WP-Safety

WEDOS Global (CDN Cache & Security) Security & Risk Analysis

wordpress.org/plugins/wgpwpp

Our WordPress plugin has a full site caching feature, a CDN Cache feature, and optional settings for the sending of security reports.

900 active installs v1.2.2 PHP 7.4+ WP 5.6+ Updated Jul 26, 2024
cdnddos-protectionperformancesecuritywaf
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 26, 2025
Plugin page Download
Safety Verdict

Is WEDOS Global (CDN Cache & Security) Safe to Use in 2026?

Mostly Safe

Score 70/100

WEDOS Global (CDN Cache & Security) is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 26, 2025Updated 1yr ago
Risk Assessment

The plugin "wgpwpp" v1.2.2 exhibits a concerning security posture due to a significant number of unprotected entry points and a history of vulnerabilities, particularly related to missing authorization. While the use of prepared statements for SQL queries is a positive practice, it is overshadowed by the fact that all identified AJAX handlers and REST API routes lack proper authentication or permission checks. This creates a wide attack surface that could be easily exploited by unauthenticated users. The presence of the `unserialize` function is another critical red flag, especially in the absence of strict input validation, as it can lead to remote code execution vulnerabilities.

The vulnerability history, with a known unpatched medium severity CVE, further amplifies the risks. The pattern of "Missing Authorization" as a common vulnerability type strongly suggests a recurring oversight in how the plugin handles user permissions, making it a predictable target for attackers. While the plugin demonstrates some good practices like prepared statements, the overwhelming number of unprotected entry points and the historical vulnerability trend point towards a plugin that requires immediate attention and remediation to mitigate severe security risks.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Dangerous function: unserialize
  • Low percentage of properly escaped output
  • Unpatched medium severity CVE
  • Missing authorization vulnerability history
  • Flows with unsanitized paths
Vulnerabilities
1

WEDOS Global (CDN Cache & Security) Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-60130medium · 5.3Missing Authorization

WEDOS Global <= 1.2.2 - Missing Authorization

Sep 26, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

WEDOS Global (CDN Cache & Security) Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
309
41 escaped
Nonce Checks
12
Capability Checks
8
File Operations
43
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize($serialized);admin\class-wgpwpp-notice.php:221

Output Escaping

12% escaped350 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class-wgpwpp-log> (includes\class-wgpwpp-log.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

WEDOS Global (CDN Cache & Security) Attack Surface

Entry Points13
Unprotected13

AJAX Handlers 12

authwp_ajax_wgpwpp_auth_redirectadmin\class-wgpwpp-authorization.php:132
authwp_ajax_wgpwpp_purge_wp_cacheadmin\class-wgpwpp-cache-setting.php:62
authwp_ajax_wgpwpp_purge_cdn_cacheadmin\class-wgpwpp-cache-setting.php:64
authwp_ajax_wgpwpp_dashboard_load_opensearch_dataadmin\class-wgpwpp-dashboard-layout.php:50
authwp_ajax_wgpwpp_dashboard_toggle_wp_cacheadmin\class-wgpwpp-dashboard-layout.php:51
authwp_ajax_wgpwpp_dashboard_toggle_cdn_cacheadmin\class-wgpwpp-dashboard-layout.php:52
authwp_ajax_wgpwpp_dashboard_dismiss_ratingadmin\class-wgpwpp-dashboard-layout.php:53
authwp_ajax_wgpwpp_layout_stepadmin\class-wgpwpp-service-layout.php:55
authwp_ajax_wgpwpp_layout_verification_codeadmin\class-wgpwpp-service-layout.php:56
authwp_ajax_wgpwpp_layout_service_infoadmin\class-wgpwpp-service-layout.php:57
authwp_ajax_wgpwpp_layout_service_createadmin\class-wgpwpp-service-layout.php:58
authwp_ajax_wgpwpp_layout_service_retry_stateadmin\class-wgpwpp-service-layout.php:59

REST API Routes 1

GET/wp-json/wgpwpp/v1/activationincludes\class-wgpwpp-activator.php:54
WordPress Hooks 39
actionupgrader_process_completeadmin\class-wgpwpp-admin.php:268
actionplugins_loadedadmin\class-wgpwpp-admin.php:270
actionin_admin_headeradmin\class-wgpwpp-admin.php:272
actionadmin_enqueue_scriptsadmin\class-wgpwpp-admin.php:275
actionadmin_enqueue_scriptsadmin\class-wgpwpp-admin.php:276
actionadmin_menuadmin\class-wgpwpp-admin.php:279
actionadmin_footer_textadmin\class-wgpwpp-admin.php:285
actioninitadmin\class-wgpwpp-admin.php:287
actionadmin_initadmin\class-wgpwpp-authorization.php:135
actionadmin_initadmin\class-wgpwpp-cache-setting.php:58
actionadmin_enqueue_scriptsadmin\class-wgpwpp-cache-setting.php:60
actionadmin_enqueue_scriptsadmin\class-wgpwpp-dashboard-layout.php:46
actionadmin_enqueue_scriptsadmin\class-wgpwpp-dashboard-layout.php:47
actionadmin_initadmin\class-wgpwpp-reports-setting.php:97
actionadmin_enqueue_scriptsadmin\class-wgpwpp-reports-setting.php:100
actionadmin_enqueue_scriptsadmin\class-wgpwpp-reports-setting.php:101
actionrest_api_initadmin\class-wgpwpp-verification.php:61
actionrest_api_initincludes\class-wgpwpp-activator.php:53
actionplugin_loadedincludes\class-wgpwpp-loader.php:151
actionrest_api_initincludes\class-wgpwpp-notify.php:45
actionplugin_loadedincludes\class-wgpwpp-wp-cache.php:261
actionshutdownincludes\class-wgpwpp-wp-cache.php:262
filtersite_status_testsincludes\class-wgpwpp-wp-cache.php:263
filtersite_status_page_cache_supported_cache_headersincludes\class-wgpwpp-wp-cache.php:264
actionwgpwpp_wp_cache_delete_expiredincludes\class-wgpwpp-wp-cache.php:272
filterwoocommerce_product_titleincludes\class-wgpwpp-wp-cache.php:672
actiontransition_post_statusincludes\class-wgpwpp-wp-cache.php:676
filterthe_postsincludes\class-wgpwpp-wp-cache.php:682
actiondo_feed_rdfincludes\class-wgpwpp-wp-cache.php:685
actiondo_feed_rssincludes\class-wgpwpp-wp-cache.php:686
actiondo_feed_rss2includes\class-wgpwpp-wp-cache.php:687
actiondo_feed_atomincludes\class-wgpwpp-wp-cache.php:688
actionclean_post_cacheincludes\class-wgpwpp-wp-cache.php:691
actioninitincludes\class-wgpwpp-wp-cache.php:694
actionshutdownincludes\class-wgpwpp-wp-cache.php:697
actionupdate_option_rss_use_excerptincludes\class-wgpwpp-wp-cache.php:699
actionupdate_option_posts_per_rssincludes\class-wgpwpp-wp-cache.php:700
actionrest_api_initincludes\class-wgpwpp-wpinfo.php:44
actionplugins_loadedincludes\class-wgpwpp.php:171

Scheduled Events 1

wgpwpp_cache_delete_expired
Maintenance & Trust

WEDOS Global (CDN Cache & Security) Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 26, 2024
PHP min version7.4
Downloads13K

Community Trust

Rating76/100
Number of ratings4
Active installs900
Alternatives

WEDOS Global (CDN Cache & Security) Alternatives

Peakhour

Peakhour

peakhour

A
85

Seamlessly integrate wordpress with Peakhour's performance and security service. Peakhour can dramatically improve your page load times, block th &hellip;

10 No CVEs
powerwaf.com – WordPress WAF & CDN Plugin

powerwaf.com – WordPress WAF & CDN Plugin

powerwaf-cdn

A
85

Accelerate and protect your website to the maximum with PowerWAF CDN. With this plugin you can keep dynamic content updated at the edge to increase de &hellip;

0 No CVEs
Jetpack – WP Security, Backup, Speed, & Growth

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

A
87

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs
ManageWP Worker

ManageWP Worker

worker

A
98

A better way to manage dozens of WordPress websites.

1.0M 1 CVE
W3 Total Cache

W3 Total Cache

w3-total-cache

B
75

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 29 CVEs
Developer Profile

WEDOS Global (CDN Cache & Security) Developer Profile

wedos.com

2 plugins · 1K total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WEDOS Global (CDN Cache & Security)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wgpwpp/admin/css/fontawesome-free-6.5.2-web/css/fontawesome.min.css/wp-content/plugins/wgpwpp/admin/css/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/wgpwpp/admin/css/fontawesome-free-6.5.2-web/css/solid.min.css/wp-content/plugins/wgpwpp/admin/css/wgpwpp-admin.css/wp-content/plugins/wgpwpp/admin/partials/wp-wgp/dist/mini.css/wp-content/plugins/wgpwpp/admin/css/wgpwpp-service.css/wp-content/plugins/wgpwpp/admin/js/wgpwpp-admin.js
Script Paths
/wp-content/plugins/wgpwpp/admin/js/wgpwpp-admin.js
Version Parameters
wgpwpp/admin/css/fontawesome-free-6.5.2-web/css/fontawesome.min.css?ver=wgpwpp/admin/css/font-awesome-4.7.0/css/font-awesome.min.css?ver=wgpwpp/admin/css/fontawesome-free-6.5.2-web/css/solid.min.css?ver=wgpwpp/admin/css/wgpwpp-admin.css?ver=wgpwpp/admin/partials/wp-wgp/dist/mini.css?ver=wgpwpp/admin/css/wgpwpp-service.css?ver=wgpwpp/admin/js/wgpwpp-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wgpwpp-admin-menuwgpwpp-layout-flexwgpwpp-contentwgpwpp-footerwgpwpp-footer-contentwgpwpp-content-centerwgpwpp-headerwgpwpp-header-content+16 more
Data Attributes
data-wgpwpp-iddata-wgpwpp-action
JS Globals
wgpwpp_ajax_object
REST Endpoints
/wp-json/wgpwpp/v1/report/wp-json/wgpwpp/v1/cache
FAQ

Frequently Asked Questions about WEDOS Global (CDN Cache & Security)