Does YASAKANI Cache have any unpatched vulnerabilities?

No. All known vulnerabilities in YASAKANI Cache have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YASAKANI Cache compatible with WordPress 6.8.5?

According to WordPress.org data, YASAKANI Cache 3.9.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is YASAKANI Cache compatible with PHP 8.1+?

YASAKANI Cache requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YASAKANI Cache updated?

YASAKANI Cache was last updated on Jun 30, 2025. Frequent updates are generally a positive security signal.

What is YASAKANI Cache's security score?

YASAKANI Cache has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YASAKANI Cache Security & Risk Analysis

wordpress.org/plugins/yasakani-cache

Simple ! Easy !! Ultra-high-speed !!!. Definitive edition of the page cache. And Bot and Security Utility.

10 active installs v3.9.7 PHP 8.1+ WP 6.0+ Updated Jun 30, 2025

botblockcacherestsecuritysqlite

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is YASAKANI Cache Safe to Use in 2026?

Generally Safe

Score 100/100

YASAKANI Cache has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The yasakani-cache plugin, version 3.9.7, exhibits a mixed security posture. While it has no known historical vulnerabilities and demonstrates good practices like a decent number of nonce and capability checks, several code signals raise concerns. The presence of the `unserialize` function is a critical risk, especially if the data being unserialized originates from untrusted sources, as it can lead to Remote Code Execution. Furthermore, a significant portion of SQL queries are not using prepared statements, increasing the risk of SQL injection vulnerabilities. The low percentage of properly escaped output also suggests potential Cross-Site Scripting (XSS) vulnerabilities, as data rendered to the user might not be adequately sanitized.

Despite the lack of documented CVEs, the internal code analysis reveals concerning patterns that could be exploited. The taint analysis indicates flows with unsanitized paths, although they are not classified as critical or high severity in this specific analysis. This, combined with the `unserialize` function and raw SQL queries, suggests an underlying risk that requires attention. The plugin's strengths lie in its zero-day vulnerability history and the absence of exposed entry points without authentication. However, the identified code-level weaknesses, particularly `unserialize` and unescaped output, prevent it from being considered fully secure without remediation.

Key Concerns

Presence of unserialize function
Half of SQL queries not prepared
Low percentage of properly escaped output
Taint flows with unsanitized paths

Vulnerabilities

None known

YASAKANI Cache Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

YASAKANI Cache Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unsdata = @unserialize($data);addons\admin\backend_logstat.php:166

unserialize$unsdata = @unserialize($prmdata);addons\admin\backend_logstat.php:220

SQL Query Safety

50% prepared10 total queries

Output Escaping

36% escaped89 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

safecheck (addons\yasakani_security.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

YASAKANI Cache Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_yasakani_log_filteraddons\admin\backend_logstat.php:51

authwp_ajax_yasakani_excludeyasakani-cache.php:263

authwp_ajax_yasakani_clearyasakani-cache.php:264

WordPress Hooks 44

actionyc_additional_features_settingsaddons\admin\backend_logstat.php:26

actionyc_additional_features_summaryaddons\admin\backend_logstat.php:30

filterauthenticateaddons\admin\backend_logstat.php:40

filterwp_redirect_statusaddons\admin\backend_logstat.php:42

filterpre_http_requestaddons\admin\backend_logstat.php:44

actionhttp_api_debugaddons\admin\backend_logstat.php:45

actionphpmailer_initaddons\admin\backend_logstat.php:47

filterpre_unschedule_eventaddons\admin\backend_logstat.php:49

actiontemplate_redirectaddons\admin\backend_security.php:36

filterauthenticateaddons\admin\backend_security.php:39

filterpre_update_optionaddons\admin\backend_security.php:41

actionyc_additional_features_option_updateaddons\admin\backend_security.php:53

actionyc_additional_features_option_importaddons\admin\backend_security.php:54

filteryc_additional_features_option_exportaddons\admin\backend_security.php:55

actionyc_additional_features_settingsaddons\admin\backend_security.php:57

actioncron_yasakani_bruteforce_expiredaddons\admin\backend_security.php:61

actioninityasakani-cache.php:30

actioninityasakani-cache.php:209

actionadmin_inityasakani-cache.php:210

actionadd_meta_boxesyasakani-cache.php:211

actionin_plugin_update_message-yasakani-cache/yasakani-cache.phpyasakani-cache.php:212

actionembed_headyasakani-cache.php:217

actionembed_headyasakani-cache.php:218

actiontemplate_redirectyasakani-cache.php:219

filterwp_using_themesyasakani-cache.php:220

filterrest_pre_dispatchyasakani-cache.php:223

filterrest_request_after_callbacksyasakani-cache.php:224

filterrest_pre_echo_responseyasakani-cache.php:225

filterwp_using_themesyasakani-cache.php:231

actiontransition_post_statusyasakani-cache.php:253

actiondelete_postyasakani-cache.php:254

actioncomment_postyasakani-cache.php:255

actionedit_commentyasakani-cache.php:256

actiontrackback_postyasakani-cache.php:257

actionpingback_postyasakani-cache.php:258

actionwp_set_comment_statusyasakani-cache.php:259

actionswitch_themeyasakani-cache.php:261

actionwp_update_nav_menuyasakani-cache.php:262

actionadmin_noticesyasakani-cache.php:296

filterget_avataryasakani-cache.php:363

actionadmin_menuyasakani-cache.php:1671

actionadmin_footeryasakani-cache.php:1689

actionadmin_headyasakani_option_page.php:89

actionadmin_headyasakani_option_page.php:90

Scheduled Events 1

cron_yasakani_bruteforce_expired

Maintenance & Trust

YASAKANI Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 30, 2025

PHP min version8.1

Downloads9K

Community Trust

Rating100/100

Number of ratings7

Active installs10

Alternatives

YASAKANI Cache Alternatives

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

Restricted Site Access

restricted-site-access

100

Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.

20K 1 CVE

WP REST Cache

wp-rest-cache

Enable caching of the WordPress REST API and auto-flush caches upon wp-admin editing.

10K 1 CVE

SQLite Object Cache

sqlite-object-cache

100

A fast persistent object cache backend for the rest of us, powered by SQLite and accelerated by APCu

9K No CVEs

SMNTCS Disable REST API User Endpoints

smntcs-disable-rest-api-user-endpoints

Disable the REST API user endpoints due to obscure user slugs.

6K No CVEs

Developer Profile

YASAKANI Cache Developer Profile

enomoto celtislab

12 plugins · 9K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect YASAKANI Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yasakani-cache/inc/admin-script.js/wp-content/plugins/yasakani-cache/inc/admin-style.css/wp-content/plugins/yasakani-cache/inc/minify-utils.php

Script Paths

/wp-content/plugins/yasakani-cache/inc/admin-script.js

HTML / DOM Fingerprints

CSS Classes

yasakani-cache-menu-wrapper

HTML Comments

Yasakani Cache startYasakani Cache end

Data Attributes

data-yasakani-urldata-yasakani-id

JS Globals

yasakani_optionyasakani_noncedata

FAQ