Does LoftLoader have any unpatched vulnerabilities?

No. All known vulnerabilities in LoftLoader have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LoftLoader compatible with WordPress 6.9.4?

According to WordPress.org data, LoftLoader 2.5.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LoftLoader compatible with PHP 5.6+?

LoftLoader requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LoftLoader updated?

LoftLoader was last updated on Dec 14, 2025. Frequent updates are generally a positive security signal.

What is LoftLoader's security score?

LoftLoader has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LoftLoader Security & Risk Analysis

wordpress.org/plugins/loftloader

An easy to use plugin to add an animated preloader to your website with fully customisations.

70K active installs v2.5.2 PHP 5.6+ WP 6.0+ Updated Dec 14, 2025

animated-preloadercss3-preloadercustomizable-loaderpage-preloaderpreloader

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LoftLoader Safe to Use in 2026?

Generally Safe

Score 100/100

LoftLoader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The loftloader plugin version 2.5.2 demonstrates a strong security posture based on the provided static analysis. There are no identified vulnerabilities in the attack surface, dangerous functions, or taint analysis, suggesting that the plugin does not expose common entry points for attacks or handle user-supplied data in an unsafe manner. The consistent and proper output escaping across all outputs is a significant strength, mitigating risks of cross-site scripting (XSS) vulnerabilities. Furthermore, the plugin's history of zero known CVEs, with no currently unpatched vulnerabilities, indicates a diligent approach to security by the developers.

However, the analysis does highlight a few areas that could be improved to further harden the plugin. The presence of a single SQL query that does not utilize prepared statements, while only one, represents a potential risk for SQL injection if the input controlling it is not rigorously validated and sanitized. Additionally, the complete absence of nonce checks, while not directly linked to an attack surface in this version, is a general security best practice that is missing. While capability checks are present, their effectiveness can only be fully assessed in context with the specific functionalities they protect. Overall, loftloader v2.5.2 appears to be a secure plugin with a commendable security track record, but the minor findings in SQL handling and the absence of nonce checks warrant attention for future development.

Key Concerns

SQL query without prepared statements
Missing nonce checks

Vulnerabilities

None known

LoftLoader Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

LoftLoader Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

103 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped103 total outputs

Attack Surface

LoftLoader Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 32

filterloftloader_get_loader_settinginc\any-page\class-any-page-filter.php:9

filterloftloader_loader_enabledinc\any-page\class-any-page-filter.php:10

filterloftloader_loader_attributesinc\any-page\class-any-page-filter.php:11

actionloftloader_settingsinc\any-page\class-any-page-filter.php:12

actionadd_meta_boxesinc\any-page\class-loftloader-any-page.php:5

actionsave_postinc\any-page\class-loftloader-any-page.php:6

actionenqueue_block_editor_assetsinc\any-page\gutenberg\class-gutenberg-any-page.php:18

actioninitinc\any-page\gutenberg\class-gutenberg-any-page.php:72

actioncustomize_controls_initinc\class-loftloader-customize.php:14

actioncustomize_controls_enqueue_scriptsinc\class-loftloader-customize.php:15

actioncustomize_preview_initinc\class-loftloader-customize.php:16

actionwp_enqueue_scriptsinc\class-loftloader-front.php:23

actionwp_headinc\class-loftloader-front.php:24

actionwp_footerinc\class-loftloader-front.php:25

filterloftloader_modify_htmlinc\class-loftloader-front.php:26

filterloftloader_htmlinc\class-loftloader-front.php:27

filterbody_classinc\class-loftloader-front.php:28

actiontemplate_redirectinc\class-loftloader-front.php:37

actionwp_headinc\class-loftloader-front.php:70

actionwp_footerinc\class-loftloader-front.php:71

actioncustomize_registerinc\configs\customize-advanced.php:7

actioncustomize_registerinc\configs\customize-background.php:7

actioncustomize_registerinc\configs\customize-loader.php:7

actioncustomize_registerinc\configs\customize-main.php:7

actioncustomize_registerinc\configs\customize-more.php:7

actioncustomize_registerinc\configs\customize-promo.php:7

actioncustomize_registerinc\configs\customize-range.php:7

actionwploftloader.php:47

actionadmin_menuloftloader.php:48

actionafter_setup_themeloftloader.php:105

actionplugins_loadedloftloader.php:112

filtercustomize_loaded_componentsloftloader.php:123

Maintenance & Trust

LoftLoader Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 14, 2025

PHP min version5.6

Downloads785K

Community Trust

Rating90/100

Number of ratings33

Active installs70K

Alternatives

LoftLoader Alternatives

Preloader for Website

preloader-for-website

100

Preloader for Website : A loading screen add-on for your WordPress website.

2K 1 CVE

BH Custom CSS3 Preloader – Just play and play

bh-custom-preloader

100

It will be enable Preloader on your web site. It includes 8 CSS3 preloader styles, image preloaders etc

1K No CVEs

Ultimate Preloader

ultimate-preloader

Ultimate Preloader will create a preloading screen for your website before all your images (including the images in CSS) are fully loaded.

60 No CVEs

Gou PreLoader

gou-preloader

100

Extension for WordPress to manage PreLoader on your website. Lightweight plugin and easy to customize and user friendly.

0 No CVEs

Safelayout Cute Preloader – CSS3 WordPress Preloader

safelayout-cute-preloader

100

Easily add a pure CSS animated preloader to your WordPress website.

10K No CVEs

Developer Profile

LoftLoader Developer Profile

loftocean

5 plugins · 70K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LoftLoader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/loftloader/inc/any-page/gutenberg/plugin.js

Version Parameters

loftloader/style.css?ver=loftloader/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

loftloader-wrapperloftloader-bodyloftloader-animation

Data Attributes

data-lofter-titledata-lofter-typedata-lofter-speeddata-lofter-color

JS Globals

LoftLoader

REST Endpoints

/wp-json/loftloader/v1/settings

Shortcode Output

[loftloader_page_shortcode]

FAQ