[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAJsHZI8AjjOk85AIj0MTy0aIbxeD-ZPMNAenyC8frn0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":153,"fingerprints":520},"custom-css-js","Simple Custom CSS and JS","3.52","SilkyPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fdiana_burduja\u002F","\u003Cp>Customize your WordPress site’s appearance by easily adding custom CSS and JS code without even having to modify your theme or plugin files. This is perfect for adding custom CSS tweaks to your site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Text editor\u003C\u002Fstrong> with syntax highlighting \u003C\u002Fli>\n\u003Cli>Print the code \u003Cstrong>inline\u003C\u002Fstrong> or included into an \u003Cstrong>external file\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Print the code in the \u003Cstrong>header\u003C\u002Fstrong> or the \u003Cstrong>footer\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add CSS or JS to the \u003Cstrong>frontend\u003C\u002Fstrong> or the \u003Cstrong>admin side\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add as many codes as you want\u003C\u002Fli>\n\u003Cli>Keep your changes also when you change the theme\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add Custom CSS or JS to your website with an awesome editor.",700000,10074700,88,101,"2026-03-06T19:56:00.000Z","6.9.4","3.0.1","5.2.4",[20,21,22,23,24],"add-style","custom-css","custom-js","customize-theme","site-css","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-js.3.52.zip",100,1,0,"2017-07-24 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2017-2285","simple-custom-css-and-js-cross-site-scripting","Simple Custom CSS and JS \u003C= 3.3 - Cross-Site Scripting","Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",null,"\u003C=3.3","3.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F01c9f196-bcf1-401b-992a-e7a60f9447f7?source=api-prod",2374,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":27,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"diana_burduja",5,729100,1362,79,"2026-04-04T06:32:49.553Z",[57,79,99,115,135],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":77,"vuln_count":28,"unpatched_count":28,"last_vuln_date":78,"fetched_at":31},"custom-css-editor","Custom CSS","1.4.0","FRESHFACE","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreshface\u002F","\u003Cp>Create custom CSS and JS codes. Delivered with our awesome Conditional Logic, you can easily specify\u003Cbr \u002F>\nwhere you want to your custom CSS code appear. You can write your CSS and JS codes inside\u003Cbr \u002F>\nnice ACE editor with syntax highlighter.Codes will be still presented, after you change the theme,\u003Cbr \u002F>\nso this is really good way to write CSS adjustments into your theme.\u003C\u002Fp>\n","Add custom CSS, JS, PHP, tracking code. Very easy to use!",1000,69232,50,17,"2017-11-28T15:06:00.000Z","4.6.30","4.0.0","",[74,21,22],"custom-code","http:\u002F\u002Ffreshface.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-editor.zip",63,"2025-10-08 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":27,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":40,"requires_php":72,"tags":92,"homepage":96,"download_link":97,"security_score":98,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"live-css-js-code-editor","Live Custom CSS JS Code Editor","1.0.5","Ozan Canakli","https:\u002F\u002Fprofiles.wordpress.org\u002Fozancanakli\u002F","\u003Cp>This plugin allows you to add custom site-wide \u003Cstrong>CSS, JavaScript, Header, Footer Code\u003C\u002Fstrong> to your WordPress site. The changes appear instantly on your website with help of \u003Cstrong>WordPress Live Customizer.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgP78wXPayvU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>In your WordPress Dashboard, navigate to Customize > Live Code Editor to get started.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When you Change or Update your WordPress Theme, Your Custom Code isn’t effected from these changes.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NEW FEATURES as Version 1.0.5:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Add Custom CSS to WordPress Admin dashboard.\u003Cbr \u002F>\n* Add Custom JavaScript to WordPress Admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>MAIN FEATURES:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom CSS code\u003C\u002Fli>\n\u003Cli>Custom Javascript code\u003C\u002Fli>\n\u003Cli>Custom Header Code (Inside  tags)(Google Analytics and Facebook Pixel compatible.)\u003C\u002Fli>\n\u003Cli>Custom Footer Code (Before closing  tag aka wp_footer function)\u003C\u002Fli>\n\u003Cli>See Your Changes Immediately on your WordPress Site\u003C\u002Fli>\n\u003Cli>Built in Syntax Code Highlighter\u003C\u002Fli>\n\u003Cli>16 Color Schemes (Monokai, Chrome, GitHub, Twilight, Dreamweaver, XCode, Eclipse etc. 8 Light, 8 Dark)\u003C\u002Fli>\n\u003Cli>Live Syntax Checking (CSS, JavaScript, HTML)\u003C\u002Fli>\n\u003Cli>Syntax Highlighting\u003C\u002Fli>\n\u003Cli>Line wrapping\u003C\u002Fli>\n\u003Cli>Code folding\u003C\u002Fli>\n\u003Cli>Multiple cursors and selections\u003C\u002Fli>\n\u003Cli>Handles huge code blocks (four million lines seems to be the limit!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Special thanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fjustinbusa\u002F\" rel=\"nofollow ugc\">Justin Busa\u003C\u002Fa> of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbeaver-builder-lite-version\u002F\" rel=\"ugc\">Beaver Builder\u003C\u002Fa> for the inspiration.\u003C\u002Fp>\n","Live Custom CSS JS Code Editor allows you to easily add custom CSS, JavaScript, Header, Footer Code to your site, straight from your WordPress Customi &hellip;",400,12960,3,"2020-03-13T20:32:00.000Z","5.3.21",[93,21,22,94,95],"css","customizer","javascript","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Flive-css-js-code-editor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-css-js-code-editor.zip",85,{"slug":22,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":29,"num_ratings":29,"last_updated":108,"tested_up_to":70,"requires_at_least":109,"requires_php":72,"tags":110,"homepage":113,"download_link":114,"security_score":98,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Custom JS","1.0.0","seosbg","https:\u002F\u002Fprofiles.wordpress.org\u002Fseosbg\u002F","\u003Cp>Custom JS WordPress plugin allows you to Custom JS fields in your theme. Simply amazing and easy to use.\u003Cbr \u002F>\nTo learn more about the Custom JS plugin please see Plugin URI. See screenshot examples at https:\u002F\u002Fwww.seosthemes.com\u002Fcustom-js\u002F\u003C\u002Fp>\n","Custom JS is easy to use. Custom JS WordPress plugin allows you to Custom JS fields in your theme - include js in head or footer.",200,3688,"2016-09-24T09:52:00.000Z","4.6",[93,21,111,22,112],"custom-javascript","textarea-css","https:\u002F\u002Fwww.seosthemes.com\u002Fcustom-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-js.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":27,"num_ratings":28,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":133,"download_link":134,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"icustomizer","ICustomizer","1.7.3","informatux","https:\u002F\u002Fprofiles.wordpress.org\u002Finformatux\u002F","\u003Cp>Plugins de personnalisation de votre administration et de votre site web.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Gérez vos métas, paramètres, bar d’admin et pied de page\u003C\u002Fli>\n\u003Cli>Personnaliser votre tableau de bord Admin\u003C\u002Fli>\n\u003Cli>Injecter du CSS dans votre administration \u002F dans votre site web\u003C\u002Fli>\n\u003Cli>Injecter du CSS et du Javascript dans votre site web\u003C\u002Fli>\n\u003Cli>Personnaliser le comportement de vos éditeurs\u003C\u002Fli>\n\u003Cli>Personnaliser votre page de login\u003C\u002Fli>\n\u003Cli>Vérifiez les options de sécurité\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdev.informatux.com\u002F\" rel=\"nofollow ugc\">DEV By INFORMATUX\u003C\u002Fa> \u002F \u003Ca href=\"https:\u002F\u002Fdev.informatux.com\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Personnalisation de votre administration et de votre site web",30,6134,"2025-06-30T15:33:00.000Z","6.8.5","5.9","7.4",[130,21,22,131,132],"admin","dashboard","metas","https:\u002F\u002Fgithub.com\u002Finformatux45\u002Ficustomizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ficustomizer.1.7.3.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":29,"num_ratings":29,"last_updated":145,"tested_up_to":16,"requires_at_least":146,"requires_php":147,"tags":148,"homepage":72,"download_link":152,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-smart-content","WP Smart Content","1.3.4","Vinod Sebastian","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinodsebastian\u002F","\u003Cp>Easily inject HTML, CSS, JS, styles, scripts & tracking code via hooks \u002F shortcodes with safe mode, scheduling, revisioning & geotargeting.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEGcpAotBoZU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJQlmAbAFeyU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>⏱ Schedule when you want\u003C\u002Fh3>\n\u003Cp>Define start and end dates so snippets appear only when needed — ideal for campaigns, seasonal banners, or compliance notices.\u003C\u002Fp>\n\u003Ch3>📍 Publish where you want\u003C\u002Fh3>\n\u003Cp>Inject HTML, JavaScript, or CSS styles into any WordPress hook — Classic or Block Hook — without editing templates. Embed blocks directly inside posts, pages, or widgets using shortcodes.\u003C\u002Fp>\n\u003Ch3>🌍 Filter where you want\u003C\u002Fh3>\n\u003Cp>Control visibility across WordPress sections: all, frontend, posts, pages, backend (Admin), authentication, and system pages. Apply filters to selected posts or pages for complete flexibility.\u003C\u002Fp>\n\u003Ch3>🌐 Target who you want\u003C\u002Fh3>\n\u003Cp>Use geotargeting to display blocks only to visitors from selected countries. Configure rules to include or exclude specific regions.\u003C\u002Fp>\n\u003Ch3>🔒 Manage safely by whom you want\u003C\u002Fh3>\n\u003Cp>Administrators can use Raw Mode (unfiltered output) or Safe Mode (sanitized injection). Non-admins can be granted limited Safe Mode access via the \u003Ccode>wpsc_admin\u003C\u002Fcode> capability, making delegation secure.\u003C\u002Fp>\n\u003Ch3>🗂 Revision when you want\u003C\u002Fh3>\n\u003Cp>Retrieve, compare, and restore block editor content with full revision management. Delete outdated revisions safely to keep the database clean and audit-friendly.\u003C\u002Fp>\n\u003Ch3>🖊️ Edit how you want\u003C\u002Fh3>\n\u003Cp>Includes a built-in editor with dedicated sections for HTML, CSS, and JavaScript, plus Preview and Error panels. Syntax highlighting improves readability, while instant error feedback ensures safe workflows.\u003C\u002Fp>\n\u003Ch3>✅ Why WP Smart Content?\u003C\u002Fh3>\n\u003Cp>By combining scheduling, hook targeting, filtering, geotargeting, role-based permissions, revisioning, and a syntax-highlighted editor, WP Smart Content ensures snippets are placed exactly where and when you want them — managed safely by the right people. It’s a compliance-ready, SEO-friendly solution that keeps your WordPress site secure, scalable, and easy to maintain. Supports Classic & Block Hooks, grouped dropdowns, translation readiness, and a reviewer-friendly modular codebase with clear documentation.\u003C\u002Fp>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Classic Hooks\u003C\u002Fstrong>: Inject content into wp_head, wp_footer, styles, scripts, meta, and footer scripts.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block Hooks (WP 6.8+)\u003C\u002Fstrong>: Add content anywhere via the block editor UI.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Grouped dropdowns\u003C\u002Fstrong>: Organized separation of Classic and Block Hooks in admin.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation ready\u003C\u002Fstrong>: Updated .pot file for localization.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reviewer-friendly\u003C\u002Fstrong>: Modular code, clear docs, and WordPress coding standards compliance.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💡 Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add a script to the \u003Chead> section without editing theme files.  \u003C\u002Fli>\n\u003Cli>Insert HTML into the \u003Cfooter> for custom notices or widgets.  \u003C\u002Fli>\n\u003Cli>Push CSS before WordPress outputs styles for precise control.  \u003C\u002Fli>\n\u003Cli>Inject a notice after post content using Block Hooks.  \u003C\u002Fli>\n\u003Cli>Manage analytics or marketing tags centrally, without touching templates.  \u003C\u002Fli>\n\u003Cli>Schedule snippets to run only during campaigns or seasonal events.  \u003C\u002Fli>\n\u003Cli>Delegate Safe Mode CSS editing to a designer or contributor without exposing Raw Mode or sensitive site access.  \u003C\u002Fli>\n\u003Cli>Display region-specific banners or compliance notices using geotargeting (include\u002Fexclude selected countries).  \u003C\u002Fli>\n\u003Cli>Control visibility across frontend, posts, pages, admin, authentication, or system pages with scope targeting.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔗 Few Supported Hooks\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>Classic Hooks\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>wp_head – Injects content into the ‘\u003Chead>’ section before closing tag  \u003C\u002Fli>\n\u003Cli>wp_footer – Injects content into the ‘\u003Cbody>’ section before closing tag  \u003C\u002Fli>\n\u003Cli>wp_print_styles – Injects content before WordPress outputs enqueued styles  \u003C\u002Fli>\n\u003Cli>wp_print_scripts – Injects content before WordPress outputs enqueued scripts  \u003C\u002Fli>\n\u003Cli>wp_meta – Injects content into the meta section of the sidebar  \u003C\u002Fli>\n\u003Cli>wp_print_footer_scripts – Injects content before WordPress outputs footer scripts  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Block Hooks (WordPress 6.8+)\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>after_post_content – Injects content immediately after the post content block  \u003C\u002Fli>\n\u003Cli>before_post_content – Injects content immediately before the post content block  \u003C\u002Fli>\n\u003Cli>after_comments – Injects content after the comments block  \u003C\u002Fli>\n\u003Cli>before_comments – Injects content before the comments block  \u003C\u002Fli>\n\u003Cli>after_entry_title – Injects content after the entry\u002Fpost title block  \u003C\u002Fli>\n\u003Cli>before_entry_title – Injects content before the entry\u002Fpost title block  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Optional Context Hooks\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>admin_head – Injects content into the ‘\u003Chead>’ section of admin pages  \u003C\u002Fli>\n\u003Cli>admin_footer – Injects content into the ‘\u003Cfooter>’ section of admin pages  \u003C\u002Fli>\n\u003Cli>login_head – Injects content into the ‘\u003Chead>’ section of the login page  \u003C\u002Fli>\n\u003Cli>login_footer – Injects content into the ‘\u003Cfooter>’ section of the login page  \u003C\u002Fli>\n\u003Cli>enqueue_block_assets – Injects content when block editor assets are loaded\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Administrators have access to both Raw and Safe modes. Trusted non-administrators can be granted access to pre-created blocks in Safe mode by assigning the ‘wpsc_admin’ capability to their role, either through a role editor plugin or via custom code.\u003C\u002Fp>\n\u003Ch3>Creating Blocks in WordPress Admin (From the plugin dashboard)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate WP Smart Content from the WordPress Plugins screen.  \u003C\u002Fli>\n\u003Cli>Go to WP Smart Content \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New Block in the admin menu.  \u003C\u002Fli>\n\u003Cli>Enter a descriptive block name.  \u003C\u002Fli>\n\u003Cli>Paste your HTML, CSS, or JavaScript into the respective tabs of the block editor.  \u003C\u002Fli>\n\u003Cli>Select the desired mode: Raw Mode (unfiltered output) or Safe Mode (sanitized injection).  \u003C\u002Fli>\n\u003Cli>Choose where to inject the block, such as:\n\u003Cul>\n\u003Cli>Header (wp_head) for scripts or tracking code  \u003C\u002Fli>\n\u003Cli>Footer (wp_footer) for notices or widgets  \u003C\u002Fli>\n\u003Cli>Before\u002Fafter post content for banners or messages  \u003C\u002Fli>\n\u003Cli>Block Hooks (WordPress 6.8+) for precise placement in the block editor  \u003C\u002Fli>\n\u003Cli>Other classic hooks such as wp_print_scripts or wp_meta  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Configure targeting options:\n\u003Cul>\n\u003Cli>Apply globally (All) or across specific site sections (Frontend, All Posts, All Pages, Backend, Authentication, System Pages) using Target Scopes  \u003C\u002Fli>\n\u003Cli>Restrict visibility to selected posts or pages  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Set priority to control execution order when multiple blocks use the same hook.  \u003C\u002Fli>\n\u003Cli>Define scheduling by assigning start and end dates so snippets appear only when needed.  \u003C\u002Fli>\n\u003Cli>Configure geotargeting to display blocks based on inclusion or exclusion of selected countries.  \u003C\u002Fli>\n\u003Cli>Enable revision saving by checking the “Save to revisions” option.  \u003C\u002Fli>\n\u003Cli>Publish the block.  \u003C\u002Fli>\n\u003Cli>Result: Your scripts, styles, or HTML are injected as configured. Blocks can be managed from the block listing — edit, enable\u002Fdisable, publish\u002Funpublish, or delete anytime.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Using the Block Editor to Insert Blocks (Placing directly into templates)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Once WP Smart Content is activated, open the Site Editor (Appearance \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Editor) for your block theme.  \u003C\u002Fli>\n\u003Cli>Locate Block Hook areas (header, footer, before\u002Fafter post content, sidebar).  \u003C\u002Fli>\n\u003Cli>From the block inserter (+), add the “WP Smart Content” block or select an existing block to edit its injection hook.  \u003C\u002Fli>\n\u003Cli>Use WP Smart Content settings in the right sidebar (Block tab) to select an injection hook. This links your stored block snippet to the chosen hook.  \u003C\u002Fli>\n\u003Cli>Save the template. Your snippet will be injected automatically at the chosen location.  \u003C\u002Fli>\n\u003Cli>Result: Scripts, styles, or HTML from the block editor are added via the Block UI without editing theme files, fully compatible with block themes.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Using Shortcodes to Insert Blocks (Place inline within posts, pages, or widgets)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Place the shortcode directly in your post, page, or widget: \u003Ccode>[wp_smart_content name=\"blockname\"]\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>Replace “blockname” with the name of your Smart Content block.  \u003C\u002Fli>\n\u003Cli>Result: Scripts, styles, or HTML from the block editor are added at the exact position where the shortcode is placed, respecting publish status, scheduling, and geotargeting.  \u003C\u002Fli>\n\u003Cli>Example:\u003Cbr \u002F>\n   [wp_smart_content name=”header-banner”]\u003Cbr \u002F>\n\u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> This will display the “Header Banner” block inline inside your post or page content.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Geotargeting Setup Notes\u003C\u002Fh3>\n\u003Cp>WP Smart Content provides geotargeting support using two options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Default (Country.is API)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No setup required.  \u003C\u002Fli>\n\u003Cli>Uses the free Country.is API to detect visitor country by IP. \u003C\u002Fli>\n\u003Cli>Ideal for lightweight use cases such as banners, compliance notices, or regional campaigns.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fallback \u002F Advanced (MaxMind GeoLite2 Database)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For users who prefer to store IP data locally.  \u003C\u002Fli>\n\u003Cli>Requires the GeoLite2 Country database (MMDB format) created and licensed by MaxMind.  \u003C\u002Fli>\n\u003Cli>Due to licensing restrictions, the database cannot be redistributed within this plugin.  \u003C\u002Fli>\n\u003Cli>Users must download and update the database directly from MaxMind.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Steps to enable MaxMind fallback:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Create a free account at https:\u002F\u002Fwww.maxmind.com.  \u003C\u002Fli>\n\u003Cli>Download the GeoLite2 Country database (MMDB format).  \u003C\u002Fli>\n\u003Cli>After downloading the GeoLite2 Country database (GeoLite2-Country.mmdb), place the file here:\u003Cbr \u002F>\n   \u002Fwp-content\u002Fplugins\u002Fwp-smart-content\u002Fmaxmind-db-reader\u002Fdata\u002FGeoLite2-Country.mmdb \u003C\u002Fli>\n\u003Cli>Update the database regularly as required (MaxMind releases monthly updates).  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Result:\u003Cbr \u002F>\n– By default, WP Smart Content uses Country.is for geotargeting.\u003Cbr \u002F>\n– If the MaxMind database is present at the path above, the plugin will use it instead, allowing local IP lookups and more control over data storage.\u003Cbr \u002F>\n– If both methods fail, WP Smart Content defaults to rendering content to avoid breaking site functionality.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin bundles the following third-party libraries:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Tagify (https:\u002F\u002Fgithub.com\u002FyairEO\u002Ftagify)\u003Cbr \u002F>\nReleased under the MIT License\u003Cbr \u002F>\nCopyright (c) Panayiotis Lipiridis\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Flag Icons (https:\u002F\u002Fgithub.com\u002Flipis\u002Fflag-icons)\u003Cbr \u002F>\nReleased under the MIT License\u003Cbr \u002F>\nCopyright (c) Panayiotis Lipiridis\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>MaxMind DB Reader (https:\u002F\u002Fgithub.com\u002Fmaxmind\u002FMaxMind-DB-Reader-php)\u003Cbr \u002F>\nReleased under the Apache License, Version 2.0\u003Cbr \u002F>\nCopyright (c) MaxMind, Inc.\u003Cbr \u002F>\nUsed to read GeoLite2 databases for geotargeting support.\u003Cbr \u002F>\nGeoLite2 data created by MaxMind, available from https:\u002F\u002Fwww.maxmind.com.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licensing Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin itself is licensed under GPLv2 or later, in accordance with WordPress.org requirements.  \u003C\u002Fli>\n\u003Cli>Tagify remains under its original MIT License. The MIT license file is included in this plugin’s distribution.  \u003C\u002Fli>\n\u003Cli>Flag Icons remains under its original MIT License. The MIT license file is included in this plugin’s distribution.  \u003C\u002Fli>\n\u003Cli>MaxMind DB Reader is licensed under the Apache License, Version 2.0. The Apache 2.0 license file is included in this plugin’s distribution.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily inject HTML, CSS, JS, styles, scripts & tracking code via hooks \u002F shortcodes with safe mode, scheduling, revisioning & geotargeting.",10,2441,"2025-12-20T19:13:00.000Z","5.0","7.0",[149,20,23,150,151],"ad-management","header-and-footer-script","schedule","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smart-content.1.3.4.zip",{"attackSurface":154,"codeSignals":262,"taintFlows":395,"riskAssessment":506,"analyzedAt":519},{"hooks":155,"ajaxHandlers":251,"restRoutes":259,"shortcodes":260,"cronEvents":261,"entryPointCount":28,"unprotectedCount":29},[156,162,164,167,171,177,181,184,189,193,197,201,206,209,212,215,218,221,224,227,229,233,237,241,244,248],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","init","register_post_type","custom-css-js.php",74,{"type":157,"name":158,"callback":163,"file":160,"line":54},"load_plugin_textdomain",{"type":157,"name":165,"callback":166,"file":160,"line":27},"wp_enqueue_scripts","CustomCSSandJS::wp_enqueue_scripts",{"type":157,"name":168,"callback":169,"file":160,"line":170},"enqueue_block_assets","CustomCSSandJS::enqueue_block_assets",104,{"type":172,"name":173,"callback":174,"priority":175,"file":160,"line":176},"filter","quads_meta_box_post_types","custom_css_js_quads_pro_compat",20,358,{"type":157,"name":178,"callback":178,"file":179,"line":180},"admin_menu","includes\\admin-config.php",42,{"type":157,"name":182,"callback":182,"file":179,"line":183},"admin_enqueue_scripts",43,{"type":157,"name":185,"callback":186,"priority":187,"file":179,"line":188},"ccj_settings_form","general_extra_form",11,46,{"type":172,"name":190,"callback":191,"file":179,"line":192},"ccj_settings_default","general_extra_default",47,{"type":172,"name":194,"callback":195,"file":179,"line":196},"ccj_settings_save","general_extra_save",48,{"type":157,"name":198,"callback":198,"file":199,"line":200},"admin_notices","includes\\admin-notices.php",35,{"type":157,"name":202,"callback":203,"priority":143,"file":204,"line":205},"manage_custom-css-js_posts_custom_column","manage_posts_columns","includes\\admin-screens.php",77,{"type":172,"name":207,"callback":207,"priority":143,"file":204,"line":208},"list_table_primary_column",78,{"type":172,"name":210,"callback":211,"file":204,"line":54},"manage_edit-custom-css-js_sortable_columns","manage_edit_posts_sortable_columns",{"type":157,"name":213,"callback":213,"priority":143,"file":204,"line":214},"posts_orderby",80,{"type":157,"name":216,"callback":216,"priority":143,"file":204,"line":217},"posts_join_paged",81,{"type":157,"name":219,"callback":219,"priority":143,"file":204,"line":220},"posts_where_paged",82,{"type":172,"name":222,"callback":222,"priority":143,"file":204,"line":223},"post_row_actions",83,{"type":172,"name":225,"callback":225,"priority":143,"file":204,"line":226},"parse_query",84,{"type":172,"name":228,"callback":228,"priority":175,"file":204,"line":98},"wp_statuses_get_supported_post_types",{"type":157,"name":230,"callback":231,"priority":27,"file":204,"line":232},"current_screen","current_screen_2",87,{"type":157,"name":234,"callback":235,"file":204,"line":236},"admin_init","update_custom_codes_for_block_editor",89,{"type":157,"name":238,"callback":239,"file":204,"line":240},"admin_head","current_screen_post",325,{"type":157,"name":238,"callback":242,"file":204,"line":243},"current_screen_edit",329,{"type":172,"name":245,"callback":246,"priority":27,"file":204,"line":247},"use_block_editor_for_post","__return_false",1793,{"type":172,"name":249,"callback":246,"priority":27,"file":204,"line":250},"use_block_editor_for_post_type",1794,[252],{"action":253,"nopriv":254,"callback":255,"hasNonce":256,"hasCapCheck":254,"file":257,"line":258},"ccj_dismiss",false,"notice_dismiss",true,"includes\\admin-warnings.php",23,[],[],[],{"dangerousFunctions":263,"sqlUsage":268,"outputEscaping":271,"fileOperations":392,"externalRequests":29,"nonceChecks":393,"capabilityChecks":89,"bundledLibraries":394},[264],{"fn":265,"file":204,"line":266,"context":267},"unserialize",309,"$options                   = @unserialize( $options['options'][0] );",{"prepared":269,"raw":29,"locations":270},2,[],{"escaped":272,"rawEcho":77,"locations":273},33,[274,277,279,281,283,285,288,289,291,292,294,296,298,300,302,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,342,343,345,347,349,351,353,355,357,359,361,363,365,366,368,370,371,373,375,377,378,380,382,384,385,387,388,390],{"file":160,"line":275,"context":276},198,"raw output",{"file":160,"line":278,"context":276},206,{"file":160,"line":280,"context":276},210,{"file":160,"line":282,"context":276},215,{"file":160,"line":284,"context":276},221,{"file":286,"line":287,"context":276},"includes\\admin-addons.php",99,{"file":286,"line":14,"context":276},{"file":286,"line":290,"context":276},152,{"file":286,"line":290,"context":276},{"file":286,"line":293,"context":276},154,{"file":286,"line":295,"context":276},155,{"file":286,"line":297,"context":276},157,{"file":286,"line":299,"context":276},158,{"file":286,"line":301,"context":276},160,{"file":286,"line":301,"context":276},{"file":286,"line":304,"context":276},163,{"file":179,"line":306,"context":276},126,{"file":179,"line":308,"context":276},223,{"file":179,"line":310,"context":276},226,{"file":179,"line":312,"context":276},232,{"file":179,"line":314,"context":276},250,{"file":179,"line":316,"context":276},253,{"file":179,"line":318,"context":276},261,{"file":179,"line":320,"context":276},266,{"file":199,"line":322,"context":276},166,{"file":199,"line":324,"context":276},167,{"file":199,"line":326,"context":276},168,{"file":199,"line":328,"context":276},169,{"file":199,"line":330,"context":276},170,{"file":199,"line":332,"context":276},175,{"file":199,"line":334,"context":276},177,{"file":199,"line":336,"context":276},178,{"file":199,"line":338,"context":276},182,{"file":199,"line":340,"context":276},188,{"file":199,"line":340,"context":276},{"file":199,"line":340,"context":276},{"file":199,"line":344,"context":276},189,{"file":204,"line":346,"context":276},398,{"file":204,"line":348,"context":276},420,{"file":204,"line":350,"context":276},432,{"file":204,"line":352,"context":276},509,{"file":204,"line":354,"context":276},511,{"file":204,"line":356,"context":276},514,{"file":204,"line":358,"context":276},598,{"file":204,"line":360,"context":276},675,{"file":204,"line":362,"context":276},867,{"file":204,"line":364,"context":276},868,{"file":204,"line":364,"context":276},{"file":204,"line":367,"context":276},869,{"file":204,"line":369,"context":276},900,{"file":204,"line":369,"context":276},{"file":204,"line":372,"context":276},960,{"file":204,"line":374,"context":276},964,{"file":204,"line":376,"context":276},1365,{"file":204,"line":376,"context":276},{"file":204,"line":379,"context":276},1382,{"file":204,"line":381,"context":276},1627,{"file":204,"line":383,"context":276},1628,{"file":204,"line":383,"context":276},{"file":204,"line":386,"context":276},1681,{"file":257,"line":272,"context":276},{"file":257,"line":389,"context":276},36,{"file":257,"line":391,"context":276},40,7,6,[],[396,412,427,461,470,478,486,498],{"entryPoint":397,"graph":398,"unsanitizedCount":28,"severity":41},"current_screen_post (includes\\admin-screens.php:635)",{"nodes":399,"edges":410},[400,405],{"id":401,"type":402,"label":403,"file":204,"line":404},"n0","source","$_GET",650,{"id":406,"type":407,"label":408,"file":204,"line":360,"wp_function":409},"n1","sink","echo() [XSS]","echo",[411],{"from":401,"to":406,"sanitized":254},{"entryPoint":413,"graph":414,"unsanitizedCount":28,"severity":41},"wp_ajax_ccj_permalink (includes\\admin-screens.php:1692)",{"nodes":415,"edges":424},[416,419,422],{"id":401,"type":402,"label":417,"file":204,"line":418},"$_POST",1711,{"id":406,"type":420,"label":421,"file":204,"line":418},"transform","→ edit_form_before_permalink()",{"id":423,"type":407,"label":408,"file":204,"line":386,"wp_function":409},"n2",[425,426],{"from":401,"to":406,"sanitized":254},{"from":406,"to":423,"sanitized":254},{"entryPoint":428,"graph":429,"unsanitizedCount":28,"severity":41},"\u003Cadmin-screens> (includes\\admin-screens.php:0)",{"nodes":430,"edges":455},[431,434,435,438,443,447,449,451,453],{"id":401,"type":402,"label":432,"file":204,"line":433},"$_GET (x7)",585,{"id":406,"type":407,"label":408,"file":204,"line":358,"wp_function":409},{"id":423,"type":402,"label":436,"file":204,"line":437},"$_GET (x2)",749,{"id":439,"type":407,"label":440,"file":204,"line":441,"wp_function":442},"n3","file_put_contents() [File Write]",1320,"file_put_contents",{"id":444,"type":402,"label":445,"file":204,"line":446},"n4","$_POST (x2)",1319,{"id":448,"type":407,"label":440,"file":204,"line":441,"wp_function":442},"n5",{"id":450,"type":402,"label":417,"file":204,"line":418},"n6",{"id":452,"type":420,"label":421,"file":204,"line":418},"n7",{"id":454,"type":407,"label":408,"file":204,"line":386,"wp_function":409},"n8",[456,457,458,459,460],{"from":401,"to":406,"sanitized":256},{"from":423,"to":439,"sanitized":256},{"from":444,"to":448,"sanitized":256},{"from":450,"to":452,"sanitized":254},{"from":452,"to":454,"sanitized":254},{"entryPoint":462,"graph":463,"unsanitizedCount":29,"severity":469},"wp_ajax_ccj_active_code (includes\\admin-screens.php:580)",{"nodes":464,"edges":467},[465,466],{"id":401,"type":402,"label":403,"file":204,"line":433},{"id":406,"type":407,"label":408,"file":204,"line":358,"wp_function":409},[468],{"from":401,"to":406,"sanitized":256},"low",{"entryPoint":471,"graph":472,"unsanitizedCount":29,"severity":469},"codemirror_editor (includes\\admin-screens.php:733)",{"nodes":473,"edges":476},[474,475],{"id":401,"type":402,"label":436,"file":204,"line":437},{"id":406,"type":407,"label":408,"file":204,"line":362,"wp_function":409},[477],{"from":401,"to":406,"sanitized":256},{"entryPoint":479,"graph":480,"unsanitizedCount":29,"severity":469},"options_save_meta_box_data (includes\\admin-screens.php:1212)",{"nodes":481,"edges":484},[482,483],{"id":401,"type":402,"label":445,"file":204,"line":446},{"id":406,"type":407,"label":440,"file":204,"line":441,"wp_function":442},[485],{"from":401,"to":406,"sanitized":256},{"entryPoint":487,"graph":488,"unsanitizedCount":29,"severity":469},"notice_dismiss (includes\\admin-warnings.php:52)",{"nodes":489,"edges":496},[490,492],{"id":401,"type":402,"label":417,"file":257,"line":491},54,{"id":406,"type":407,"label":493,"file":257,"line":494,"wp_function":495},"update_option() [Settings Manipulation]",62,"update_option",[497],{"from":401,"to":406,"sanitized":256},{"entryPoint":499,"graph":500,"unsanitizedCount":29,"severity":469},"\u003Cadmin-warnings> (includes\\admin-warnings.php:0)",{"nodes":501,"edges":504},[502,503],{"id":401,"type":402,"label":417,"file":257,"line":491},{"id":406,"type":407,"label":493,"file":257,"line":494,"wp_function":495},[505],{"from":401,"to":406,"sanitized":256},{"summary":507,"deductions":508},"The \"custom-css-js\" plugin, version 3.52, exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks on its entry points, which are limited to a single AJAX handler.  It also avoids external HTTP requests and bundled libraries. However, several concerns warrant attention. The presence of the `unserialize` function is a significant risk, as it can lead to remote code execution if untrusted data is passed to it.  Furthermore, a substantial percentage of output is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities.  The taint analysis revealed multiple flows with unsanitized paths, suggesting potential for data manipulation or injection, although no critical or high-severity issues were flagged in this specific analysis. The plugin's vulnerability history, though dated with its last known medium severity XSS vulnerability in 2017, indicates a past susceptibility to XSS. The absence of any recently patched vulnerabilities is encouraging, but the historical pattern of XSS and the current code signals of insufficient output escaping are weaknesses that could be exploited.",[509,512,515,517],{"reason":510,"points":511},"Dangerous function unserialize detected",15,{"reason":513,"points":514},"High percentage of unescaped output detected",8,{"reason":516,"points":392},"Taint analysis shows unsanitized paths",{"reason":518,"points":143},"Historical medium severity XSS vulnerability","2026-03-16T16:59:31.117Z",{"wat":521,"direct":527},{"assetPaths":522,"generatorPatterns":524,"scriptPaths":525,"versionParams":526},[523],"\u002Fwp-content\u002Fplugins\u002Fcustom-css-js\u002Fupload\u002F",[],[],[],{"cssClasses":528,"htmlComments":529,"htmlAttributes":532,"restEndpoints":534,"jsGlobals":535,"shortcodeOutput":536},[],[530,531],"\u003C!-- start Simple Custom CSS and JS -->","\u003C!-- end Simple Custom CSS and JS -->",[533],"data-ccj-id",[],[],[]]