WP-Safety

WPCacheOn – WordPress Caching plugin Security & Risk Analysis

wordpress.org/plugins/wpcacheon

A simple and lightweight caching plugin for WordPress that boosts website loading time and enhances performance scores on GTMetrix and Pingdom.

30 active installs v2.3.0 PHP 5.4+ WP 4.6+ Updated Sep 28, 2025
cachecachingoptimizeperformancewpcacheon
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPCacheOn – WordPress Caching plugin Safe to Use in 2026?

Generally Safe

Score 100/100

WPCacheOn – WordPress Caching plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The wpcacheon v2.3.0 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and generally employing proper output escaping. Its vulnerability history is clean, with no recorded CVEs, suggesting a generally well-maintained codebase or a low profile that hasn't attracted significant scrutiny. However, there are notable areas of concern. A significant portion of its attack surface is exposed without adequate authentication checks. Specifically, four out of five AJAX handlers lack these critical security measures, creating a substantial risk of unauthorized actions. The presence of unsanitized paths in taint analysis, although not reaching critical or high severity in this specific scan, warrants attention as it indicates potential for path traversal or file manipulation vulnerabilities if combined with other weaknesses. The use of the `unserialize` function is also a red flag, as it can be a vector for remote code execution if it processes untrusted data. The combination of unprotected AJAX endpoints and the `unserialize` function is particularly worrying.

Key Concerns

  • 4 unprotected AJAX handlers
  • Use of unserialize function
  • Flows with unsanitized paths
Vulnerabilities
None known

WPCacheOn – WordPress Caching plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WPCacheOn – WordPress Caching plugin Release Timeline

v2.3.0Current
v2.2.0
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.2.7
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.0
v1.1.5
Code Analysis
Analyzed Apr 16, 2026

WPCacheOn – WordPress Caching plugin Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
9 prepared
Unescaped Output
19
73 escaped
Nonce Checks
5
Capability Checks
8
File Operations
42
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize(file_get_contents($file));includes/cache/DiskCache.php:37
unserialize$data = unserialize(file_get_contents($file));includes/cache/DiskCache.php:101
unserialize$data = unserialize(file_get_contents($file));includes/cache/DiskCache.php:111
unserialize$data = unserialize($this->memcached->get($key));includes/cache/MemcachedCache.php:58
unserialize$data = unserialize($this->memcached->get($key));includes/cache/MemcachedCache.php:102
unserialize$data = unserialize($this->memcached->get($key));includes/cache/MemcachedCache.php:202
unserialize$unserialized = @unserialize($data);includes/cache/MemoryCache.php:232
unserialize$unserialized = @unserialize($data);includes/cache/MemoryCache.php:269
unserialize$data = unserialize($this->redis->get($key));includes/cache/RedisCache.php:48
unserialize$data = unserialize($this->redis->get($key));includes/cache/RedisCache.php:87
unserialize$data = unserialize($this->redis->get($key));includes/cache/RedisCache.php:171

SQL Query Safety

100% prepared9 total queries

Output Escaping

79% escaped92 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
<advanced-cache> (includes/advanced-cache.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

WPCacheOn – WordPress Caching plugin Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_wco_send_deactivation_feedbackadmin/wco-admin.php:63
authwp_ajax_ajax_trigger_precacheincludes/wco.php:149
authwp_ajax_ajax_clear_cacheincludes/wco.php:151
authwp_ajax_ajax_save_wco_settingsincludes/wco.php:153
authwp_ajax_ajax_clear_page_cacheincludes/wco.php:155
WordPress Hooks 35
actionupgrader_process_completeadmin/wco-admin.php:57
actionadmin_menuadmin/wco-admin.php:59
actionadmin_enqueue_scriptsadmin/wco-admin.php:60
actionadmin_enqueue_scriptsadmin/wco-admin.php:61
actionadmin_footeradmin/wco-admin.php:62
actionwpmu_new_blogadmin/wco-admin.php:65
actiondelete_blogadmin/wco-admin.php:66
actionadmin_menuadmin/wco-admin.php:68
actionadmin_noticesadmin/wco-admin.php:71
actionadmin_initadmin/wco-admin.php:72
actiontransition_comment_statusadmin/wco-admin.php:74
actioncomment_postadmin/wco-admin.php:75
actionedit_commentadmin/wco-admin.php:76
filterdashboard_glance_itemsadmin/wco-admin.php:78
actionpost_submitbox_misc_actionsadmin/wco-admin.php:79
filterplugin_row_metaadmin/wco-admin.php:80
actionadmin_noticesadmin/wco-admin.php:84
actionadmin_noticesadmin/wco-admin.php:85
actionplugins_loadedincludes/wco.php:131
actionadmin_bar_menuincludes/wco.php:146
filterscript_loader_srcincludes/wco.php:163
filterstyle_loader_srcincludes/wco.php:164
actioninitincludes/wco.php:166
actioninitincludes/wco.php:167
actioncon_clear_post_cacheincludes/wco.php:169
actioncon_clear_cacheincludes/wco.php:170
action_core_updated_successfullyincludes/wco.php:171
actionswitch_themeincludes/wco.php:172
actionwp_trash_postincludes/wco.php:173
actionautoptimize_action_cachepurgedincludes/wco.php:174
actionwp_enqueue_scriptsincludes/wco.php:177
actionwp_enqueue_scriptsincludes/wco.php:178
actionpre_comment_approvedincludes/wco.php:193
actiontemplate_redirectincludes/wco.php:194
actionsend_headersincludes/wco.php:198
Maintenance & Trust

WPCacheOn – WordPress Caching plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 28, 2025
PHP min version5.4
Downloads10K

Community Trust

Rating90/100
Number of ratings4
Active installs30
Alternatives

WPCacheOn – WordPress Caching plugin Alternatives

Cachify

Cachify

cachify

A
100

Smart, efficient cache solution for WordPress. Use DB, HDD, Redis or Memcached for storing your blog pages. Make WordPress faster!

9K No CVEs
Next Page Caching

Next Page Caching

next-page-caching

A
85

Speed up the loading of the NEXT page your visitors will go to.

10 No CVEs
LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

A
86

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

A
92

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 5 CVEs
Developer Profile

WPCacheOn – WordPress Caching plugin Developer Profile

jeffreycooper

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPCacheOn – WordPress Caching plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpcacheon/public/css/wco-public.css/wp-content/plugins/wpcacheon/public/js/wco-public.js
Version Parameters
wpcacheon/public/css/wco-public.css?ver=wpcacheon/public/js/wco-public.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-wco-setting
JS Globals
wco_data
FAQ

Frequently Asked Questions about WPCacheOn – WordPress Caching plugin