Does WP REST Cache have any unpatched vulnerabilities?

No. All known vulnerabilities in WP REST Cache have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP REST Cache compatible with WordPress 6.8.5?

According to WordPress.org data, WP REST Cache 2026.1.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP REST Cache compatible with PHP 7.0+?

WP REST Cache requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP REST Cache updated?

WP REST Cache was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is WP REST Cache's security score?

WP REST Cache has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP REST Cache Security & Risk Analysis

wordpress.org/plugins/wp-rest-cache

Enable caching of the WordPress REST API and auto-flush caches upon wp-admin editing.

10K active installs v2026.1.3 PHP 7.0+ WP 4.7+ Updated Mar 3, 2026

apicacherestrest-cachewp-rest-api

A · Safe

CVEs total1

Unpatched0

Last CVEJul 28, 2025

Plugin page Download

Safety Verdict

Is WP REST Cache Safe to Use in 2026?

Generally Safe

Score 98/100

WP REST Cache has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 28, 2025Updated 1mo ago

Risk Assessment

The wp-rest-cache plugin v2026.1.3 exhibits a generally good security posture, with strong adherence to secure coding practices. The vast majority of SQL queries are prepared, and output escaping is nearly perfect. The plugin also demonstrates a reasonable number of nonce and capability checks, indicating an awareness of WordPress security best practices. The absence of critical or high severity taint flows, and no identified flows with unsanitized paths, is a significant strength.

However, the plugin's attack surface is a notable concern. It exposes a single AJAX handler that lacks any authentication checks. This unprotected entry point could potentially be exploited by unauthenticated users, depending on the functionality it exposes. While the code analysis shows no dangerous functions and mostly secure SQL and output handling, the unprotected AJAX handler remains a critical weakness. The vulnerability history, while currently clean with no unpatched CVEs, shows a past high severity vulnerability related to improper control of filenames for include/require statements. This suggests that past development may have had exploitable weaknesses, even if the current version appears to have addressed them. The presence of this past vulnerability, coupled with the unprotected AJAX handler, warrants careful consideration.

In conclusion, wp-rest-cache v2026.1.3 has strengths in its secure coding practices regarding SQL and output handling. Nevertheless, the unprotected AJAX handler represents a significant and immediate risk that needs mitigation. The historical high-severity vulnerability also serves as a reminder of the importance of ongoing security scrutiny for this plugin.

Key Concerns

Unprotected AJAX handler
Past high severity vulnerability

Vulnerabilities

WP REST Cache Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-52716high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

WP REST Cache <= 2025.1.0 - Unauthenticated Local File Inclusion

Jul 28, 2025 Patched in 2025.1.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

WP REST Cache Code Analysis

Dangerous Functions

Raw SQL Queries

41 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared41 total queries

Output Escaping

97% escaped102 total outputs

Attack Surface

1 unprotected

WP REST Cache Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_flush_cachesincludes\class-plugin.php:111

WordPress Hooks 59

filterrest_pre_serve_requestincludes\api\class-endpoint-api.php:472

filterrest_pre_echo_responseincludes\api\class-endpoint-api.php:475

actionadmin_enqueue_scriptsincludes\class-plugin.php:74

actionadmin_enqueue_scriptsincludes\class-plugin.php:75

actionadmin_menuincludes\class-plugin.php:77

actionadmin_initincludes\class-plugin.php:78

actionadmin_initincludes\class-plugin.php:79

actionadmin_initincludes\class-plugin.php:80

actionadmin_initincludes\class-plugin.php:81

actionadmin_initincludes\class-plugin.php:82

actionadmin_noticesincludes\class-plugin.php:83

actionnetwork_admin_noticesincludes\class-plugin.php:84

actionwp_before_admin_bar_renderincludes\class-plugin.php:85

filterwp_rest_cache/settings_panelsincludes\class-plugin.php:86

filterset-screen-optionincludes\class-plugin.php:91

filterset_screen_option_caches_per_pageincludes\class-plugin.php:92

actionupdate_option_wp_rest_cache_regenerateincludes\class-plugin.php:101

actionupdate_option_wp_rest_cache_regenerate_intervalincludes\class-plugin.php:102

actionactivated_pluginincludes\class-plugin.php:112

actiondeactivated_pluginincludes\class-plugin.php:113

actioncli_initincludes\class-plugin.php:115

actioninitincludes\class-plugin.php:126

actionrest_api_initincludes\class-plugin.php:127

filterwp_rest_cache/allowed_endpointsincludes\class-plugin.php:128

filterwp_rest_cache/determine_object_typeincludes\class-plugin.php:129

filterregister_post_type_argsincludes\class-plugin.php:133

filterregister_taxonomy_argsincludes\class-plugin.php:134

filterwp_rest_cache/allowed_endpointsincludes\class-plugin.php:138

filterwp_rest_cache/determine_object_typeincludes\class-plugin.php:139

filterwp_rest_cache/is_single_itemincludes\class-plugin.php:140

actionwp_rest_cache/process_cache_relationsincludes\class-plugin.php:141

actioninitincludes\class-plugin.php:152

actionsave_postincludes\class-plugin.php:154

actiondelete_postincludes\class-plugin.php:155

actiontransition_post_statusincludes\class-plugin.php:156

actionupdated_post_metaincludes\class-plugin.php:157

actionadd_attachmentincludes\class-plugin.php:159

actionedit_attachmentincludes\class-plugin.php:160

actioncreated_termincludes\class-plugin.php:162

actionedited_termincludes\class-plugin.php:163

actiondelete_termincludes\class-plugin.php:164

actionupdated_term_metaincludes\class-plugin.php:165

actionset_object_termsincludes\class-plugin.php:166

actionprofile_updateincludes\class-plugin.php:168

actionuser_registerincludes\class-plugin.php:169

actiondeleted_userincludes\class-plugin.php:170

actionupdated_user_metaincludes\class-plugin.php:171

actionedit_commentincludes\class-plugin.php:173

actiondeleted_commentincludes\class-plugin.php:174

actiontrashed_commentincludes\class-plugin.php:175

actionuntrashed_commentincludes\class-plugin.php:176

actionspammed_commentincludes\class-plugin.php:177

actionunspammed_commentincludes\class-plugin.php:178

actionwp_insert_commentincludes\class-plugin.php:179

actioncomment_postincludes\class-plugin.php:180

actionupdated_comment_metaincludes\class-plugin.php:181

actionwp_rest_cache_regenerate_cronincludes\class-plugin.php:183

actionwp_rest_cache_cleanup_deleted_cachesincludes\class-plugin.php:184

filterwpml_skip_convert_url_stringincludes\class-util.php:30

Scheduled Events 3

wp_rest_cache_regenerate_cron

wp_rest_cache_cleanup_deleted_caches

Maintenance & Trust

WP REST Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 3, 2026

PHP min version7.0

Downloads367K

Community Trust

Rating98/100

Number of ratings42

Active installs10K

Alternatives

WP REST Cache Alternatives

WP REST API Cache

wp-rest-api-cache

Enable caching for WordPress REST API and increase speed of your application

300 No CVEs

Rest API Cache

rest-api-cache

Boost your application speed by caching the WordPress REST API.

10 No CVEs

REST API Log

wp-rest-api-log

WordPress plugin to log REST API requests and responses

5K No CVEs

REST API Toolbox

rest-api-toolbox

Allows tweaking of several REST API settings

2K No CVEs

WP API Menus

wp-api-menus

Extends WordPress WP REST API with new routes pointing to WordPress menus.

2K No CVEs

Developer Profile

WP REST Cache Developer Profile

Acato

4 plugins · 12K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

159 days

View full developer profile

Detection Fingerprints

How We Detect WP REST Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-rest-cache/admin/css/wp-rest-cache-admin.css/wp-content/plugins/wp-rest-cache/admin/css/jquery-ui.css

Version Parameters

wp-rest-cache/admin/css/wp-rest-cache-admin.css?ver=wp-rest-cache/admin/css/jquery-ui.css?ver=

HTML / DOM Fingerprints

FAQ