Does W3TC Auto Pilot have any unpatched vulnerabilities?

No. All known vulnerabilities in W3TC Auto Pilot have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is W3TC Auto Pilot compatible with WordPress 4.5.0?

According to WordPress.org data, W3TC Auto Pilot 1.1.7.1 has been tested up to WordPress 4.5.0. Check the plugin's changelog for the latest compatibility information.

How often is W3TC Auto Pilot updated?

W3TC Auto Pilot was last updated on Feb 24, 2016. Frequent updates are generally a positive security signal.

What is W3TC Auto Pilot's security score?

W3TC Auto Pilot has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

W3TC Auto Pilot Security & Risk Analysis

wordpress.org/plugins/w3tc-auto-pilot

Put W3 Total Cache on auto pilot. This plugin allows you to control W3 Total Cache by simply using your website. So your cache is always up to date.

70 active installs v1.1.7.1 PHP + WP 3.6.0+ Updated Feb 24, 2016

automaticcachecontroltotalw3

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is W3TC Auto Pilot Safe to Use in 2026?

Generally Safe

Score 85/100

W3TC Auto Pilot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The w3tc-auto-pilot plugin v1.1.7.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively utilizing prepared statements, and it has no recorded vulnerability history, suggesting a generally stable codebase in the past. However, significant concerns arise from the static analysis. The plugin presents a single AJAX endpoint that lacks any authentication or capability checks, creating a direct and unprotected entry point for potential attackers. Furthermore, while only one output was analyzed, it was not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output. The absence of taint analysis results and the zero count for dangerous functions are positive indicators, but they do not mitigate the immediate risks posed by the unprotected AJAX handler and unescaped output.

Key Concerns

Unprotected AJAX endpoint
Unescaped output found

Vulnerabilities

None known

W3TC Auto Pilot Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

W3TC Auto Pilot Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

0% escaped1 total outputs

Attack Surface

1 unprotected

W3TC Auto Pilot Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_widgets-orderw3tc-auto-pilot.php:64

WordPress Hooks 21

actionplugins_loadedw3tc-auto-pilot.php:14

actioncustomize_save_afterw3tc-auto-pilot.php:54

actionwp_update_nav_menuw3tc-auto-pilot.php:55

actionsidebar_admin_setupw3tc-auto-pilot.php:56

actionswitch_themew3tc-auto-pilot.php:57

actionsave_postw3tc-auto-pilot.php:69

actionadmin_bar_menuw3tc-auto-pilot.php:85

actionwp_before_admin_bar_renderw3tc-auto-pilot.php:86

actionadmin_menuw3tc-auto-pilot.php:87

actioninitw3tc-auto-pilot.php:88

actionadmin_initw3tc-auto-pilot.php:89

actionadmin_initw3tc-auto-pilot.php:90

filterw3tc_can_print_commentw3tc-auto-pilot.php:91

actionadmin_initw3tc-auto-pilot.php:92

actionadmin_initw3tc-auto-pilot.php:93

actionsave_postw3tc-auto-pilot.php:138

actionadmin_noticesw3tc-auto-pilot.php:507

filterpost_row_actionsw3tc-auto-pilot.php:537

filterpage_row_actionsw3tc-auto-pilot.php:540

filterw3tc_errorsw3tc-auto-pilot.php:573

filterw3tc_notesw3tc-auto-pilot.php:574

Maintenance & Trust

W3TC Auto Pilot Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.0

Last updatedFeb 24, 2016

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs70

Alternatives

W3TC Auto Pilot Alternatives

Automatic Cache Flusher for W3 Total Cache

automatic-cache-flusher-for-w3-total-cache

100

This plugin flushes the W3 Total Cache after a plugin update.

600 No CVEs

Style.css Load Last Version

stylecss-load-last-version

100

Load the Last Version of style.css everytime, whenever and ever. No side effects on performance.

100 No CVEs

Detect Search Engine Referrer

detect-search-engine-referrer

This plugin disable w3 total cache plugin functionality if visitor is coming from search engine.

10 No CVEs

APCu Manager

apcu-manager

100

APCu statistics and management right in the WordPress admin dashboard.

10K No CVEs

Clear Autoptimize Cache Automatically

clear-autoptimize-cache-automatically

100

Automatically clear Autoptimize cache by cache size or at a specific time of selected days

4K No CVEs

Developer Profile

W3TC Auto Pilot Developer Profile

Sybre Waaijer

11 plugins · 204K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

259 days

View full developer profile

Detection Fingerprints

How We Detect W3TC Auto Pilot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ