WP-Safety

Use Google Libraries Security & Risk Analysis

wordpress.org/plugins/use-google-libraries

Allows your site to use common javascript libraries from Google's AJAX Libraries CDN, rather than from WordPress's own copies.

10K active installs v1.6.2.3 PHP + WP 3.4+ Updated Nov 28, 2017
cdngooglejavascriptjqueryperformance
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Use Google Libraries Safe to Use in 2026?

Generally Safe

Score 85/100

Use Google Libraries has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "use-google-libraries" plugin v1.6.2.3 exhibits a generally strong security posture based on the provided static analysis. There are no identified dangerous functions, SQL queries are all prepared, and all outputs are properly escaped. The absence of file operations, external HTTP requests (except for one, which needs scrutiny), and taint analysis findings further contribute to a positive assessment. Crucially, the plugin has no recorded vulnerability history, suggesting a history of secure development and maintenance.

However, a notable concern is the complete lack of nonce checks and capability checks across all identified entry points, which are zero. While the current attack surface is zero, this indicates a fundamental gap in security implementation. If the plugin were to evolve and introduce new entry points, such as AJAX handlers, REST API routes, or shortcodes in the future, the absence of these checks would immediately expose the site to potential Cross-Site Request Forgery (CSRF) or unauthorized access vulnerabilities. The single external HTTP request also warrants investigation to ensure it is not inadvertently introducing a security risk, such as facilitating SSRF or fetching malicious content.

In conclusion, the plugin's current state is secure due to its minimal attack surface and good coding practices in specific areas. The complete absence of authentication and authorization checks on potential entry points, even if currently non-existent, represents a significant weakness that could become a critical vulnerability if the plugin's functionality expands. The lack of historical vulnerabilities is a positive indicator but does not negate the need for robust security measures on any future development.

Key Concerns

  • No nonce checks on entry points
  • No capability checks on entry points
  • External HTTP request without context
Vulnerabilities
None known

Use Google Libraries Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Use Google Libraries Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries
Attack Surface

Use Google Libraries Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionwp_default_scriptsuse-google-libraries.php:233
filterscript_loader_srcuse-google-libraries.php:241
filterinituse-google-libraries.php:246
Maintenance & Trust

Use Google Libraries Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedNov 28, 2017
PHP min version
Downloads748K

Community Trust

Rating88/100
Number of ratings47
Active installs10K
Alternatives

Use Google Libraries Alternatives

WP jQuery Plus

WP jQuery Plus

wp-jquery-plus

A
85

Loads jQuery from a CDN using the exact version as your current WordPress install

1K No CVEs
Admin Menu Slide

Admin Menu Slide

admin-menu-slide

A
85

Adds a feature to hide admin menu and make it slide when hovering on the edge of the screen.

10 No CVEs
Do Not Load jQuery

Do Not Load jQuery

do-not-load-jquery

A
85

Stops WordPress plugins from loading jQuery.

10 No CVEs
AH Footer Scripts

AH Footer Scripts

evolution-footer-scripts

A
85

This small plugin moves all scripts (including jQuery) to the footer to help speed up page load times, while keep stylesheets in the header.

10 No CVEs
indomap

indomap

indomap

A
85

jQuery plugin to create google maps with advanced features (overlays, clusters, callbacks, events...)

10 No CVEs
Developer Profile

Use Google Libraries Developer Profile

Jason Penney

1 plugin · 10K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Use Google Libraries

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/use-google-libraries/assets/css/admin.css/wp-content/plugins/use-google-libraries/assets/js/admin.js
Script Paths
jqueryjquery-ui-corejquery-ui-accordionjquery-ui-autocompletejquery-ui-buttonjquery-ui-datepicker+45 more
Version Parameters
/use-google-libraries/assets/css/admin.css?ver=/use-google-libraries/assets/js/admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
Copyright 2008-2017 Jason Penney (email : jpenney@jczorkmid.net )This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation using version 2 of the License.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA+16 more
JS Globals
JCP_UseGoogleLibraries_cache
FAQ

Frequently Asked Questions about Use Google Libraries