Does WP-PJAX have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-PJAX compatible with WordPress 3.5.2?

According to WordPress.org data, WP-PJAX 0.0.4.1 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is WP-PJAX updated?

WP-PJAX was last updated on Apr 2, 2013. Frequent updates are generally a positive security signal.

What is WP-PJAX's security score?

WP-PJAX has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-PJAX Security & Risk Analysis

wordpress.org/plugins/wp-pjax

Makes WordPress a lot faster using PJAX (PushState + AJAX) for loading content.

10 active installs v0.0.4.1 PHP + WP 3.5+ Updated Apr 2, 2013

cacheoptimizationperformancepjaxspeed

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-PJAX Safe to Use in 2026?

Generally Safe

Score 85/100

WP-PJAX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The wp-pjax plugin v0.0.4.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for its single SQL query and appears to have no recorded vulnerabilities or CVEs in its history, suggesting a diligent development approach regarding known exploits. The absence of critical or high-severity taint flows further reinforces this. However, significant concerns arise from the static analysis. The plugin lacks any nonce checks and has a high proportion of outputs that are not properly escaped (0%). This presents a considerable risk of cross-site scripting (XSS) vulnerabilities if any user-controlled data reaches these output points. The presence of dangerous functions like `ini_set` and `set_time_limit` also warrants caution, as their misuse could lead to unintended system behavior or security bypasses.

Key Concerns

Output not properly escaped
Missing nonce checks
Dangerous functions used

Vulnerabilities

None known

WP-PJAX Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP-PJAX Release Timeline

v0.1a

v0.0.4.1Current

v0.0.4

v0.0.3.3

v0.0.3.2

v0.0.3.1

v0.0.3

v0.0.2

vremove

Code Analysis

Analyzed Apr 16, 2026

WP-PJAX Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

ini_setini_set("display_errors", 1);inc/PageCachePrefetch.php:71

set_time_limitset_time_limit(0);inc/PageCachePrefetch.php:81

ini_setini_set('max_execution_time', 0);inc/PageCachePrefetch.php:82

ini_setini_set("display_errors", 1);inc/WP-PJAX.php:15

ini_setini_set("display_errors", 1);wp-pjax.php:34

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped40 total outputs

Attack Surface

WP-PJAX Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

filterwp_pjax_use_pginc/PageCache.php:31

actionparse_requestinc/PageCache.php:32

filtercron_schedulesinc/PageCachePrefetch.php:33

actionwp-pjax-pg-prefetchinc/PageCachePrefetch.php:35

actionadmin_menuinc/WP-PJAX.php:43

actionsend_headersinc/WP-PJAX.php:68

actionwpinc/WP-PJAX.php:87

actionget_headerinc/WP-PJAX.php:95

actionwp_headinc/WP-PJAX.php:208

actionwp_footerinc/WP-PJAX.php:221

actionactivated_pluginwp-pjax.php:54

actionwp_pjax_headerwp-pjax.php:214

filterwp_pjax_titlewp-pjax.php:241

Scheduled Events 2

wp-pjax-pg-prefetch

Maintenance & Trust

WP-PJAX Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedApr 2, 2013

PHP min version

Downloads5K

Community Trust

Rating80/100

Number of ratings4

Active installs10

Alternatives

WP-PJAX Alternatives

LWS Optimize – All-in-One Speed Booster & Cache Tools

lws-optimize

All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!

10K 2 CVEs

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Everything you need for a faster website – smart optimization, advanced caching, adaptive images, WebP creation, script improvements, optional CDN del …

10K 13 CVEs

Core Web Vitals & PageSpeed Booster

core-web-vitals-pagespeed-booster

Core Web Vitals (CWV) is the new ranking factor

1K 1 unpatched

GoCache

gocache-cdn

Acelere seu site e reduza seus custos com cloud.

1K 1 unpatched

F12 Profiler

f12-profiler

Comprehensive WordPress performance analysis with crawling, load time measurement, server diagnostics, and integrated optimization tools. Free.

500 1 CVE

Developer Profile

WP-PJAX Developer Profile

Peter Elmered

4 plugins · 330 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-PJAX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-pjax/css/wp-pjax-admin.css

HTML / DOM Fingerprints

JS Globals

wp_pjax_options

FAQ