Does WPJAM Basic have any unpatched vulnerabilities?

No. All known vulnerabilities in WPJAM Basic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPJAM Basic compatible with WordPress 6.9.4?

According to WordPress.org data, WPJAM Basic 6.9.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPJAM Basic compatible with PHP 7.4+?

WPJAM Basic requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPJAM Basic updated?

WPJAM Basic was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is WPJAM Basic's security score?

WPJAM Basic has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPJAM Basic Security & Risk Analysis

wordpress.org/plugins/wpjam-basic

WPJAM Basic 是我爱水煮鱼博客多年来使用 WordPress 来整理的优化插件，WPJAM Basic 除了能够优化你的 WordPress，也是 WordPress 果酱团队进行 WordPress 二次开发的基础。

4K active installs v6.9.4 PHP 7.4+ WP 6.7+ Updated Mar 7, 2026

memcachedwpjam%e6%80%a7%e8%83%bd%e4%bc%98%e5%8c%96

A · Safe

CVEs total2

Unpatched0

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is WPJAM Basic Safe to Use in 2026?

Generally Safe

Score 96/100

WPJAM Basic has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 20, 2026Updated 27d ago

Risk Assessment

The wpjam-basic plugin version 6.9.4 presents a mixed security posture. While it demonstrates good practices such as a low attack surface with only one entry point (a shortcode) and a significant percentage of SQL queries using prepared statements, there are notable areas of concern. The presence of two dangerous 'unserialize' functions, coupled with two flows with unsanitized paths identified in the taint analysis, suggests potential vulnerabilities, even though no critical or high severity taint issues were found. The plugin has a history of one medium severity CVE related to Cross-site Scripting, which, despite being patched, indicates that input sanitization and output escaping are areas that have required attention in the past. The low percentage of properly escaped outputs (34%) is a significant weakness, increasing the risk of XSS vulnerabilities if not handled carefully in all code paths. The limited number of external HTTP requests and file operations are positive aspects. Overall, while the plugin has a controlled attack surface and generally uses prepared statements, the identified 'unserialize' functions, unsanitized paths, and particularly the poor output escaping percentage warrant careful monitoring and potential further investigation to mitigate risks.

Key Concerns

Dangerous function unserialize detected
Flows with unsanitized paths detected
Low percentage of properly escaped outputs
Past medium CVE for XSS

Vulnerabilities

WPJAM Basic Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2026-32523high · 8.8Unrestricted Upload of File with Dangerous Type

WPJAM Basic <= 6.9.2 - Authenticated (Subscriber+) Arbitrary File Upload

Mar 20, 2026 Patched in 6.9.2.1 (8d)

CVE-2023-23709medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPJAM Basic <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Apr 20, 2023 Patched in 6.2.1.1 (278d)

Code Analysis

Analyzed Mar 16, 2026

WPJAM Basic Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$result = @unserialize($serialized);public\wpjam-utils.php:1377

unserialize$result = @unserialize($fixed);public\wpjam-utils.php:1381

SQL Query Safety

80% prepared40 total queries

Output Escaping

34% escaped73 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

add_hooks (components\wpjam-enhance.php:21)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPJAM Basic Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[related] extends\related-posts.php:94

WordPress Hooks 121

filterwpjam_thumbnailcdn\qiniu.php:2

actioninitcdn\remote.php:63

actiontemplate_redirectcdn\remote.php:69

filterthe_contentcdn\remote.php:75

actionadmin_menucomponents\wpjam-admin.php:19

actionpre_get_commentscomponents\wpjam-admin.php:130

filterpre_set_site_transient_update_pluginscomponents\wpjam-admin.php:167

actionwpjam_admin_initcomponents\wpjam-admin.php:275

actionwp_loadedcomponents\wpjam-basic.php:58

actiontemplate_redirectcomponents\wpjam-basic.php:62

filterthe_generatorcomponents\wpjam-basic.php:67

filterrun_wptexturizecomponents\wpjam-basic.php:84

filtershow_admin_barcomponents\wpjam-basic.php:89

filteradmin_email_check_intervalcomponents\wpjam-basic.php:109

actionadmin_initcomponents\wpjam-basic.php:114

filterxmlrpc_methodscomponents\wpjam-basic.php:144

filterautomatic_updater_disabledcomponents\wpjam-basic.php:169

filteroption_wp_page_for_privacy_policycomponents\wpjam-basic.php:187

filteruse_block_editor_for_post_typecomponents\wpjam-basic.php:196

actionin_admin_headercomponents\wpjam-basic.php:200

actionadmin_menucomponents\wpjam-basic.php:211

actionadmin_initcomponents\wpjam-basic.php:217

actiondo_meta_boxescomponents\wpjam-basic.php:227

filterwpjam_thumbnailcomponents\wpjam-cdn.php:206

filterwpjam_htmlcomponents\wpjam-cdn.php:235

actionplugins_loadedcomponents\wpjam-cdn.php:265

filtercron_schedulescomponents\wpjam-crons.php:162

filterupdate_footercomponents\wpjam-custom.php:70

actionadmin_bar_menucomponents\wpjam-custom.php:74

filterwp_update_attachment_metadatacomponents\wpjam-enhance.php:23

actionsend_headerscomponents\wpjam-enhance.php:26

actiontemplate_redirectcomponents\wpjam-enhance.php:36

filterregister_taxonomy_argscomponents\wpjam-enhance.php:38

filterget_avatar_urlcomponents\wpjam-enhance.php:82

filterpre_get_avatar_datacomponents\wpjam-enhance.php:96

filterwpjam_htmlcomponents\wpjam-enhance.php:139

actionrestrict_manage_postscomponents\wpjam-posts.php:97

actionrestrict_manage_postscomponents\wpjam-posts.php:108

filterwpjam_single_rowcomponents\wpjam-posts.php:185

filterold_slug_redirect_post_idcomponents\wpjam-posts.php:194

filterget_the_excerptcomponents\wpjam-posts.php:203

filterfallback_intermediate_image_sizescomponents\wpjam-thumbnail.php:101

filterhas_post_thumbnailcomponents\wpjam-thumbnail.php:103

actiontemplate_redirectextends\301-redirects.php:34

actionwp_after_insert_postextends\baidu-zz.php:182

actionpost_submitbox_misc_actionsextends\baidu-zz.php:183

actionpublish_future_postextends\baidu-zz.php:191

actionwp_after_insert_postextends\bing-webmaster.php:200

actionpublish_future_postextends\bing-webmaster.php:205

actionwp_loadedextends\custom-footer.php:2

actionwp_after_insert_postextends\post-type-switcher.php:108

actionpost_submitbox_misc_actionsextends\post-type-switcher.php:109

actionadmin_headextends\post-type-switcher.php:110

filterwp_insert_post_dataextends\quick-excerpt.php:29

actionpre_get_postsextends\wpjam-posts-per-page.php:135

filterthe_contentextends\wpjam-postviews.php:140

actionwp_after_insert_postextends\wpjam-postviews.php:149

actionwp_headextends\wpjam-postviews.php:169

filtercomments_rewrite_rulesextends\wpjam-rewrites.php:67

filterdate_rewrite_rulesextends\wpjam-rewrites.php:68

actioninitextends\wpjam-rewrites.php:68

actiongenerate_rewrite_rulesextends\wpjam-rewrites.php:70

filterrewrite_rules_arrayextends\wpjam-rewrites.php:73

filteradditional_capabilities_displayextends\wpjam-roles.php:126

filterwpjam_htmlextends\wpjam-seo.php:173

filterrobots_txtextends\wpjam-seo.php:178

filterdocument_titleextends\wpjam-seo.php:179

filterwp_video_shortcode_overrideextends\wpjam-shortcodes.php:81

actionphpmailer_initextends\wpjam-smtp.php:38

filterwp_mail_fromextends\wpjam-smtp.php:50

filterwp_mail_from_nameextends\wpjam-smtp.php:52

actionwp_mail_failedextends\wpjam-smtp.php:55

actionwp_headextends\wpjam-speculation-rules.php:22

filterwp_speculation_rules_configurationextends\wpjam-speculation-rules.php:24

actionwp_headextends\wpjam-toc.php:103

actionadmin_enqueue_scriptsincludes\class-wpjam-admin.php:125

actionall_admin_noticesincludes\class-wpjam-admin.php:126

actioncurrent_screenincludes\class-wpjam-admin.php:171

actionadmin_initincludes\class-wpjam-admin.php:194

filterwpjam_htmlincludes\class-wpjam-admin.php:198

filterparent_fileincludes\class-wpjam-admin.php:380

actionadmin_footerincludes\class-wpjam-admin.php:465

filterpost_updated_messagesincludes\class-wpjam-admin.php:690

filterredirect_post_locationincludes\class-wpjam-admin.php:691

filteradmin_post_thumbnail_htmlincludes\class-wpjam-admin.php:692

actionadd_meta_boxesincludes\class-wpjam-admin.php:694

actionwp_after_insert_postincludes\class-wpjam-admin.php:695

filterterm_updated_messagesincludes\class-wpjam-admin.php:700

filterpre_insert_termincludes\class-wpjam-admin.php:709

actioncreated_termincludes\class-wpjam-admin.php:710

actionedited_termincludes\class-wpjam-admin.php:714

actionplugins_loadedincludes\class-wpjam-api.php:178

actionloop_startincludes\class-wpjam-api.php:220

actionloop_endincludes\class-wpjam-api.php:221

filterroot_rewrite_rulesincludes\class-wpjam-api.php:231

actionwpjam_apiincludes\class-wpjam-api.php:540

actionwpjam_admin_initincludes\class-wpjam-api.php:546

filterwp_die_ajax_handlerincludes\class-wpjam-api.php:1619

filterscript_loader_srcincludes\class-wpjam-api.php:1663

actionall_admin_noticesincludes\class-wpjam-api.php:1714

filterpost_type_linkincludes\class-wpjam-core.php:166

filterposts_clausesincludes\class-wpjam-core.php:168

filterposts_resultsincludes\class-wpjam-core.php:200

filterpre_term_linkincludes\class-wpjam-core.php:450

filterrequestincludes\class-wpjam-core.php:452

filterlogin_display_language_dropdownincludes\class-wpjam-core.php:1757

actionlogin_initincludes\class-wpjam-core.php:1794

actionwpjam_admin_initincludes\class-wpjam-core.php:1795

filterlist_table_primary_columnincludes\class-wpjam-list-table.php:32

filterwpjam_htmlincludes\class-wpjam-list-table.php:585

actionparse_term_queryincludes\class-wpjam-list-table.php:587

actionwpjam_plugin_pagepublic\wpjam-compat.php:595

actionwpjam_apipublic\wpjam-compat.php:1142

filterrewrite_rules_arraypublic\wpjam-compat.php:1143

actionwpjam_plugin_pagepublic\wpjam-compat.php:1146

filterwpjam_pre_jsonpublic\wpjam-functions.php:176

actionwp_error_addedpublic\wpjam-route.php:742

filterquery_varspublic\wpjam-route.php:806

filterrequestpublic\wpjam-route.php:807

actionparse_requestpublic\wpjam-route.php:808

filtertemplate_includepublic\wpjam-route.php:841

Maintenance & Trust

WPJAM Basic Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version7.4

Downloads660K

Community Trust

Rating76/100

Number of ratings32

Active installs4K

Alternatives

WPJAM Basic Alternatives

Object Cache 4 everyone

object-cache-4-everyone

Memcached or disk backend support for the WP Object Cache. Memcached server running and PHP Memcached class needed for better performance.

5K No CVEs

atec Cache Info

atec-cache-info

100

Show system cache status and statistics for OPcache, JIT, Object Cache, APCu, Redis, Memcached, and SQLite Cache.

1K No CVEs

MemcacheD Is Your Friend

memcached-is-your-friend

Adds MemcacheD object cache support to WordPress and auto-configures your cache setup.

1K No CVEs

Batcache

batcache

Batcache uses Memcached to store and serve rendered pages.

800 No CVEs

Cache Master

cache-master

Cache Master is an extremely lightweight, high-performance cache plugin that speeds up your WordPress sites on the fly. The core of Cache Master is dr …

500 No CVEs

Developer Profile

WPJAM Basic Developer Profile

denishua

8 plugins · 4K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

143 days

View full developer profile

Detection Fingerprints

How We Detect WPJAM Basic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpjam-basic/static/style.css/wp-content/plugins/wpjam-basic/static/script.js/wp-content/plugins/wpjam-basic/static/form.js

Script Paths

/wp-content/plugins/wpjam-basic/static/script.js/wp-content/plugins/wpjam-basic/static/form.js

Version Parameters

wpjam-style?ver=wpjam-script?ver=wpjam-form?ver=

HTML / DOM Fingerprints

CSS Classes

wpjam-page-setting

Data Attributes

wpjam-page-actionwpjam-querywpjam-upload

JS Globals

wpjam_page_setting

REST Endpoints

/wpjam-api/

FAQ