Async JS and CSS Security & Risk Analysis
wordpress.org/plugins/async-js-and-cssConverts render-blocking CSS and JS files into NON-render-blocking, improving performance of web page.
Is Async JS and CSS Safe to Use in 2026?
Generally Safe
Score 85/100Async JS and CSS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "async-js-and-css" plugin v1.7.13 presents a mixed security posture. On the positive side, the plugin demonstrates excellent practices by avoiding dangerous functions and exclusively using prepared statements for its SQL queries, indicating a strong defense against common injection attacks. Furthermore, the absence of recorded vulnerabilities in its history suggests a generally well-maintained codebase. The plugin also has no identified CVEs, which is a significant strength.
However, there are notable areas of concern stemming from the static analysis. The most significant risk lies in the complete lack of output escaping for all 13 identified output points. This represents a substantial vulnerability to Cross-Site Scripting (XSS) attacks, as user-supplied or indirectly controlled data could be rendered directly in the browser without sanitization. Additionally, the absence of nonce and capability checks on any entry points, while the attack surface is currently reported as zero, means that if any new entry points are introduced or existing ones are repurposed without proper authentication and authorization, these vulnerabilities could be easily exploited. The single file operation also warrants scrutiny to ensure it's handled securely.
Key Concerns
- Output escaping is completely missing
- No nonce checks on entry points
- No capability checks on entry points
- File operation without specified checks
Async JS and CSS Security Vulnerabilities
Async JS and CSS Code Analysis
Output Escaping
Async JS and CSS Attack Surface
WordPress Hooks 13
Maintenance & Trust
Async JS and CSS Maintenance & Trust
Maintenance Signals
Community Trust
Async JS and CSS Alternatives
Asynchronous Javascript
asynchronous-javascript
Improve page load performance by asynchronously loading javascript using head.js
Head.WP
headwp
Head.js is a script to asynchronously load and manage dependencies of javascript and CSS assets.
AJAX Loading
ajax-loading
This plugin improves your users page experience without reloading pages using AJAX.
WP HeadJS
wp-headjs
Uses HeadJS to load your enqueued scripts asynchronously, in parallel, executing them in order.
Async JavaScript
async-javascript
Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres …
Async JS and CSS Developer Profile
2 plugins · 830 total installs
How We Detect Async JS and CSS
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/async-js-and-css/asyncJSandCSS.php/wp-content/plugins/async-js-and-css/settings_page.php/wp-content/plugins/async-js-and-css/functions.php/wp-content/plugins/async-js-and-css/asyncJSandCSS.phpasync-js-and-css/style.css?ver=async-js-and-css/script.js?ver=HTML / DOM Fingerprints
<!--script-->asyncScriptsasyncFunctionsloadedScriptsscriptsToLoadexecOnReady