Proofreading Security & Risk Analysis
wordpress.org/plugins/proofreadingProofreading checks texts on every content of your WordPress site. You can proofread in 30 different languages and get tips to improve your writings.
Is Proofreading Safe to Use in 2026?
Generally Safe
Score 91/100Proofreading has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The 'proofreading' plugin version 1.2.2 exhibits a generally good security posture, with several positive indicators. The static analysis reveals a minimal attack surface, with all entry points having proper authorization checks. The high percentage of properly escaped output and the absence of dangerous functions are also strong points. Taint analysis shows no unsanitized paths, which is excellent. However, the plugin's vulnerability history is a significant concern. With two medium-severity CVEs, both related to Cross-Site Scripting (XSS), and the most recent one occurring in 2025, it suggests a recurring pattern of input validation weaknesses. While currently no vulnerabilities are unpatched, this history indicates a need for vigilance and further scrutiny of how user input is handled, especially in areas that might be exposed through AJAX handlers. The presence of prepared statements in a good portion of SQL queries is positive, but the non-trivial number of queries (24) means that any deviations from prepared statements could be risky.
Key Concerns
- Two medium-severity XSS vulnerabilities in history
- Recent medium-severity XSS vulnerability
- SQL queries with only 42% prepared statements
- Bundled TinyMCE library
Proofreading Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting
Proofreading <= 1.1 - Reflected Cross-Site Scripting
Proofreading Release Timeline
Proofreading Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Proofreading Attack Surface
AJAX Handlers 2
WordPress Hooks 10
Maintenance & Trust
Proofreading Maintenance & Trust
Maintenance Signals
Community Trust
Proofreading Alternatives
Ice Visual Revisions
ice
Adds revision tracking to the visual editor. Modified, added, or deleted text is shown in color, along with the user and time of change.
Custom Fonts – Host Your Fonts Locally
custom-fonts
Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …
Fonts Plugin | Google Fonts, Adobe Fonts & Upload Fonts
olympus-google-fonts
Instantly change your entire website's typography with Google Fonts, Adobe Fonts, or custom fonts — no coding required. Live preview your changes.
Use Any Font | Custom Font Uploader
use-any-font
Upload custom fonts with custom font uploader. Auto converts to woff2 for better performance. Self-hosted, GDPR compliant, and easy custom font plugin
Easy Google Fonts
easy-google-fonts
Adds google fonts to any theme without coding and integrates with the WordPress Customizer automatically for a realtime live preview.
Proofreading Developer Profile
3 plugins · 9K total installs
How We Detect Proofreading
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/proofreading/css/proofreading-admin.css/wp-content/plugins/proofreading/js/proofreading-admin.js/wp-content/plugins/proofreading/js/proofreading-admin.jsproofreading-admin.css?ver=proofreading-admin.js?ver=HTML / DOM Fingerprints
scribit_credit