Does WP Redis have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Redis have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Redis compatible with WordPress 6.9.4?

According to WordPress.org data, WP Redis 1.4.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Redis compatible with PHP 7.4+?

WP Redis requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Redis updated?

WP Redis was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is WP Redis's security score?

WP Redis has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Redis Security & Risk Analysis

wordpress.org/plugins/wp-redis

Back your WP Object Cache with Redis, a high-performance in-memory storage backend.

10K active installs v1.4.7 PHP 7.4+ WP 3.0.1+ Updated Dec 11, 2025

cacheobject-cacheredis

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Redis Safe to Use in 2026?

Generally Safe

Score 100/100

WP Redis has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The wp-redis plugin v1.4.7 exhibits a generally strong security posture with a minimal attack surface and excellent output escaping. The absence of known vulnerabilities, including historical CVEs, is a significant positive indicator. Furthermore, the plugin demonstrates good practice by only having one capability check, implying controlled access to its functionalities. However, the presence of the `unserialize` function, especially without any apparent input validation or taint analysis data to confirm its safe usage, poses a potential risk. While the static analysis reported no taint flows, this can be due to the limitations of the analysis tools or the specific code paths examined. The reliance on raw SQL queries without prepared statements is another area of concern, as it can be susceptible to SQL injection if not handled with extreme care.

Key Concerns

Dangerous function unserialize found
SQL queries without prepared statements

Vulnerabilities

None known

WP Redis Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Redis Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = is_numeric( $value ) ? intval( $value ) : unserialize( $value );object-cache.php:740

unserialize$value = is_numeric( $value ) ? intval( $value ) : unserialize( $value );object-cache.php:804

SQL Query Safety

0% prepared3 total queries

Output Escaping

93% escaped15 total outputs

Attack Surface

WP Redis Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filtertemplate_includecli.php:185

actionadmin_noticesobject-cache.php:1534

Maintenance & Trust

WP Redis Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version7.4

Downloads960K

Community Trust

Rating94/100

Number of ratings20

Active installs10K

Alternatives

WP Redis Alternatives

Redis Object Cache

redis-cache

100

A persistent object cache backend powered by Redis®¹. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.

300K No CVEs

atec Cache Info

atec-cache-info

100

Show system cache status and statistics for OPcache, JIT, Object Cache, APCu, Redis, Memcached, and SQLite Cache.

1K No CVEs

Cache Warmer

cache-warmer

Visits website pages to warm (create) the cache if you have any caching solutions configured.

1K No CVEs

Redis Object Cache

redis-object-cache

A persistent object cache powered by Redis.

10 No CVEs

Nginx Helper

nginx-helper

100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs

Developer Profile

WP Redis Developer Profile

Pantheon Systems

8 plugins · 39K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Redis

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-redis/style.css/wp-content/plugins/wp-redis/script.js

Script Paths

/wp-content/plugins/wp-redis/script.js

Version Parameters

wp-redis/style.css?ver=wp-redis/script.js?ver=

HTML / DOM Fingerprints

JS Globals

wp_cache_addwp_cache_closewp_cache_decrwp_cache_deletewp_cache_delete_groupwp_cache_flush+10 more

FAQ

WP Redis Security & Risk Analysis

Is WP Redis Safe to Use in 2026?

Generally Safe

Key Concerns

WP Redis Security Vulnerabilities

WP Redis Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

WP Redis Attack Surface

WP Redis Maintenance & Trust

Maintenance Signals

Community Trust

WP Redis Alternatives

Redis Object Cache

atec Cache Info

Cache Warmer

Redis Object Cache

Nginx Helper

WP Redis Developer Profile

How We Detect WP Redis

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Redis