Does WP Speed of Light have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Speed of Light have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Speed of Light compatible with WordPress 6.8.5?

According to WordPress.org data, WP Speed of Light 3.3.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Speed of Light compatible with PHP 5.6+?

WP Speed of Light requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Speed of Light updated?

WP Speed of Light was last updated on Jul 28, 2025. Frequent updates are generally a positive security signal.

What is WP Speed of Light's security score?

WP Speed of Light has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Speed of Light Security & Risk Analysis

wordpress.org/plugins/wp-speed-of-light

WP Speed of Light is a WordPress speedup plugin and load time testing. Cache, Gzip, minify, group, Lazy Loading, CDN

7K active installs v3.3.6 PHP 5.6+ WP 4.7+ Updated Jul 28, 2025

cachecachingperformanceperformance-testspeed-test

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Speed of Light Safe to Use in 2026?

Generally Safe

Score 100/100

WP Speed of Light has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The 'wp-speed-of-light' v3.3.6 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices concerning SQL queries, with 100% using prepared statements. Additionally, the vast majority of output is properly escaped, and a substantial number of nonce and capability checks are implemented, indicating an awareness of common WordPress security vulnerabilities.

However, significant concerns arise from the substantial attack surface, particularly the 14 unprotected AJAX handlers. This represents a critical weakness, as attackers could potentially exploit these handlers without proper authentication or authorization. The presence of dangerous functions like 'exec' and 'unserialize' also warrants caution, especially in conjunction with the unprotected AJAX endpoints, as they could be leveraged for arbitrary code execution or deserialization vulnerabilities if improperly handled. Taint analysis revealed flows with unsanitized paths, although these were not flagged as critical or high severity, they still represent a potential avenue for attack.

The plugin's vulnerability history is remarkably clean, with no recorded CVEs. This suggests a history of robust security or a lack of significant public exploitation attempts targeting past versions. Despite the clean history, the identified code-level risks, particularly the unprotected AJAX handlers and dangerous functions, necessitate attention. The strengths in SQL and output escaping are commendable, but the weaknesses in the attack surface management present a clear risk that should be addressed.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function 'exec'
Use of dangerous function 'unserialize'
Flows with unsanitized paths

Vulnerabilities

None known

WP Speed of Light Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Speed of Light Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

664 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$gs = exec($command);jufeedback\ju-check-debug-data.php:557

unserialize$datas = unserialize($cacheFile);src\Cache\file-page-cache.php:377

SQL Query Safety

100% prepared26 total queries

Output Escaping

91% escaped727 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

16 flows2 with unsanitized paths

wpsol_serve_cache (src\Cache\file-page-cache.php:349)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

WP Speed of Light Attack Surface

Entry Points15

Unprotected14

AJAX Handlers 15

authwp_ajax_wpsol_load_page_timesrc\Admin.php:406

authwp_ajax_wpsol_start_scan_querysrc\Admin.php:407

authwp_ajax_wpsol_stop_scan_querysrc\Admin.php:408

authwp_ajax_wpsol_ajax_clean_cachesrc\Admin.php:409

authwp_ajax_wpsol_ajax_single_purge_cf_cachesrc\Admin.php:410

authwp_ajax_wpsol_ajax_preload_cachesrc\Admin.php:411

authwp_ajax_wpsol_more_detailssrc\Admin.php:412

authwp_ajax_wpsol_delete_detailssrc\Admin.php:413

authwp_ajax_wpsol_check_response_dashboardsrc\Admin.php:414

authwp_ajax_wpsol_export_configurationsrc\Admin.php:415

authwp_ajax_wpsol_ajax_system_checksrc\Admin.php:416

authwp_ajax_wpsol_ajax_clear_woo_customer_sessionssrc\Admin.php:417

authwp_ajax_wpsol_ajax_clear_woocommerce_transientssrc\Admin.php:418

authwp_ajax_wpsol_ajax_load_database_elementsrc\Admin.php:419

authwp_ajax_wpsol_dismiss_notice_for_weekwp-speed-of-light.php:193

WordPress Hooks 55

actioncurrent_screenjufeedback\jufeedback.php:112

actionadmin_initjufeedback\jufeedback.php:114

actionadmin_noticesjufeedback\jufeedback.php:124

actionadmin_footerjufeedback\jufeedback.php:222

actionadmin_menusrc\Admin.php:18

actionadmin_enqueue_scriptssrc\Admin.php:22

actioninitsrc\Admin.php:24

actionadmin_print_scriptssrc\Admin.php:36

actionwpsol_auto_purge_cachesrc\Cache\CleanCacheTime.php:22

actioninitsrc\Cache\CleanCacheTime.php:23

filtercron_schedulessrc\Cache\CleanCacheTime.php:24

actionactivated_pluginsrc\Cache\Ecommerce.php:18

actiondeactivated_pluginsrc\Cache\Ecommerce.php:19

actionwp_loadedsrc\Cache\Ecommerce.php:20

actiontemplate_redirectsrc\Cdn\Integration.php:18

filterwpsol_cdn_content_returnsrc\Cdn\Integration.php:45

actioninitsrc\Configuration.php:20

actionwp_headsrc\Configuration.php:21

actionadmin_bar_menusrc\Configuration.php:24

actioninitsrc\Install\Install.php:22

actionadmin_initsrc\Install\Install.php:23

actionadmin_initsrc\Install\Install.php:25

actionadmin_menusrc\Install\InstallWizard.php:52

actionadmin_initsrc\Install\InstallWizard.php:53

actionadmin_noticessrc\JUCheckRequirements.php:437

actionadmin_noticessrc\JUCheckRequirements.php:440

actionadmin_noticessrc\JUCheckRequirements.php:443

actionadmin_initsrc\JUCheckRequirements.php:446

actionload_textdomainsrc\Jutranslation.php:70

actionadmin_initsrc\Jutranslation.php:89

actionafter_setup_themesrc\Rest.php:38

actionwp_loadedsrc\Rss.php:41

actionafter_setup_themesrc\Rss.php:42

actiondo_feedsrc\Rss.php:53

actiondo_feed_rdfsrc\Rss.php:54

actiondo_feed_rsssrc\Rss.php:55

actiondo_feed_rss2src\Rss.php:56

actiondo_feed_atomsrc\Rss.php:57

actiondo_feed_rss2_commentssrc\Rss.php:58

actiondo_feed_atom_commentssrc\Rss.php:59

actionpre_post_updatesrc\SpeedOptimization.php:45

actionsave_postsrc\SpeedOptimization.php:46

actionpre_post_updatesrc\SpeedOptimization.php:49

actionsave_postsrc\SpeedOptimization.php:50

actionwp_trash_postsrc\SpeedOptimization.php:53

actioncomment_postsrc\SpeedOptimization.php:54

actionwp_set_comment_statussrc\SpeedOptimization.php:55

actionset_comment_cookiessrc\SpeedOptimization.php:56

filterwpsol_query_strings_returnsrc\SpeedOptimization.php:59

actionadmin_initwp-speed-of-light.php:119

actionadmin_noticeswp-speed-of-light.php:120

actionadmin_noticeswp-speed-of-light.php:191

actioninitwp-speed-of-light.php:263

actiontemplate_redirectwp-speed-of-light.php:312

filterwpsol_minify_content_returnwp-speed-of-light.php:469

Scheduled Events 1

wpsol_auto_purge_cache

Maintenance & Trust

WP Speed of Light Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 28, 2025

PHP min version5.6

Downloads542K

Community Trust

Rating94/100

Number of ratings88

Active installs7K

Alternatives

WP Speed of Light Alternatives

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 3 CVEs

WP Super Cache

wp-super-cache

A very fast caching engine for WordPress that produces static html files.

1.0M 12 CVEs

Breeze Cache

breeze

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K 8 CVEs

Redis Object Cache

redis-cache

100

A persistent object cache backend powered by Redis®¹. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.

300K No CVEs

Cache Enabler

cache-enabler

100

A lightweight caching plugin for WordPress that makes your website faster by generating static HTML files.

100K No CVEs

Developer Profile

WP Speed of Light Developer Profile

JoomUnited

3 plugins · 27K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

434 days

View full developer profile

Detection Fingerprints

How We Detect WP Speed of Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-speed-of-light/admin/css/admin-notice.css/wp-content/plugins/wp-speed-of-light/admin/css/bootstrap.css/wp-content/plugins/wp-speed-of-light/admin/css/font-awesome.min.css/wp-content/plugins/wp-speed-of-light/admin/css/ju-button.css/wp-content/plugins/wp-speed-of-light/admin/css/ju-content-box.css/wp-content/plugins/wp-speed-of-light/admin/css/ju-form-element.css/wp-content/plugins/wp-speed-of-light/admin/css/ju-switch.css/wp-content/plugins/wp-speed-of-light/admin/css/ju-tabs.css+14 more

Script Paths

/wp-content/plugins/wp-speed-of-light/admin/js/admin-notice.js/wp-content/plugins/wp-speed-of-light/admin/js/ju-tabs.js/wp-content/plugins/wp-speed-of-light/admin/js/plugins.js/wp-content/plugins/wp-speed-of-light/admin/js/select2.min.js/wp-content/plugins/wp-speed-of-light/admin/js/wpsol.js/wp-content/plugins/wp-speed-of-light/admin/js/wpsol-tools.js+1 more

Version Parameters

wp-speed-of-light/admin/css/admin-notice.css?ver=wp-speed-of-light/admin/css/bootstrap.css?ver=wp-speed-of-light/admin/css/font-awesome.min.css?ver=wp-speed-of-light/admin/css/ju-button.css?ver=wp-speed-of-light/admin/css/ju-content-box.css?ver=wp-speed-of-light/admin/css/ju-form-element.css?ver=wp-speed-of-light/admin/css/ju-switch.css?ver=wp-speed-of-light/admin/css/ju-tabs.css?ver=wp-speed-of-light/admin/css/light.css?ver=wp-speed-of-light/admin/css/plugins.css?ver=wp-speed-of-light/admin/css/select2.min.css?ver=wp-speed-of-light/admin/css/wpsol.css?ver=wp-speed-of-light/admin/js/admin-notice.js?ver=wp-speed-of-light/admin/js/ju-tabs.js?ver=wp-speed-of-light/admin/js/plugins.js?ver=wp-speed-of-light/admin/js/select2.min.js?ver=wp-speed-of-light/admin/js/wpsol.js?ver=wp-speed-of-light/admin/js/wpsol-tools.js?ver=wp-speed-of-light/css/wpsol-frontend.css?ver=wp-speed-of-light/css/wpsol-frontend.min.css?ver=wp-speed-of-light/js/wpsol-frontend.js?ver=wp-speed-of-light/js/wpsol-frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpsol-notice-admin-jswpsol-tab-activewpsol-tab-contentwpsol-tabs-wrapper

HTML Comments

Data Attributes

data-ju-plugin-namedata-ju-plugin-slug

JS Globals

wpsol_ajax_objectwpsol_merged_plugin_notice

FAQ