WP-Safety

WP Meteor Website Speed Optimization Addon Security & Risk Analysis

wordpress.org/plugins/wp-meteor

2x-5x improvement in your Page Speed score. A completely new way of optimizing your page speed.

20K active installs v3.4.17 PHP 5.6+ WP 4.5+ Updated Feb 21, 2026
cachingoptimizationpagespeedperformance
95
A · Safe
CVEs total4
Unpatched0
Last CVEApr 28, 2026
Plugin page Download
Safety Verdict

Is WP Meteor Website Speed Optimization Addon Safe to Use in 2026?

Generally Safe

Score 95/100

WP Meteor Website Speed Optimization Addon has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Apr 28, 2026Updated 2mo ago
Risk Assessment

The wp-meteor plugin v3.4.17 presents a mixed security posture. While the code analysis shows no critical or high severity taint flows and a good practice of using prepared statements for SQL queries, significant concerns arise from the exposed REST API route and the absence of capability checks. This single unprotected entry point can be exploited by unauthorized actors. Furthermore, the vulnerability history reveals a pattern of past medium severity vulnerabilities, including exposure of sensitive information, missing authorization, and CSRF. Although there are no currently unpatched CVEs, the history suggests a recurring need for security patches and indicates potential weaknesses in the plugin's authorization and data handling mechanisms. The plugin's limited attack surface is a positive, but the presence of even one unprotected REST API route, coupled with the past vulnerability types, necessitates careful consideration of its security implications.

Key Concerns

  • Unprotected REST API route
  • Missing capability checks
  • Only 40% of outputs properly escaped
  • History of medium severity vulnerabilities
  • History of Missing Authorization vulnerabilities
  • History of Exposure of Sensitive Information vulnerabilities
  • History of CSRF vulnerabilities
Vulnerabilities
4 published

WP Meteor Website Speed Optimization Addon Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2026-2902medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment

Apr 28, 2026 Patched in 3.4.17 (1d)
CVE-2024-6553medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP Meteor Website Speed Optimization Addon <= 3.4.3 - Unauthenticated Full Path Disclosure

Jul 23, 2024 Patched in 3.4.4 (1d)
WF-2b335807-f4d1-43b3-9e1b-2215eb00a3f8-wp-meteormedium · 4.3Missing Authorization

WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal

Mar 3, 2023 Patched in 3.1.5 (326d)
CVE-2023-26543medium · 4.3Cross-Site Request Forgery (CSRF)

WP Meteor Page Speed Optimization Topping <= 3.1.4 - Cross-Site Request Forgery via processAjaxNoticeDismiss

Feb 28, 2023 Patched in 3.1.5 (415d)
Version History

WP Meteor Website Speed Optimization Addon Release Timeline

v3.4.17Current
v3.4.161 CVE
CVE-2026-2902
v3.4.151 CVE
CVE-2026-2902
v3.4.141 CVE
CVE-2026-2902
v3.4.131 CVE
CVE-2026-2902
v3.4.121 CVE
CVE-2026-2902
v3.4.111 CVE
CVE-2026-2902
v3.4.101 CVE
CVE-2026-2902
v3.4.91 CVE
CVE-2026-2902
v3.4.81 CVE
CVE-2026-2902
v3.4.71 CVE
CVE-2026-2902
v3.4.61 CVE
CVE-2026-2902
v3.4.51 CVE
CVE-2026-2902
v3.4.41 CVE
CVE-2026-2902
v3.4.32 CVEs
CVE-2024-6553 CVE-2026-2902
v3.4.22 CVEs
CVE-2024-6553 CVE-2026-2902
v3.4.12 CVEs
CVE-2024-6553 CVE-2026-2902
v3.4.02 CVEs
CVE-2024-6553 CVE-2026-2902
v3.3.32 CVEs
CVE-2024-6553 CVE-2026-2902
v3.3.22 CVEs
CVE-2024-6553 CVE-2026-2902
Code Analysis
Analyzed Mar 16, 2026

WP Meteor Website Speed Optimization Addon Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped10 total outputs
Attack Surface
1 unprotected

WP Meteor Website Speed Optimization Addon Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

POST/wp-json/wpmeteor/v1/detect/rest\Marketing.php:14
WordPress Hooks 8
filterwpmeteor_excludeblocker\Exclusions\Compatibility.php:29
filterwpmeteor_excludeblocker\Exclusions\Compatibility.php:89
filterwpmeteor_excludeblocker\Exclusions\Exclude.php:46
actionwpfrontend\Base.php:64
actionrest_api_initrest\Marketing.php:13
actionadmin_initwp-meteor.php:35
actionadmin_noticeswp-meteor.php:41
actionplugins_loadedwp-meteor.php:71
Maintenance & Trust

WP Meteor Website Speed Optimization Addon Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 21, 2026
PHP min version5.6
Downloads996K

Community Trust

Rating94/100
Number of ratings77
Active installs20K
Alternatives

WP Meteor Website Speed Optimization Addon Alternatives

LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

A
86

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
W3 Total Cache

W3 Total Cache

w3-total-cache

B
75

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 29 CVEs
Super Page Cache

Super Page Cache

wp-cloudflare-page-cache

A
96

Boost PageSpeed, SEO, and Core Web Vitals with full page caching, JS/CSS optimization, media optimization, and Cloudflare CDN.

60K 2 CVEs
RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce

RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerce

rabbit-loader

A
99

All-in-one AI speed optimization plugin for WordPress & WooCommerce websites. Get faster loading pages and near-perfect PageSpeed scores — in just &hellip;

3K 2 CVEs
Speed Kit

Speed Kit

baqend

C
63

Speed Kit makes your WordPress website load instantly with one simple click.

2K 1 unpatched
Developer Profile

WP Meteor Website Speed Optimization Addon Developer Profile

Aleksandr Guidrevitch

1 plugin · 20K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
186 days
View full developer profile
Detection Fingerprints

How We Detect WP Meteor Website Speed Optimization Addon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-meteor/assets/css/admin/settings.css/wp-content/plugins/wp-meteor/assets/js/admin/settings.js
Script Paths
/wp-content/plugins/wp-meteor/vendor/wpdesk/wp-notice/assets/js/wpdesk-notices.js/wp-content/plugins/wp-meteor/vendor/wpdesk/wp-notice/assets/js/wpdesk-dismissible-notices.js/wp-content/plugins/wp-meteor/vendor/wpdesk/wp-notice/assets/js/wpdesk-init-notices.js
Version Parameters
wp-meteor/assets/css/admin/settings.css?ver=wp-meteor/assets/js/admin/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-meteor-settings
Data Attributes
data-wpmeteor-settings
JS Globals
_wpmeteor
REST Endpoints
/wp-json/wpmeteor/v1/detect/
FAQ

Frequently Asked Questions about WP Meteor Website Speed Optimization Addon