PLUGIN SECURITY
Is Wp Fastest Cache safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Wp Fastest Cache WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
wp-fastest-cache - Max supported PHP (analyzed): 8.4
Known vulnerabilities
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.1.7 [CVE-2021-20714, WordPress plugin "WP Fastest Cache" vulnerable to directory traversal, WordPress WP Fastest Cache plugin <= 0.9.1.6 - Authenticated Arbitrary File Deletion via Path Traversal vulnerability, WP Fastest Cache <= 0.9.1.6 - Authenticated (Admin+) Directory Traversal to Arbitrary File Deletion, WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal, EUVD-2021-8129]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.4.9 [CVE-2015-9316, WP Fastest Cache < 0.8.4.9 - SQL Injection, WP Fastest Cache <= 0.8.4.8 - Blind SQL Injection]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.9.6 [CVE-2019-13635, WordPress WP Fastest Cache plugin <= 0.8.9.5 - Directory Traversal vulnerability, WP Fastest Cache <= 0.8.9.5 - Directory Traversal, WP Fastest Cache <= 0.8.9.5 - Directory Traversal]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.9.1 [CVE-2019-6726, WordPress WP Fastest Cache plugin <= 0.8.9.0 - Unauthenticated Arbitrary File Deletion vulnerability, WP Fastest Cache <= 0.8.9.0 - Directory Traversal to Arbitrary File Deletion, WP Fastest Cache <= 0.8.9.0 - Unauthenticated Arbitrary File Deletion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.8.6 [CVE-2018-17583, WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via the rules[0][content] parameter in a wpfc_save_exclude_pages action]
+ 43 more known vulnerabilities
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.8.6 [CVE-2018-17584, WP Fastest Cache <= 0.8.8.5 - Cross-Site Request Forgery via page to wpfastestcacheoptions]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.8.6 [CVE-2018-17586, WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via rules[0][content] parameter, WP Fastest Cache <= 0.8.8.5 - CSRF and multiple XSS]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.8.6 [CVE-2018-17585, WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via wpFastestCachePage options, wpFastestCachePreload_number or wpFastestCacheLanguage parameter]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.3.5 [CVE-2015-4089, WP Fastest Cache < 0.8.3.5 - Multiple Cross-Site Request Forgery, WP Fastest Cache < 0.8.3.5 - Multiple CSRF]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.5 [WordPress WP Fastest Cache plugin <= 0.9.4 - Authenticated SQL Injection (SQLi) vulnerability]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.5 [WordPress WP Fastest Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.0.3 [WordPress WP Fastest Cache plugin <= 0.9.0.2 - Cross-Site Request Forgery (CSRF) vulnerability]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.7.5 [WordPress WP Fastest Cache plugin <=0.8.7.4 - Blind SQL Injection (SQLi) vulnerability]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.5.5.9 [WordPress WP Fastest Cache plugin <= 0.8.5.8 - Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerabilities]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.6.0 [WordPress Fastest Cache Plugin <= 0.8.5.9 - Local File Inclusion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.5.8 [WordPress Fastest Cache Plugin <= 0.8.5.7 - Local File Inclusion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.4.9 [WordPress WP Fastest Cache Plugin 0.8.4.8 - Blind SQL Injection]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.5 [CVE-2021-24870, WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting, WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.5 [CVE-2021-24869, WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection, WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.0.3 [WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.7.5 [WP Fastest Cache <= 0.8.7.4 - SQL Injection]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.6.0 [WP Fastest Cache <= 0.8.5.9 - Local File Inclusion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.5.8 [WP Fastest Cache <= 0.8.5.7 - Local File Inclusion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.5.8 [WP Fastest Cache <= 0.8.5.7 - Missing Authorization]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1930, WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1925, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1922, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1923, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1921, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1929, WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1924, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1927, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar', WP Fatest Cache < 1.1.3 - Multiple CSRF]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1931, WordPress WP Fastest Cache Plugin <= 1.1.2 is vulnerable to Broken Access Control, WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1928, WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1926, WordPress WP Fastest Cache Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF), WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1920, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1919, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1918, WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback']
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.5 [CVE-2023-1938, WordPress WP Fastest Cache Plugin < 1.1.5 is vulnerable to Server Side Request Forgery (SSRF), WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url, WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.1.3 [CVE-2023-1375, WP Fastest Cache <= 1.1.2 - Missing Authorization to Cache Deletion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.7.5 [WP Fastest Cache <= 0.8.7.4 - Blind SQL Injection]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.5.9 [WP Fastest Cache <= 0.8.5.9 - Local File Inclusion (LFI)]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.8.5.8 [WP Fastest Cache <= 0.8.5.7 - Local File Inclusion (LFI)]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.0.3 [WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.2.2 [CVE-2023-6063, WP Fastest Cache <= 1.2.1 - Unauthenticated SQL Injection, WordPress WP Fastest Cache Plugin < 1.2.2 is vulnerable to SQL Injection, WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.2.7 [CVE-2024-4347, WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion, WordPress WP Fastest Cache Plugin <= 1.2.6 is vulnerable to Arbitrary File Deletion]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 0.9.0.3 [CVE-2020-36836]
- WP Fastest Cache – WordPress Cache Plugin [wp-fastest-cache] < 1.4.1 [CVE-2025-10476, WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions, EUVD-2025-199817]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- WP Super Cache — 1000000+ active installs — max PHP 8.4
- WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance — 1000000+ active installs — max PHP <8.0
- Autoptimize — 800000+ active installs — max PHP 8.4
- SpeedyCache – Cache, Optimization, Performance — 600000+ active installs
- Breeze Cache — 400000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.