebPageCache\OptimizerWebPageCacheWP.php:48
actionadmin_initOptimizerAdmin.php:61
actionin_admin_headerOptimizerAdmin.php:64
actiondelete_postOptimizerAdmin.php:69
actionwp_trash_postOptimizerAdmin.php:70
actionpermalink_structure_changedOptimizerAdmin.php:72
filterauto_update_pluginOptimizerAdmin.php:75
actionadmin_initOptimizerAdmin.php:176
actionadmin_initOptimizerAdmin.php:177
actionadmin_initOptimizerAdmin.php:178
actionadmin_menuOptimizerAdmin.php:179
actionadmin_enqueue_scriptsOptimizerAdmin.php:180
actionwp_enqueue_scriptsOptimizerAdmin.php:181
actionadmin_bar_menuOptimizerAdmin.php:194
actionsave_postOptimizerAdmin.php:203
actionswitch_themeOptimizerAdmin.php:205
actionupdate_option_show_on_frontOptimizerAdmin.php:206
actionupdate_option_page_on_frontOptimizerAdmin.php:207
actionwp_update_nav_menuOptimizerAdmin.php:208
actionupdate_option_sidebars_widgetsOptimizerAdmin.php:209
actionupdate_option_category_baseOptimizerAdmin.php:210
actionupdate_option_tag_baseOptimizerAdmin.php:211
actionpermalink_structure_changedOptimizerAdmin.php:212
actionadd_linkOptimizerAdmin.php:213
actionedit_linkOptimizerAdmin.php:214
actiondelete_linkOptimizerAdmin.php:215
actioncustomize_saveOptimizerAdmin.php:216
actionsidebar_admin_setupOptimizerAdmin.php:218
actionactivated_pluginOptimizerAdmin.php:219
actionupgrader_process_completeOptimizerAdmin.php:220
actiondeactivated_pluginOptimizerAdmin.php:221
action_core_updated_successfullyOptimizerAdmin.php:222
actionwpcf7_save_contact_formOptimizerAdmin.php:225
actionupdate_option_woo_optionsOptimizerAdmin.php:228
actionfrm_update_formOptimizerAdmin.php:237
actionwpforms_builder_save_formOptimizerAdmin.php:240
filtertwo_clear_cache_actionOptimizerAdmin.php:248
actiontwo_clear_cacheOptimizerAdmin.php:249
actionpre_current_active_pluginsOptimizerAdmin.php:250
actionmanage_post_posts_custom_columnOptimizerAdmin.php:254
actionmanage_page_posts_custom_columnOptimizerAdmin.php:255
filterposts_whereOptimizerAdmin.php:1643
actionadmin_footerOptimizerAdminBar.php:384
actionwp_footerOptimizerAdminBar.php:387
actionrest_api_initOptimizerApi.php:23
filterhttp_request_argsOptimizerApi.php:1365
actionadmin_menutenweb_speed_optimizer.php:86
actionadmin_enqueue_scriptstenweb_speed_optimizer.php:102
actionplugins_loadedtenweb_speed_optimizer.php:141
filterdetermine_current_usertenweb_speed_optimizer.php:172
filteroption_active_pluginstenweb_speed_optimizer.php:208
filterwcml_user_store_strategytenweb_speed_optimizer.php:220
filteroption_jetpack_active_modulestenweb_speed_optimizer.php:253
actionwp_enqueue_scriptstenweb_speed_optimizer.php:337
filterscript_loader_tagtenweb_speed_optimizer.php:375

Scheduled Events 1

two_daily_cron_hook
Maintenance & Trust

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 25, 2025
PHP min version7.4
Downloads2.3M

Community Trust

Rating92/100
Number of ratings405
Active installs90K
Alternatives

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Alternatives

WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Aruba HiSpeed Cache

Aruba HiSpeed Cache

aruba-hispeed-cache

A
95

Aruba HiSpeed Cache interfaces directly with an Aruba hosting platform's HiSpeed Cache service and automates its management.

100K 6 CVEs
Seraphinite Accelerator

Seraphinite Accelerator

seraphinite-accelerator

A
95

Turns on site high speed to be attractive for people and search engines.

60K 9 CVEs
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

clearfy

A
95

Optimize and tweak WordPress by disable unused features. Improve performance, SEO and security using Clearfy — super easy, fast and zero code.

50K 6 CVEs
JCH Optimize

JCH Optimize

jch-optimize

A
98

This plugin automatically performs several front end optimizations to your site to boost performance and increase PageSpeed scores.

4K 3 CVEs
Developer Profile

10Web Booster – Website speed optimization, Cache & Page Speed optimizer Developer Profile

10Web

9 plugins · 365K total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
724 days
View full developer profile
Detection Fingerprints

How We Detect 10Web Booster – Website speed optimization, Cache & Page Speed optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tenweb-speed-optimizer/integrations/autoptimize/assets/js/autoptimize-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/autoptimize/assets/css/autoptimize-style.css/wp-content/plugins/tenweb-speed-optimizer/integrations/elementor/assets/js/elementor-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/elementor/assets/css/elementor-style.css/wp-content/plugins/tenweb-speed-optimizer/integrations/gutenberg/assets/js/gutenberg-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/gutenberg/assets/css/gutenberg-style.css/wp-content/plugins/tenweb-speed-optimizer/integrations/yoast/assets/js/yoast-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/yoast/assets/css/yoast-style.css+8 more
Script Paths
/wp-content/plugins/tenweb-speed-optimizer/integrations/autoptimize/assets/js/autoptimize-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/elementor/assets/js/elementor-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/gutenberg/assets/js/gutenberg-scripts.js/wp-content/plugins/tenweb-speed-optimizer/integrations/yoast/assets/js/yoast-scripts.js/wp-content/plugins/tenweb-speed-optimizer/admin/assets/js/admin-scripts.js/wp-content/plugins/tenweb-speed-optimizer/includes/assets/js/optimizer-scripts.js+2 more
Version Parameters
tenweb-speed-optimizer/integrations/autoptimize/assets/js/autoptimize-scripts.js?ver=tenweb-speed-optimizer/integrations/autoptimize/assets/css/autoptimize-style.css?ver=tenweb-speed-optimizer/integrations/elementor/assets/js/elementor-scripts.js?ver=tenweb-speed-optimizer/integrations/elementor/assets/css/elementor-style.css?ver=tenweb-speed-optimizer/integrations/gutenberg/assets/js/gutenberg-scripts.js?ver=tenweb-speed-optimizer/integrations/gutenberg/assets/css/gutenberg-style.css?ver=tenweb-speed-optimizer/integrations/yoast/assets/js/yoast-scripts.js?ver=tenweb-speed-optimizer/integrations/yoast/assets/css/yoast-style.css?ver=tenweb-speed-optimizer/admin/assets/js/admin-scripts.js?ver=tenweb-speed-optimizer/admin/assets/css/admin-style.css?ver=tenweb-speed-optimizer/includes/assets/js/optimizer-scripts.js?ver=tenweb-speed-optimizer/includes/assets/css/optimizer-style.css?ver=tenweb-speed-optimizer/templates/assets/js/templates-scripts.js?ver=tenweb-speed-optimizer/templates/assets/css/templates-style.css?ver=tenweb-speed-optimizer/core/assets/js/core-scripts.js?ver=tenweb-speed-optimizer/core/assets/css/core-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
two_settings_page
HTML Comments
<!-- 10Web Booster: Optimize your website speed and performance --><!-- END 10Web Booster -->
Data Attributes
data-two-optimize-cssdata-two-optimize-js
JS Globals
window.TenWebOptimizerSettings
REST Endpoints
/wp-json/tenweb-speed-optimizer/v1/optimize/wp-json/tenweb-speed-optimizer/v1/clear-cache
FAQ

Frequently Asked Questions about 10Web Booster – Website speed optimization, Cache & Page Speed optimizer