CM Header and Footer – Add custom scripts and styles to your header and footer with ease Security & Risk Analysis

wordpress.org/plugins/cm-header-footer-script-loader

Add custom CSS and JavaScript to headers and footers on your site with the header and footer plugin for enhanced control and design.

1K active installs v1.3.0 PHP 5.2.4+ WP 5.4.0+ Updated Jan 29, 2026

custom-cssfooterheaderinsert-htmlinsert-javascript

A · Safe

CVEs total1

Unpatched0

Last CVEApr 3, 2025

Plugin page Download

Safety Verdict

Is CM Header and Footer – Add custom scripts and styles to your header and footer with ease Safe to Use in 2026?

Generally Safe

Score 99/100

CM Header and Footer – Add custom scripts and styles to your header and footer with ease has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 3, 2025Updated 2mo ago

Risk Assessment

The "cm-header-footer-script-loader" plugin v1.3.0 exhibits a mixed security posture. While it demonstrates some good practices such as the absence of critical or high-severity vulnerabilities in its history and a low number of SQL queries, several concerning areas warrant attention. The static analysis reveals a notable attack surface with 6 AJAX handlers, 3 of which lack authentication checks, posing a significant risk of unauthorized actions. Furthermore, a concerning taint analysis result indicates one flow with an unsanitized path, which could potentially lead to various injection vulnerabilities if not addressed. The plugin's vulnerability history, though currently showing no unpatched CVEs, does include one medium-severity vulnerability related to Cross-site Scripting, suggesting a past susceptibility to input manipulation. Overall, the plugin has strengths in its limited SQL usage and lack of dangerous functions, but the unprotected entry points and unsanitized data flow are critical weaknesses that require immediate remediation to improve its security.

Key Concerns

Unprotected AJAX handlers
Flow with unsanitized path
Medium severity CVE in history
Low percentage of properly escaped output

Vulnerabilities

CM Header and Footer – Add custom scripts and styles to your header and footer with ease Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31091medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Header and Footer <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Apr 3, 2025 Patched in 1.2.5 (7d)

Code Analysis

Analyzed Mar 16, 2026

CM Header and Footer – Add custom scripts and styles to your header and footer with ease Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

157

96 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

67% prepared3 total queries

Output Escaping

38% escaped253 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

cminds_system_info_content (package\cminds-free.php:2727)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

CM Header and Footer – Add custom scripts and styles to your header and footer with ease Attack Surface

Entry Points10

Unprotected3

AJAX Handlers 6

authwp_ajax_cmhandfsl_create_update_ruleclasses\class.cm-handfsl-backend.php:35

authwp_ajax_cmhandfsl_delete_ruleclasses\class.cm-handfsl-backend.php:36

authwp_ajax_cm-submit-uninstall-reasonpackage\cminds-free.php:147

authwp_ajax_cm-submit-registration-emailpackage\cminds-free.php:148

authwp_ajax_cm-submit-deregistrationpackage\cminds-free.php:149

authwp_ajax_cm-submit-registration-skippackage\cminds-free.php:150

Shortcodes 4

[cminds_free_registration] package\cminds-free.php:54

[cminds_free_guide] package\cminds-free.php:55

[cminds_upgrade_box] package\cminds-free.php:56

[cminds_free_activation] package\cminds-free.php:57

WordPress Hooks 24

actionadmin_enqueue_scriptsclasses\class.cm-handfsl-backend.php:23

actionadmin_enqueue_scriptsclasses\class.cm-handfsl-backend.php:24

actionadmin_menuclasses\class.cm-handfsl-backend.php:27

actionadd_meta_boxesclasses\class.cm-handfsl-backend.php:29

actionsave_postclasses\class.cm-handfsl-backend.php:30

actionwp_headclasses\class.cm-handfsl-frontend.php:17

actionwp_footerclasses\class.cm-handfsl-frontend.php:18

actioninitcm-header-footer-script-loader.php:74

actionwpmu_new_blogcm-header-footer-script-loader.php:76

actionplugins_loadedcm-header-footer-script-loader.php:267

actionactivated_pluginpackage\cminds-free.php:31

actionadmin_initpackage\cminds-free.php:33

actionadmin_menupackage\cminds-free.php:34

actionadmin_enqueue_scriptspackage\cminds-free.php:35

actionadmin_enqueue_scriptspackage\cminds-free.php:36

actioncminds_download_sysinfopackage\cminds-free.php:48

actioninitpackage\cminds-free.php:50

actioninitpackage\cminds-free.php:51

filterplugin_row_metapackage\cminds-free.php:59

actionwp_dashboard_setuppackage\cminds-free.php:62

actionadmin_footerpackage\cminds-free.php:157

filterwp_mail_content_typepackage\cminds-free.php:311

filterwp_mail_content_typepackage\cminds-free.php:2077

filterwp_mail_content_typepackage\cminds-free.php:2168

Maintenance & Trust

CM Header and Footer – Add custom scripts and styles to your header and footer with ease Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version5.2.4

Downloads44K

Community Trust

Rating100/100

Number of ratings2

Active installs1K

Alternatives

CM Header and Footer – Add custom scripts and styles to your header and footer with ease Alternatives

Insert Headers And Footers

wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE

Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript

add-custom-codes

Add custom codes to your wordpress site. A completely free plugin to add Custom PHP functions, HTML, CSS, Javascript, any other codes to your website.

1K 4 unpatched

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Header Footer Code Manager

header-footer-code-manager

Easily add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, marketing, or chat features.

600K 4 CVEs

Developer Profile

CM Header and Footer – Add custom scripts and styles to your header and footer with ease Developer Profile

CreativeMindsSolutions

19 plugins · 22K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

546 days

View full developer profile

Detection Fingerprints

How We Detect CM Header and Footer – Add custom scripts and styles to your header and footer with ease

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cm-header-footer-script-loader/assets/js/cm-handfsl-backend.js/wp-content/plugins/cm-header-footer-script-loader/assets/css/cm-handfsl-backend.css

Script Paths

/wp-content/plugins/cm-header-footer-script-loader/package/cminds-free.php/wp-content/plugins/cm-header-footer-script-loader/classes/class.cm-handfsl-backend.php/wp-content/plugins/cm-header-footer-script-loader/classes/class.cm-handfsl-frontend.php

Version Parameters

cm-header-footer-script-loader/assets/js/cm-handfsl-backend.js?ver=cm-header-footer-script-loader/assets/css/cm-handfsl-backend.css?ver=

HTML / DOM Fingerprints

FAQ