Does WPGraphQL Smart Cache have any unpatched vulnerabilities?

No. All known vulnerabilities in WPGraphQL Smart Cache have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPGraphQL Smart Cache compatible with WordPress 6.9.4?

According to WordPress.org data, WPGraphQL Smart Cache 2.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPGraphQL Smart Cache compatible with PHP 7.4+?

WPGraphQL Smart Cache requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPGraphQL Smart Cache updated?

WPGraphQL Smart Cache was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is WPGraphQL Smart Cache's security score?

WPGraphQL Smart Cache has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPGraphQL Smart Cache Security & Risk Analysis

wordpress.org/plugins/wpgraphql-smart-cache

WPGraphQL Smart Cache is a WordPress plugin that provides fast, accurate API responses by intelligently caching and invalidating WPGraphQL queries.

6K active installs v2.0.1 PHP 7.4+ WP 6.0+ Updated Dec 12, 2025

apicacheperformancepersisted-querieswpgraphql

A · Safe

CVEs total1

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is WPGraphQL Smart Cache Safe to Use in 2026?

Generally Safe

Score 99/100

WPGraphQL Smart Cache has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 12, 2025Updated 3mo ago

Risk Assessment

The wpgraphql-smart-cache plugin v2.0.1 exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent adherence to security best practices with no identified dangerous functions, all SQL queries using prepared statements, and 100% output escaping. Furthermore, the absence of file operations and external HTTP requests minimizes common attack vectors. The presence of nonce and capability checks on entry points, though limited in number, is a positive sign of security awareness.

However, the plugin's vulnerability history presents a significant concern. A past medium-severity vulnerability related to the exposure of sensitive information to unauthorized actors, even though currently patched, indicates a potential area of weakness. While the current static analysis shows no overt flaws, the historical precedent suggests that careful monitoring and timely updates are crucial for this plugin. The lack of identified taint flows in the current analysis is positive, but it doesn't negate the historical risk.

In conclusion, wpgraphql-smart-cache v2.0.1 is well-implemented from a code hygiene perspective, with a minimal attack surface and robust data handling. The primary weakness lies in its past vulnerability, specifically an information exposure flaw. This suggests a need for continued vigilance, even with the current version showing no immediate issues. The plugin's strengths in secure coding practices are commendable, but the historical context necessitates a cautious approach.

Key Concerns

Past medium vulnerability: Sensitive Info Exposure

Vulnerabilities

WPGraphQL Smart Cache Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-f33bcc8d-3d21-4de8-87ac-a5e334bb641d-wpgraphql-smart-cachemedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure

Dec 12, 2025 Patched in 2.0.1 (35d)

Code Analysis

Analyzed Mar 16, 2026

WPGraphQL Smart Cache Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped30 total outputs

Attack Surface

WPGraphQL Smart Cache Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 84

filterwp_insert_post_datasrc\Admin\Editor.php:23

actionuntrashed_postsrc\Admin\Editor.php:25

filtergettextsrc\Admin\Editor.php:31

filterwp_editor_settingssrc\Admin\Editor.php:36

filtergraphql_setting_field_configsrc\Admin\Settings.php:92

filtergraphql_get_setting_section_field_valuesrc\Admin\Settings.php:93

actiongraphql_register_settingssrc\Admin\Settings.php:96

actionadmin_noticessrc\AdminErrors.php:21

filterpost_updated_messagessrc\AdminErrors.php:22

actiongraphql_return_responsesrc\Cache\Collection.php:23

actionwpgraphql_cache_purge_allsrc\Cache\Invalidation.php:48

actiongraphql_purgesrc\Cache\Invalidation.php:51

actiontransition_post_statussrc\Cache\Invalidation.php:56

actionpost_updatedsrc\Cache\Invalidation.php:60

actiondeleted_postsrc\Cache\Invalidation.php:63

actionupdated_post_metasrc\Cache\Invalidation.php:66

actionadded_post_metasrc\Cache\Invalidation.php:71

actiondeleted_post_metasrc\Cache\Invalidation.php:74

actioncreated_termsrc\Cache\Invalidation.php:78

actiondelete_termsrc\Cache\Invalidation.php:79

actionadded_term_metasrc\Cache\Invalidation.php:80

actionupdated_term_metasrc\Cache\Invalidation.php:81

actiondeleted_term_metasrc\Cache\Invalidation.php:82

actionsaved_termsrc\Cache\Invalidation.php:85

actionadded_term_relationshipsrc\Cache\Invalidation.php:88

actiondeleted_term_relationshipssrc\Cache\Invalidation.php:89

actionupdated_user_metasrc\Cache\Invalidation.php:94

actionadded_user_metasrc\Cache\Invalidation.php:95

actiondeleted_user_metasrc\Cache\Invalidation.php:96

actionprofile_updatesrc\Cache\Invalidation.php:97

actiondeleted_usersrc\Cache\Invalidation.php:98

filterpre_set_theme_mod_nav_menu_locationssrc\Cache\Invalidation.php:102

actionwp_update_nav_menusrc\Cache\Invalidation.php:103

actionwp_create_nav_menusrc\Cache\Invalidation.php:104

actionadded_term_metasrc\Cache\Invalidation.php:106

actionupdated_term_metasrc\Cache\Invalidation.php:107

actiondeleted_term_metasrc\Cache\Invalidation.php:108

actionadded_term_relationshipsrc\Cache\Invalidation.php:111

actionwp_update_nav_menu_itemsrc\Cache\Invalidation.php:112

actiondeleted_postsrc\Cache\Invalidation.php:113

actionupdated_post_metasrc\Cache\Invalidation.php:115

actionadded_post_metasrc\Cache\Invalidation.php:116

actiondeleted_post_metasrc\Cache\Invalidation.php:117

actionadd_attachmentsrc\Cache\Invalidation.php:121

actionedit_attachmentsrc\Cache\Invalidation.php:122

actiondelete_attachmentsrc\Cache\Invalidation.php:123

actionwp_save_image_editor_filesrc\Cache\Invalidation.php:124

actionwp_save_image_filesrc\Cache\Invalidation.php:125

actionwp_insert_commentsrc\Cache\Invalidation.php:129

actiontransition_comment_statussrc\Cache\Invalidation.php:130

filterpre_graphql_execute_requestsrc\Cache\Results.php:38

actiongraphql_return_responsesrc\Cache\Results.php:39

actionwpgraphql_cache_purge_nodessrc\Cache\Results.php:40

actionwpgraphql_cache_purge_allsrc\Cache\Results.php:41

filtergraphql_request_resultssrc\Cache\Results.php:42

filtergraphql_response_headers_to_sendsrc\Cache\Results.php:45

actiongraphql_register_typessrc\Document\Description.php:18

filtergraphql_post_object_insert_post_argssrc\Document\Description.php:38

actiongraphql_register_typessrc\Document\Grant.php:61

filtergraphql_validation_rulessrc\Document\Grant.php:82

filtergraphql_mutation_inputsrc\Document\Grant.php:84

actiongraphql_mutation_responsesrc\Document\Grant.php:85

actiongraphql_register_typessrc\Document\MaxAge.php:53

filtergraphql_response_headers_to_sendsrc\Document\MaxAge.php:75

filterpre_graphql_execute_requestsrc\Document\MaxAge.php:76

filtergraphql_mutation_inputsrc\Document\MaxAge.php:78

actiongraphql_mutation_responsesrc\Document\MaxAge.php:79

filtergraphql_request_datasrc\Document.php:25

filtergraphql_execute_query_paramssrc\Document.php:26

actionpost_updatedsrc\Document.php:28

filterwp_insert_post_datasrc\Document.php:31

filtergraphql_post_object_insert_post_argssrc\Document.php:35

filtergraphql_mutation_inputsrc\Document.php:36

actiongraphql_mutation_responsesrc\Document.php:37

actionbefore_delete_postsrc\Document.php:40

actiongraphql_register_typessrc\Document.php:82

actiongraphql_server_configwp-graphql-smart-cache.php:101

actioninitwp-graphql-smart-cache.php:114

actionadmin_initwp-graphql-smart-cache.php:123

actionadmin_noticeswp-graphql-smart-cache.php:167

actionadmin_initwp-graphql-smart-cache.php:187

actionwp_loadedwp-graphql-smart-cache.php:200

actionwpgraphql_smart_cache_query_garbage_collectwp-graphql-smart-cache.php:251

actionwpgraphql_smart_cache_query_garbage_collect_deleteswp-graphql-smart-cache.php:277

Scheduled Events 3

wpgraphql_smart_cache_query_garbage_collect

wpgraphql_smart_cache_query_garbage_collect_deletes

Maintenance & Trust

WPGraphQL Smart Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 12, 2025

PHP min version7.4

Downloads70K

Community Trust

Rating100/100

Number of ratings4

Active installs6K

Alternatives

WPGraphQL Smart Cache Alternatives

Native Performance

native-performance

100

Improve the performance of your WordPress: Reduce load times, solve common errors and more using the Native Performance plugin.

10 No CVEs

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

The simplest and fastest WP Cache system

1.0M 35 CVEs

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 3 CVEs

WP Super Cache

wp-super-cache

A very fast caching engine for WordPress that produces static html files.

1.0M 12 CVEs

Breeze Cache

breeze

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K 8 CVEs

Developer Profile

WPGraphQL Smart Cache Developer Profile

Jason Bahl

3 plugins · 46K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1152 days

View full developer profile

Detection Fingerprints

How We Detect WPGraphQL Smart Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-graphql-smart-cache/dist/css/admin.css/wp-content/plugins/wp-graphql-smart-cache/dist/js/admin.js/wp-content/plugins/wp-graphql-smart-cache/dist/js/editor.js/wp-content/plugins/wp-graphql-smart-cache/dist/js/graphql-composer.js/wp-content/plugins/wp-graphql-smart-cache/dist/js/graphql-composer-block.js/wp-content/plugins/wp-graphql-smart-cache/dist/js/graphql-composer-editor.js

Version Parameters

wp-graphql-smart-cache/dist/css/admin.css?ver=wp-graphql-smart-cache/dist/js/admin.js?ver=wp-graphql-smart-cache/dist/js/editor.js?ver=wp-graphql-smart-cache/dist/js/graphql-composer.js?ver=wp-graphql-smart-cache/dist/js/graphql-composer-block.js?ver=wp-graphql-smart-cache/dist/js/graphql-composer-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpgraphql-smart-cache-editor-field-group

HTML Comments

wp-graphql-smart-cacheWPGraphQL Smart Cache

Data Attributes

data-graphql-composer-editordata-graphql-composer-fielddata-graphql-composer-field-typedata-graphql-composer-blockdata-graphql-composer-block-typedata-graphql-composer-parent-type

JS Globals

wp_graphql_smart_cache_settings

REST Endpoints

/wp-json/wp-graphql-smart-cache/

FAQ