[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0qu3FYZiteLhecshw25EAbknOeMmUpnKr2RPNJhxPso":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":121,"fingerprints":209},"addfunc-head-footer-code","AddFunc Head & Footer Code","2.3","AddFunc","https:\u002F\u002Fprofiles.wordpress.org\u002Faddfunc\u002F","\u003Cp>Allows administrators to add code to the \u003Ccode>\u003Chead>\u003C\u002Fcode> and\u002For footer of an individual post (or page or other content) and\u002For site-wide. Ideal for scripts such as Google Analytics conversion tracking code and any other general or page-specific JavaScript. A very simple, reliable and lightweight plugin.\u003C\u002Fp>\n","Easily add code to your head, footer and\u002For immediately after the opening body tag, site-wide and\u002For on any individual page\u002Fpost.",20000,234825,100,25,"2019-05-29T19:41:00.000Z","5.2.24","3.0.1","",[20,21,22,23,24],"add-to-head","footer-code","head-code","per-page","tracking-code","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddfunc-head-footer-code.2.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"addfunc",3,20110,30,84,"2026-04-05T02:46:59.572Z",[39,58,74,91,110],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":18,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"embed-code","Embed Code – Headers & Footers by DesignBombs","2.0.4","designbombs","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignbombs\u002F","\u003Cp>Easily insert or embed header and footer code in WordPress. Embed Code makes embedding global or page\u002Fpost-specific header and footer code super easy. It can be used to add almost anything, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics tracking code\u003C\u002Fli>\n\u003Cli>Site verification snippets\u003C\u002Fli>\n\u003Cli>Typekit font scripts\u003C\u002Fli>\n\u003Cli>Custom CSS\u003C\u002Fli>\n\u003Cli>Custom JavaScript\u003C\u002Fli>\n\u003Cli>Optimizely embed code\u003C\u002Fli>\n\u003Cli>Facebook tracking pixel\u003C\u002Fli>\n\u003Cli>Live chat integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It even supports embedding code on custom post types!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is maintained by folks over at \u003Ca href=\"http:\u002F\u002Fdesignbombs.com\" rel=\"nofollow ugc\">DesignBombs.com\u003C\u002Fa>. If you are looking to start a new website, checkout their guide on \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">how to create a website\u003C\u002Fa>. They also have in-depth guides on other topics like how to \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fbest-wordpress-hosting\" rel=\"nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fhow-to-start-a-blog\u002F\" rel=\"nofollow ugc\">how to start a blog\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fwordpress-security\u002F\" rel=\"nofollow ugc\">WordPress security\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to embed code in the head or footer of your site, globally or on a per-page\u002Fpost basis.",5000,59115,6,"2021-08-04T08:03:00.000Z","5.8.13","4.7.0","5.4",[40,55,21,56,24],"embed-javascript","header-code","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-code.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":13,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":17,"requires_php":18,"tags":70,"homepage":18,"download_link":73,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"average-head-footer-code","Average Head & Footer Code","1.1","average.technology","https:\u002F\u002Fprofiles.wordpress.org\u002Faveragetechnology\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Notice\u003C\u002Fstrong>\u003Cbr \u002F>\n  Average is changing its name to AddFunc. Much better, huh?! Therefore, this plugin has been republished as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faddfunc-head-footer-code\u002F\" rel=\"ugc\">AddFunc Head & Footer Code\u003C\u002Fa>. The “AddFunc version” is compatible with the “Average version,” so installation and activation of either or both is risk-free. This also enables you to manually transfer all of your head and footer code to the “AddFunc version” (if you wish). The “Average version” will remain available with minimal support until it becomes a burden for AddFunc (probably for many years to come, as of 2014). Any new features will only be added to the “AddFunc version,” so it is of course the recommended version (at least for future projects). Thanks!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Allows admins to add code to the \u003Ccode>\u003Chead>\u003C\u002Fcode> and\u002For footer of an individual post and\u002For site-wide. Ideal for scripts such as Google Analytics conversion tracking code and any other general or page-specific JavaScript.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Custom support tickets are available\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faverage-head-footer-code\u002Fother_notes\u002F\" rel=\"ugc\">Other Notes\u003C\u002Fa> tab for details.\u003C\u002Fp>\n\u003Ch3>Custom Support\u003C\u002Fh3>\n\u003Cp>If you have a custom support need, \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=7AF7P3TFKQ2C2\" rel=\"nofollow ugc\">please purchase your support ticket here\u003C\u002Fa>. Support tickets are responded to within 24 hours, but we answer them as soon as possible.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How it works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=7AF7P3TFKQ2C2\" rel=\"nofollow ugc\">Purchase a support ticket via PayPal\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>You get a chance to provide the best way to contact you and a description of your need\u003C\u002Fli>\n\u003Cli>I contact you as soon as I can (no less than 24 hours) and help resolve your issue\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This is for custom needs for help, not problems with the plugin, or instructions that should already be explain in the description. If you feel there are important details omitted from the description, installation steps, etc. of the plugin, please report them in the Support forum. Thanks!\u003C\u002Fp>\n","Easily add code to your head and\u002For footer, site-wide and\u002For on any individual page\u002Fpost.",6476,2,"2014-12-04T23:35:00.000Z","4.0.38",[71,21,72,22],"footer","head","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faverage-head-footer-code.1.1.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":27,"num_ratings":27,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":18,"download_link":90,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gtm-code-visibility","GTM Code Visibility","0.1","Off Site Services","https:\u002F\u002Fprofiles.wordpress.org\u002Foff-site-services\u002F","\u003Cp>Allows admins to add Google Tag Manager code to your site and use it only when site is switched to “Search Engine Visibility”.\u003C\u002Fp>\n\u003Cp>Use Settings->Reading: check\u002Funcheck “Search Engine Visibility” and add code to “GTM code fields”.\u003C\u002Fp>\n","Easily add Google Tag Manager code to your site and use it only when site is switched to \"Search Engine Visibility\".",50,1520,"2021-03-10T15:26:00.000Z","5.7.15","4.0.1","5.2.4",[20,72,22,89,56],"header","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgtm-code-visibility.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":13,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":107,"download_link":108,"security_score":109,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"vanilla-bean-meta-maid","Vanilla Bean – Meta Maid","2.1.0","vsmash","https:\u002F\u002Fprofiles.wordpress.org\u002Fvsmash\u002F","\u003Cp>Meta Maid is the simplest of plugins, allowing you to add meta tags, script tags and tracking code to\u003Cbr \u002F>\nthe top and bottom of your page.\u003C\u002Fp>\n","Meta Maid is the simplest of plugins, allowing you to add meta tags, script tags and tracking code to",20,3390,1,"2024-06-22T03:42:00.000Z","6.5.8","4.0",[21,56,106,24],"meta-tags","http:\u002F\u002Fwww.velvary.com.au\u002Fvanilla-beans\u002Fwordpress\u002Fmeta-maid\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvanilla-bean-meta-maid.2.1.0.zip",92,{"slug":111,"name":112,"version":113,"author":78,"author_profile":79,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":27,"num_ratings":27,"last_updated":118,"tested_up_to":85,"requires_at_least":17,"requires_php":18,"tags":119,"homepage":18,"download_link":120,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"ga-code-visibility","GA Code Visibility","0.4","\u003Cp>Allows admins to add Google Analytics code to \u003Ccode>\u003Chead>\u003C\u002Fcode> and use it only when site is switched to “Search Engine Visibility”.\u003C\u002Fp>\n\u003Cp>Use Settings->Reading: check\u002Funcheck “Search Engine Visibility” and add code to “GA code fields”.\u003C\u002Fp>\n","Easily add Google Analytics code to your head and use it only when site is switched to \"Search Engine Visibility\".",10,1681,"2021-03-10T15:22:00.000Z",[20,72,22,89,56],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fga-code-visibility.zip",{"attackSurface":122,"codeSignals":165,"taintFlows":201,"riskAssessment":202,"analyzedAt":208},{"hooks":123,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":27,"unprotectedCount":27},[124,130,134,138,140,143,147,151,153,157],{"type":125,"name":126,"callback":127,"file":128,"line":129},"action","admin_init","register","addfunc-head-footer-code.php",93,{"type":125,"name":131,"callback":132,"file":128,"line":133},"admin_menu","menu",94,{"type":125,"name":135,"callback":136,"file":128,"line":137},"wp_head","output_head_code",98,{"type":125,"name":135,"callback":136,"file":128,"line":139},101,{"type":125,"name":135,"callback":141,"file":128,"line":142},"aFHFCBuffRec",106,{"type":125,"name":144,"callback":145,"file":128,"line":146},"wp_print_footer_scripts","aFHFCBuffPlay",116,{"type":125,"name":148,"callback":149,"file":128,"line":150},"wp_footer","output_footer_code",119,{"type":125,"name":148,"callback":149,"file":128,"line":152},122,{"type":125,"name":154,"callback":155,"file":128,"line":156},"add_meta_boxes","aFhfc_add",134,{"type":125,"name":158,"callback":159,"file":128,"line":160},"save_post","aFhfc_save",174,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":27,"externalRequests":27,"nonceChecks":101,"capabilityChecks":33,"bundledLibraries":200},[],{"prepared":27,"raw":27,"locations":168},[],{"escaped":49,"rawEcho":170,"locations":171},15,[172,175,177,178,180,182,184,186,188,190,191,193,195,196,198],{"file":128,"line":173,"context":174},63,"raw output",{"file":128,"line":176,"context":174},65,{"file":128,"line":26,"context":174},{"file":128,"line":179,"context":174},87,{"file":128,"line":181,"context":174},114,{"file":128,"line":183,"context":174},156,{"file":128,"line":185,"context":174},162,{"file":128,"line":187,"context":174},168,{"file":189,"line":49,"context":174},"options.php",{"file":189,"line":49,"context":174},{"file":189,"line":192,"context":174},11,{"file":189,"line":194,"context":174},13,{"file":189,"line":99,"context":174},{"file":189,"line":197,"context":174},27,{"file":189,"line":199,"context":174},29,[],[],{"summary":203,"deductions":204},"The \"addfunc-head-footer-code\" plugin v2.3 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and SQL injection vulnerabilities (all queries use prepared statements) is a strong positive. Furthermore, the presence of nonce and capability checks, along with the lack of significant untrusted input flows identified by taint analysis, suggests developers have implemented some important security safeguards. The clean vulnerability history, with zero known CVEs, further bolsters confidence in its current security state.\n\nHowever, a notable concern arises from the output escaping analysis. With only 29% of outputs properly escaped, a significant portion of user-generated or dynamic content displayed by the plugin could be vulnerable to Cross-Site Scripting (XSS) attacks. This is the primary weakness identified and represents a potential avenue for attackers to inject malicious scripts into pages where this plugin is active.\n\nIn conclusion, while the plugin demonstrates strengths in its backend operations and lack of known historical vulnerabilities, the insufficient output escaping is a critical oversight. Addressing the XSS risks associated with unescaped output should be a priority to improve its overall security. The very small attack surface is also a positive, as it limits the potential entry points for attackers.",[205],{"reason":206,"points":207},"Insufficient output escaping",7,"2026-03-16T17:31:31.987Z",{"wat":210,"direct":215},{"assetPaths":211,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[],[],[],[],{"cssClasses":216,"htmlComments":219,"htmlAttributes":220,"restEndpoints":235,"jsGlobals":236,"shortcodeOutput":239},[217,218],"dashicons","dashicons-info",[],[221,222,223,224,225,226,227,228,229,230,231,232,233,234],"name=\"aFhfc_head_code\"","id=\"aFhfc_head_code\"","name=\"aFhfc_head_replace\"","id=\"aFhfc_head_replace\"","name=\"aFhfc_body_code\"","id=\"aFhfc_body_code\"","name=\"aFhfc_body_replace\"","id=\"aFhfc_body_replace\"","name=\"aFhfc_footer_code\"","id=\"aFhfc_footer_code\"","name=\"aFhfc_footer_replace\"","id=\"aFhfc_footer_replace\"","name=\"aFhfc_mb_nonce\"","id=\"aFhfcMetaBox\"",[],[237,238],"AFHDFTRCD_ID","AFHDFTRCD_NICK",[]]