WP-Safety

Custom CSS and JS Security & Risk Analysis

wordpress.org/plugins/custom-css-and-js

Custom CSS and JavaScript allows you to add custom internal and external CSS and JavaScripts to individual posts.

1K active installs v1.0 PHP + WP 2.8+ Updated May 20, 2010
cssjavascriptpoststylesheet
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom CSS and JS Safe to Use in 2026?

Generally Safe

Score 85/100

Custom CSS and JS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The 'custom-css-and-js' plugin version 1.0 exhibits a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code demonstrates good practice by using prepared statements for all SQL queries and avoids risky operations like file manipulation or external HTTP requests. There are no known vulnerabilities in its history, which is a strong indicator of good security development and maintenance.

Key Concerns

  • Unescaped output detected
  • No capability checks
  • No nonce checks
Vulnerabilities
None known

Custom CSS and JS Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom CSS and JS Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface

Custom CSS and JS Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
filterwp_headcustom-css-js.php:115
Maintenance & Trust

Custom CSS and JS Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2
Last updatedMay 20, 2010
PHP min version
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs1K
Alternatives

Custom CSS and JS Alternatives

Per Post Scripts & Styles

Per Post Scripts & Styles

per-post-scripts-and-styles

A
85

Properly and safely add specific Javascript and CSS stylesheets to single posts, pages, and custom post types.

90 No CVEs
Custom CSS and JavaScript

Custom CSS and JavaScript

custom-css-and-javascript

A
92

Easily add custom CSS and JavaScript code to your WordPress site, with draft previewing, revisions, and minification!

10K No CVEs
Raw HTML

Raw HTML

raw-html

A
92

Lets you use raw HTML or any other code in your posts. You can also disable smart quotes and other automatic formatting on a per-post basis.

10K No CVEs
Better WordPress Minify

Better WordPress Minify

bwp-minify

A
85

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs
Insert JavaScript and CSS

Insert JavaScript and CSS

insert-javascript-css

A
85

Adds fields to the post and page edit pages that allow you to insert custom JavaScript or CSS for that post or page.

400 No CVEs
Developer Profile

Custom CSS and JS Developer Profile

pjdietz

1 plugin · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom CSS and JS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
/* <![CDATA[ *//* ]]> */
FAQ

Frequently Asked Questions about Custom CSS and JS