Does WP Super Cache have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Super Cache have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Super Cache compatible with WordPress 6.9.4?

According to WordPress.org data, WP Super Cache 3.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Super Cache compatible with PHP 7.2+?

WP Super Cache requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Super Cache updated?

WP Super Cache was last updated on Nov 11, 2025. Frequent updates are generally a positive security signal.

What is WP Super Cache's security score?

WP Super Cache has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Super Cache Security & Risk Analysis

wordpress.org/plugins/wp-super-cache

A very fast caching engine for WordPress that produces static html files.

1.0M active installs v3.0.3 PHP 7.2+ WP 6.7+ Updated Nov 11, 2025

cachecachingperformancewp-cachewp-super-cache

A · Safe

CVEs total12

Unpatched0

Last CVEOct 3, 2022

Plugin page Download

Safety Verdict

Is WP Super Cache Safe to Use in 2026?

Generally Safe

Score 95/100

WP Super Cache has a strong security track record. Known vulnerabilities have been patched promptly.

12 known CVEsLast CVE: Oct 3, 2022Updated 4mo ago

Risk Assessment

WP Super Cache v3.0.3 presents a mixed security posture. While it demonstrates good practices by employing nonce checks and capability checks for many of its entry points, and crucially has no currently unpatched CVEs, several concerning signals remain. The presence of 3 AJAX handlers without authentication checks significantly expands the attack surface, potentially allowing unauthorized users to trigger plugin functionality. The taint analysis revealing flows with unsanitized paths, although not reaching critical or high severity in this specific analysis, is a warning sign that input validation and sanitization might be inconsistent. The plugin's vulnerability history, with 12 known CVEs including critical and high-severity issues in the past, points to a recurring pattern of potential vulnerabilities. Common types like accepting extraneous data, code injection, XSS, and deserialization issues suggest that careful input handling has been a challenge in its development. Despite the lack of current unpatched vulnerabilities and the presence of some security controls, the history and the identified unprotected AJAX endpoints warrant caution. Continuous monitoring and prompt updates remain essential for this plugin.

Key Concerns

AJAX handlers without authentication checks
Flows with unsanitized paths in taint analysis
History of critical CVEs
History of high severity CVEs
History of medium severity CVEs
Low percentage of properly escaped output

Vulnerabilities

WP Super Cache Security Vulnerabilities

CVEs by Year

3 CVEs in 2014

2014

4 CVEs in 2015

2015

1 CVE in 2017

2017

3 CVEs in 2021

2021

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

12 total CVEs

WF-505edcf7-7015-453e-abd2-e2cd68a3a9f6-wp-super-cachemedium · 6.5Acceptance of Extraneous Untrusted Data With Trusted Data

WP Super Cache <= 1.8 - Unauthenticated Cache Poisoning

Oct 3, 2022 Patched in 1.9 (477d)

CVE-2021-24312high · 7.2Improper Control of Generation of Code ('Code Injection')

WP Super Cache <= 1.7.2 - Authenticated Remote Code Execution

May 14, 2021 Patched in 1.7.3 (984d)

CVE-2021-24329medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Super Cache <= 1.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 12, 2021 Patched in 1.7.3 (1016d)

CVE-2021-24209high · 7.2Improper Input Validation

WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution

Mar 16, 2021 Patched in 1.7.2 (1043d)

WF-51d98277-a1d7-4708-8daf-88948a235375-wp-super-cachemedium · 5.3Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Super Cache <= 1.4.8 - Cross-Site Scripting

Feb 3, 2017 Patched in 1.4.9 (2545d)

WF-13981037-e698-42a7-9471-e27486cf1a4e-wp-super-cachemedium · 5.3Exposure of Information Through Directory Listing

WP Super Cache <= 1.4.4 - Directory Listing

Sep 25, 2015 Patched in 1.4.5 (3042d)

WF-51b6c73d-fd4f-4469-9859-fbae61b5924c-wp-super-cachemedium · 5.4Improper Input Validation

WP Super Cache <= 1.4.4 - Authenticated File Deletion

Sep 25, 2015 Patched in 1.4.5 (3042d)

WF-634ccd08-4f2e-4a06-8c64-dfe38fa3a481-wp-super-cachehigh · 8.1Deserialization of Untrusted Data

WP Super Cache <= 1.4.4 - PHP Object Injection

Sep 25, 2015 Patched in 1.4.5 (3042d)

WF-353804e8-0d5a-4633-974c-6eb7a3eeba61-wp-super-cachehigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Super Cache < 1.4.3 - Cross Site Scripting

Apr 7, 2015 Patched in 1.4.3 (3213d)

CVE-2013-2008medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting

Aug 1, 2014 Patched in 1.3.1 (3462d)

CVE-2013-2011critical · 9.8Improper Control of Generation of Code ('Code Injection')

WP Super Cache < 1.3.2 - Remote Code Execution

Aug 1, 2014 Patched in 1.3.2 (3462d)

CVE-2013-2009high · 8.8Improper Control of Generation of Code ('Code Injection')

WP Super Cache <= 1.2 - Remote Code Execution

Aug 1, 2014 Patched in 1.3 (3462d)

Code Analysis

Analyzed Mar 16, 2026

WP Super Cache Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

276

134 escaped

Nonce Checks

Capability Checks

File Operations

182

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

33% escaped410 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

wp_cache_serve_cache_file (wp-cache-phase2.php:128)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WP Super Cache Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 8

authwp_ajax_wpsc_dismiss_boost_noticeinc\boost.php:93

authwp_ajax_wpsc_activate_boostinc\boost.php:105

authwp_ajax_ajax-delete-cacheinc\delete-cache-button.php:76

authwp_ajax_wpsc_install_pluginwp-cache.php:339

authwp_ajax_wpsc-hide-boost-bannerwp-cache.php:372

authwp_ajax_wpsc_activate_boostwp-cache.php:394

authwp_ajax_wpsc-index-dismisswp-cache.php:2092

authwp_ajax_wpsc_get_preload_statuswp-cache.php:3313

WordPress Hooks 71

actionadmin_noticesinc\boost.php:76

actionwpsc_created_advanced_cacheinc\boost.php:139

actionadmin_bar_menuinc\delete-cache-button.php:41

actionadmin_enqueue_scriptsinc\delete-cache-button.php:77

actionadmin_initinc\delete-cache-button.php:142

actionadmin_footerinc\preload-notification.php:29

actioninitossdl-cdn.php:10

filterwp_cache_ob_callback_filterossdl-cdn.php:227

filterwpsupercache_bufferplugins\awaitingmoderation.php:11

filterwp_super_cache_supercachedirplugins\domain-mapping.php:56

actiongc_cacheplugins\domain-mapping.php:57

actionadmin_noticesplugins\domain-mapping.php:120

actionwp_footerplugins\dynamic-cache-test.php:94

actionwp_footerplugins\dynamic-cache-test.php:175

filterwpmu_blogs_columnsplugins\multisite.php:8

actionmanage_sites_custom_columnplugins\multisite.php:9

actioninitplugins\multisite.php:10

actionadmin_noticesplugins\multisite.php:65

actionadmin_noticesplugins\wptouch.php:56

actionrest_api_initrest\load.php:166

actionwp_footerwp-cache-phase1.php:31

filtersupercache_filename_strwp-cache-phase1.php:182

actioninitwp-cache-phase2.php:432

actionwp_footerwp-cache-phase2.php:1535

actiontemplate_redirectwp-cache-phase2.php:1566

filterwp_redirect_statuswp-cache-phase2.php:1567

filterstatus_headerwp-cache-phase2.php:1568

filtersupercache_filename_strwp-cache-phase2.php:1569

actionwp_trash_postwp-cache-phase2.php:1626

actionpublish_postwp-cache-phase2.php:1627

actionedit_postwp-cache-phase2.php:1628

actiondelete_postwp-cache-phase2.php:1629

actionpublish_phonewp-cache-phase2.php:1630

actiontrackback_postwp-cache-phase2.php:1633

actionpingback_postwp-cache-phase2.php:1634

actioncomment_postwp-cache-phase2.php:1635

actionedit_commentwp-cache-phase2.php:1636

actionwp_set_comment_statuswp-cache-phase2.php:1637

actionswitch_themewp-cache-phase2.php:1640

actionedit_user_profile_updatewp-cache-phase2.php:1641

actionwp_update_nav_menuwp-cache-phase2.php:1642

actionclean_post_cachewp-cache-phase2.php:1643

actiontransition_post_statuswp-cache-phase2.php:1644

actionwp_cache_gcwp-cache-phase2.php:1647

actionwp_cache_gc_watcherwp-cache-phase2.php:1648

actioninitwp-cache.php:159

actiontemplate_redirectwp-cache.php:167

actionadmin_enqueue_scriptswp-cache.php:181

actionadmin_menuwp-cache.php:299

actionnetwork_admin_menuwp-cache.php:305

actionadmin_enqueue_scriptswp-cache.php:334

filterwp_super_cache_error_checkingwp-cache.php:737

actionadmin_initwp-cache.php:970

actioncomment_formwp-cache.php:1471

actionadmin_noticeswp-cache.php:2055

actionadmin_noticeswp-cache.php:2086

actionadmin_initwp-cache.php:2105

actionafter_plugin_rowwp-cache.php:2966

filterplugin_action_linkswp-cache.php:2975

actionadmin_noticeswp-cache.php:2988

actionwp_cache_check_site_hookwp-cache.php:3034

actionwp_cache_preload_hookwp-cache.php:3694

actionwp_cache_full_preload_hookwp-cache.php:3695

filteroption_preload_cache_counterwp-cache.php:3734

actioninitwp-cache.php:3742

actiongc_cachewp-cache.php:4266

actionwpsc_add_pluginwp-cache.php:4309

actionwpsc_delete_pluginwp-cache.php:4326

actionwpsc_add_cookiewp-cache.php:4345

actionwpsc_delete_cookiewp-cache.php:4359

actionadmin_initwp-cache.php:4395

Scheduled Events 17

wp_cache_gc

wp_cache_add_site_cache_index

wp_cache_gc

wp_cache_check_site_hook

wp_cache_gc_watcher

wp_cache_gc

wp_cache_check_site_hook

wp_cache_gc

wp_cache_check_site_hook

wp_cache_full_preload_hook

wp_cache_preload_hook

wp_cache_full_preload_hook

wp_cache_gc

Maintenance & Trust

WP Super Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 11, 2025

PHP min version7.2

Downloads62.2M

Community Trust

Rating86/100

Number of ratings1,341

Active installs1.0M

Alternatives

WP Super Cache Alternatives

Breeze Cache

breeze

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K 8 CVEs

Clear All Cache for WP Super Cache

wp-super-cache-clear-cache-menu

100

Clear all cache for WP Super Cache adds a menu entry to the admin menu to clear the cache completely .

7K No CVEs

DB Cache Reloaded Fix

db-cache-reloaded-fix

The fastest cache engine for WordPress, that produces cache of database queries with easy configuration. Compatible with WordPress 3.4

2K No CVEs

Uncache Script

uncache-script

Force your scripts and style to uncache

300 No CVEs

Serve Static – Automatic WordPress Static Page generator

serve_static

Serve Static is a static HTML page generator WordPress plugin to create and serve static copies of your existing web pages to avoid PHP/DB load.

100 No CVEs

Developer Profile

WP Super Cache Developer Profile

Automattic

213 plugins · 19.2M total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1384 days

View full developer profile

Detection Fingerprints

How We Detect WP Super Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-super-cache/styling/dashboard.css

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-wpsc-nonce

JS Globals

window.wpsc_paramsvar wpsc_params

REST Endpoints

/wp-json/wp-super-cache/v1/settings

FAQ

WP Super Cache Security & Risk Analysis

Is WP Super Cache Safe to Use in 2026?

Generally Safe

Key Concerns

WP Super Cache Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Super Cache Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Super Cache Attack Surface

AJAX Handlers 8

Scheduled Events 17

WP Super Cache Maintenance & Trust

Maintenance Signals

Community Trust

WP Super Cache Alternatives

Breeze Cache

Clear All Cache for WP Super Cache

DB Cache Reloaded Fix

Uncache Script

Serve Static – Automatic WordPress Static Page generator

WP Super Cache Developer Profile

How We Detect WP Super Cache

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Super Cache