Fun Facts Security & Risk Analysis
wordpress.org/plugins/fun-factsAdds a sidebar widget that display interesting, useless, weird and wonderful random fun facts.
Is Fun Facts Safe to Use in 2026?
Generally Safe
Score 85/100Fun Facts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'fun-facts' plugin v2.0.1 exhibits a mixed security posture. While the attack surface is minimal and appears to have no direct unprotected entry points from AJAX, REST API, or cron, significant concerns arise from the code analysis signals. The presence of the `create_function` is a notable risk as it can be exploited for code injection. Furthermore, the complete lack of prepared statements for all SQL queries (14 total) and the absence of output escaping for all outputs (7 total) present substantial vulnerabilities to SQL injection and Cross-Site Scripting (XSS) respectively. The plugin's vulnerability history is clean, with no recorded CVEs, which is positive. However, this historical lack of vulnerabilities does not negate the critical flaws identified in the static analysis. The strength lies in its small attack surface and clean history, but the weaknesses in basic security practices like input sanitization and secure SQL query handling are significant and outweigh the perceived strengths, warranting caution.
Key Concerns
- Raw SQL queries without prepared statements
- Unescaped output
- Dangerous function: create_function
- Missing nonce checks
- Missing capability checks
Fun Facts Security Vulnerabilities
Fun Facts Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Fun Facts Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
Fun Facts Maintenance & Trust
Maintenance Signals
Community Trust
Fun Facts Alternatives
Counter Number Showcase, Fun Facts – WordPress Animated Counter Plugin
counter-number-showcase
Counter Number WordPress Plugin brings you all the powerful Stats Counter features to your wordpress website
Kiwiz for WooCommerce
kiwiz-invoices-certification-pdf-file
Le module Kiwiz est un système de certification en temps réel dans la Blockchain pour se conformer à la loi anti-fraude TVA 2018.
WP Facts
wp-facts
WP Facts shows a simple facts-photo whith short description on Your sidebar.
Countries FunFacts
countries-funfacts
You can add shortcodes defined in this plugin and they will either display a random country or random country name. Depending on shortcode used
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
really-simple-ssl
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.
Fun Facts Developer Profile
9 plugins · 1K total installs
How We Detect Fun Facts
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
wrapui-sortablepostboxopenedform-tabletitlefacesizewidget_title<table width="250" style="border-width: thin thin thin thin; border-style: solid solid solid solid;"><thead><tr><th><center><font face="arial" size="+1"><b>Fun Facts</b></center></font></th></tr></thead><tbody><tr><td><div style="text-align: justify;"></div></td></tr></tbody><tfoot><tr><td><div style="text-align: right;"><font face="arial" size="-3"><a href="http://www.joeswebtools.com/wordpress-plugins/fun-facts/" title="Fun Facts widget plugin for WordPress">Joe's</a></font></div></td></tr></tfoot></table><div style="text-align: justify;">