Does Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer 1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Security & Risk Analysis

wordpress.org/plugins/appscreo-visual-css-customizer

Simple Custom Code lets you add unlimited CSS, JavaScript, and HTML snippets to WordPress with a live visual customizer, AI-powered generation, and ad …

0 active installs v1.3 PHP 7.0+ WP 5.0+ Updated Feb 26, 2026

ai-code-generatorcustom-code-snippetscustom-cssjavascript-snippetsvisual-css-customizer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The static analysis of the "appscreo-visual-css-customizer" plugin v1.3 reveals a generally strong security posture. The plugin demonstrates good security practices by implementing nonce and capability checks for its AJAX handlers and REST API routes, indicating an effort to control access and prevent unauthorized actions. Furthermore, all SQL queries are performed using prepared statements, which is a significant measure against SQL injection vulnerabilities. The high percentage of properly escaped output (92%) also suggests a good understanding of preventing cross-site scripting (XSS) attacks. However, a notable concern arises from the taint analysis, which identified 7 flows with unsanitized paths. Although no critical or high severity issues were flagged, these unsanitized paths represent potential entry points for malicious input that could be processed in an insecure manner, potentially leading to unexpected behavior or information disclosure. The absence of any recorded vulnerability history is a positive indicator of the plugin's past security performance, suggesting a lack of exploitable flaws. Overall, while the plugin exhibits strong defenses against common web vulnerabilities like SQL injection and XSS, the presence of unsanitized paths in the taint analysis warrants attention and further investigation to ensure no latent vulnerabilities exist.

Key Concerns

Flows with unsanitized paths

Vulnerabilities

None known

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Release Timeline

v1.3Current

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

332 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped361 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths

add_filter_dropdowns (includes/class-scc-admin-columns.php:286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 3

authwp_ajax_scc_toggle_activeincludes/class-scc-admin-columns.php:50

authwp_ajax_scc_generate_ai_codeincludes/class-scc-meta-boxes.php:48

authwp_ajax_scc_clear_cacheincludes/class-scc-settings.php:47

REST API Routes 2

GET/wp-json/scc/v1/get-css-postsincludes/class-scc-customizer-menu.php:71

POST/wp-json/sccparser/v1/saveincludes/class-scc-customizer.php:96

WordPress Hooks 40

actionadmin_noticesappscreo-visual-css-customizer.php:27

actionadmin_initappscreo-visual-css-customizer.php:87

filtermanage_simple-custom-code_posts_columnsincludes/class-scc-admin-columns.php:44

actionmanage_simple-custom-code_posts_custom_columnincludes/class-scc-admin-columns.php:45

filtermanage_edit-simple-custom-code_sortable_columnsincludes/class-scc-admin-columns.php:46

actionpre_get_postsincludes/class-scc-admin-columns.php:47

actionrestrict_manage_postsincludes/class-scc-admin-columns.php:48

actionparse_queryincludes/class-scc-admin-columns.php:49

actionadmin_enqueue_scriptsincludes/class-scc-admin-columns.php:51

actionrest_api_initincludes/class-scc-customizer-menu.php:16

actionwp_enqueue_scriptsincludes/class-scc-customizer-menu.php:17

actionadmin_bar_menuincludes/class-scc-customizer-menu.php:18

actionrest_api_initincludes/class-scc-customizer.php:26

actiontemplate_redirectincludes/class-scc-customizer.php:27

actionwp_enqueue_scriptsincludes/class-scc-customizer.php:43

actionwp_trash_postincludes/class-scc-file-manager.php:44

actionbefore_delete_postincludes/class-scc-file-manager.php:45

actionwp_headincludes/class-scc-frontend.php:44

actionwp_body_openincludes/class-scc-frontend.php:45

actionwp_footerincludes/class-scc-frontend.php:46

actionadmin_headincludes/class-scc-frontend.php:47

actionadmin_footerincludes/class-scc-frontend.php:48

actionlogin_headincludes/class-scc-frontend.php:49

actionlogin_footerincludes/class-scc-frontend.php:50

actionenqueue_block_editor_assetsincludes/class-scc-frontend.php:51

actionadd_meta_boxesincludes/class-scc-meta-boxes.php:44

actionsave_postincludes/class-scc-meta-boxes.php:45

actionadmin_enqueue_scriptsincludes/class-scc-meta-boxes.php:46

actionedit_form_after_titleincludes/class-scc-meta-boxes.php:47

actioninitincludes/class-scc-post-type.php:44

actioninitincludes/class-scc-post-type.php:45

filterpost_updated_messagesincludes/class-scc-post-type.php:46

actionadmin_menuincludes/class-scc-settings.php:44

actionadmin_initincludes/class-scc-settings.php:45

actionadmin_enqueue_scriptsincludes/class-scc-settings.php:46

actionadmin_bar_menuincludes/class-scc-settings.php:48

actionadmin_noticesincludes/class-scc-settings.php:49

actioncurrent_screenincludes/class-scc-settings.php:50

actionadmin_headincludes/class-scc-settings.php:61

actionadmin_headincludes/class-scc-settings.php:65

Maintenance & Trust

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version7.0

Downloads283

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Alternatives

Simple Custom CSS and JS

custom-css-js

100

Easily add Custom CSS or JS to your website with an awesome editor.

700K 1 CVE

Insert Headers And Footers

wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE

Simple Custom CSS Plugin

simple-custom-css

Add Custom CSS to your WordPress site without any hassles.

100K No CVEs

Simple CSS

simple-css

100

Add CSS to your website through an admin editor, the Customizer or a metabox for page/post specific CSS.

80K No CVEs

WP Add Custom CSS

wp-add-custom-css

100

Add custom css to the whole website and to specific posts and pages.

60K No CVEs

Developer Profile

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer Developer Profile

AppsCreo

2 plugins · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/appscreo-visual-css-customizer/includes/css/frontend.css/wp-content/plugins/appscreo-visual-css-customizer/includes/css/customizer.css/wp-content/plugins/appscreo-visual-css-customizer/includes/js/customizer.js/wp-content/plugins/appscreo-visual-css-customizer/includes/js/frontend.js/wp-content/plugins/appscreo-visual-css-customizer/assets/css/frontend.css/wp-content/plugins/appscreo-visual-css-customizer/assets/js/frontend.js

Script Paths

/wp-content/plugins/appscreo-visual-css-customizer/includes/js/customizer.js/wp-content/plugins/appscreo-visual-css-customizer/includes/js/frontend.js/wp-content/plugins/appscreo-visual-css-customizer/assets/js/frontend.js

Version Parameters

appscreo-visual-css-customizer/includes/css/frontend.css?ver=appscreo-visual-css-customizer/includes/css/customizer.css?ver=appscreo-visual-css-customizer/includes/js/customizer.js?ver=appscreo-visual-css-customizer/includes/js/frontend.js?ver=appscreo-visual-css-customizer/assets/css/frontend.css?ver=appscreo-visual-css-customizer/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

scc-customizer-content

Data Attributes

data-scc-code-typedata-scc-code-id

JS Globals

window.scc_customizer_params

FAQ