[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f62JwTac_2sAe20iXmWanpEQvjj9N9NWknL4orgwkuko":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":64,"crawl_stats":37,"alternatives":71,"analysis":177,"fingerprints":285},"custom-css","Custom CSS, JS & PHP","2.4.3","WPFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcodefactory\u002F","\u003Cp>\u003Cstrong>Custom CSS, JS & PHP\u003C\u002Fstrong> is a lightweight plugin that lets you add:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>custom \u003Cstrong>CSS\u003C\u002Fstrong> (front-end and\u002For back-end),\u003C\u002Fli>\n\u003Cli>custom \u003Cstrong>JavaScript\u003C\u002Fstrong> (front-end and\u002For back-end), and\u003C\u002Fli>\n\u003Cli>custom \u003Cstrong>PHP\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🗘 Feedback\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We are open to your suggestions and feedback. Thank you for using or trying out one of our plugins!\u003C\u002Fli>\n\u003C\u002Ful>\n","Just another custom CSS, JavaScript & PHP tool for WordPress.",400,9860,100,3,"2025-09-08T16:08:00.000Z","6.8.5","4.4","",[20,21,22,23],"css","javascript","js","php","https:\u002F\u002Fwpfactory.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css.2.4.3.zip",97,2,0,"2025-04-16 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-39601","custom-css-js-php-cross-site-request-forgery-to-remote-code-exectuiron","Custom CSS, JS & PHP \u003C= 2.4.1 - Cross-Site Request Forgery to Remote Code Exectuiron","The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation on the save_options() function. This makes it possible for unauthenticated attackers to inject arbitrary code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.4.1","2.4.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2025-04-21 19:38:54",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5fd0971e-7749-4970-ad39-d0d64a9f1d90?source=api-prod",6,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2024-11330","custom-css-js-php-reflected-cross-site-scripting","Custom CSS, JS & PHP \u003C= 2.3.0 - Reflected Cross-Site Scripting","The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2.3.0","2.4.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-11-22 18:17:30","2024-11-23 06:54:50",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3497974d-cf58-4b38-a2c9-9bcd119ef43e?source=api-prod",1,{"slug":65,"display_name":7,"profile_url":8,"plugin_count":66,"total_installs":67,"avg_security_score":26,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"wpcodefactory",63,135890,98,77,"2026-04-04T11:00:41.044Z",[72,96,115,135,155],{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":93,"download_link":94,"security_score":95,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bwp-minify","Better WordPress Minify","1.3.3","Khang Minh","https:\u002F\u002Fprofiles.wordpress.org\u002Foddoneout\u002F","\u003Cp>Allows you to combine and minify your CSS and JS files to improve page load time. This plugin uses the PHP library \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fp\u002Fminify\u002F\" rel=\"nofollow ugc\">Minify\u003C\u002Fa> and relies on WordPress’s enqueueing system rather than the output buffer, which respects the order of CSS and JS files as well as their dependencies. BWP Minify is very customizable and easy to use.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Useful resources to help you get started and make the most out of BWP Minify\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-minify\u002F#usage\" rel=\"nofollow ugc\">Official Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-minify-javascript-css\u002F\" rel=\"nofollow ugc\">WordPress Minify Best Practices\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Some Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses enqueueing system of WordPress which improves compatibility with other plugins and themes\u003C\u002Fli>\n\u003Cli>Allows you to move enqueued files to desired locations (header, footer, oblivion, etc.) via a dedicated management page\u003C\u002Fli>\n\u003Cli>Allows you to change various Minify settings (cache directory, cache age, debug mode, etc.) directly in admin\u003C\u002Fli>\n\u003Cli>Allows you to use friendly Minify urls, such as \u003Ccode>http:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fcache\u002Fsomestring.js\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Allows you to use CDN for minified contents, one CDN host for JS and one for CSS with SSL support\u003C\u002Fli>\n\u003Cli>Allows you to split long Minify strings into shorter ones\u003C\u002Fli>\n\u003Cli>Offers various way to add a cache buster to your minify string such as WordPress’s version, Theme’s version, Cache folder’s last modified timestap, etc.\u003C\u002Fli>\n\u003Cli>Supports script localization (\u003Ccode>wp_localize_script()\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Supports inline styles\u003C\u002Fli>\n\u003Cli>Supports RTL stylesheets\u003C\u002Fli>\n\u003Cli>Supports media-specific stylesheets (e.g. ‘screen’, ‘print’, etc.)\u003C\u002Fli>\n\u003Cli>Supports conditional stylesheets (e.g. \u003Ccode>\u003C!--[if lt IE 7]>\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Provides hooks for further customization\u003C\u002Fli>\n\u003Cli>WordPress Multi-site compatible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please don’t forget to rate this plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fbwp-minify?filter=5\" rel=\"ugc\">5 shining stars\u003C\u002Fa> if you like it, thanks!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get in touch\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support is provided via \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fcommunity\u002F\" rel=\"nofollow ugc\">BetterWP.net Community\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Follow and contribute to development via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FOddOneOut\u002FBetter-WordPress-Minify\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>You can also follow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002F0dd0ne0ut\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out \u003Ca href=\"http:\u002F\u002Ffeeds.feedburner.com\u002FBetterWPnet\" rel=\"nofollow ugc\">latest WordPress Tips and Ideas\u003C\u002Fa> from BetterWP.net.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO) – Thanks to \u003Ca href=\"www.enjoyprepaid.com\" rel=\"nofollow ugc\">Luke Tyler, International Calling Cards\u003C\u002Fa>!\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) – Thanks to Hakan E\u003C\u002Fli>\n\u003Cli>French (fr_FR) – Thanks to Sebastien\u003C\u002Fli>\n\u003Cli>Italian (it_IT) – Thanks to Gabriele – http:\u002F\u002Fcookspot.it\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) –  Thanks to Ruben Hernandez – http:\u002F\u002Fusitility.com\u002F\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) – Thanks to Martijn van Egmond\u003C\u002Fli>\n\u003Cli>German (de_DE) – Thanks to Matthias\u003C\u002Fli>\n\u003Cli>Serbo-Croatian (sr_RS) – Thanks to Borisa Djuraskovic – \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\u002F\" rel=\"nofollow ugc\">Web Hosting Hub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Indonesian (id_ID) – Thanks to Nasrulhaq Muiz – http:\u002F\u002Fal-badar.net\u003C\u002Fli>\n\u003Cli>Russian (ru_RU) – Thanks to Эдуард Валеев\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-tips\u002Fcreate-pot-file-using-poedit\u002F\" rel=\"nofollow ugc\">help translate\u003C\u002Fa> this plugin!\u003C\u002Fp>\n","Allows you to combine and minify your CSS and JS files to improve page load time.",8000,692951,84,137,"2017-11-28T05:12:00.000Z","4.0.38","3.1",[88,89,90,91,92],"minify","minify-css","minify-javascript","minify-js","minify-stylesheet","http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-minify\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbwp-minify.1.3.3.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":113,"download_link":114,"security_score":95,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-minify-fix","WP Minify Fix","1.4.1","NodeCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fnodecode\u002F","\u003Cp>This plugin is a fork of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-minify\u002F\" rel=\"ugc\">WP Minify\u003C\u002Fa> to fix bugs and add features, because it has not been updated since 2012-6-4.\u003C\u002Fp>\n\u003Cp>This plugin integrates the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmrclay\u002Fminify\" rel=\"nofollow ugc\">Minify engine\u003C\u002Fa>\u003Cbr \u002F>\ninto your WordPress blog.  Once enabled, this plugin will combine and compress\u003Cbr \u002F>\nJS and CSS files to improve page load time.\u003C\u002Fp>\n\u003Ch4>What has been fixed?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Minify engine updated to version 2.1.7\u003C\u002Fli>\n\u003Cli>Cache interval option has been fixed\u003C\u002Fli>\n\u003Cli>Move CSS-@imports to the top of the output\u003C\u002Fli>\n\u003Cli>Bottom CSS- and JavaScript output fixed\u003C\u002Fli>\n\u003Cli>Support for script tags without \u003Ccode>type=\"text\u002Fjavascript\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Detection of protocol-relative URLs as external file (e.g. Google AdSense)\u003C\u002Fli>\n\u003Cli>New option for the HTML5 async attribute\u003C\u002Fli>\n\u003Cli>A separate JavaScript file in the footer is now possible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How Does it Work?\u003C\u002Fh4>\n\u003Cp>WP Minify Fix grabs JS\u002FCSS files in your generated WordPress page and passes that\u003Cbr \u002F>\nlist to the Minify engine. The Minify engine then returns a consolidated,\u003Cbr \u002F>\nminified, and compressed script or style for WP Minify to reference in the\u003Cbr \u002F>\nWordPress header.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily integrate Minify into your WordPress blog.\u003C\u002Fli>\n\u003Cli>Minifies JavaScript, CSS, and HTML.\u003C\u002Fli>\n\u003Cli>Debug tools to help you debug your issues.\u003C\u002Fli>\n\u003Cli>Ability to include extra JS and CSS files for Minifying.\u003C\u002Fli>\n\u003Cli>Ability to exclude certain JS and CSS files for Minifying.\u003C\u002Fli>\n\u003Cli>Minified JS and CSS files can be placed wherever you want.\u003C\u002Fli>\n\u003Cli>Support for to minifying external files via caching.\u003C\u002Fli>\n\u003Cli>Ability to pass extra arguments to Minify engine.\u003C\u002Fli>\n\u003Cli>Expire headers for minified JS and CSS files.\u003C\u002Fli>\n\u003Cli>Detection and elimination of duplicate sources.\u003C\u002Fli>\n\u003Cli>Plugin hooks!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also commit changes on our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnodecode\u002Fwp-minify-fix\" rel=\"nofollow ugc\">Github repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>All contents under the wp-minify-fix\u002Fmin\u002F directory is licensed under\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.opensource.org\u002Flicenses\u002Fbsd-license.php\" rel=\"nofollow ugc\">New BSD License\u003C\u002Fa> (which is\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GPL\u003C\u002Fa> compatible).  All other\u003Cbr \u002F>\ncontents within this package is licensed under GPLv3.\u003C\u002Fp>\n","[Fixed] This plugin uses the Minify engine to combine and compress JS and CSS files to improve page load time.",1000,73691,80,40,"2017-11-28T20:47:00.000Z","4.3.34","2.8",[20,112,21,22,88],"html","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-minify-fixed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-minify-fix.1.4.1.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":13,"num_ratings":27,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":133,"download_link":134,"security_score":95,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wpc-insert-code","Insert Code by Angie Makes","1.2","Chris Baldelomar","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbaldelomar\u002F","\u003Cp>This plugin makes it easy for you to add custom scripts to the head and footer sections of your site. A theme can also add theme support to enable the insert of custom code (HTML, Javascript, and CSS) at the top of a page, above header, below header, above content, and below content.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fhallie.angiemakes.com\u002Fad-spots\u002F\" rel=\"nofollow ugc\">Live Demo & Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Easily insert HTML, Javascript, CSS, into the head and footer areas of your site.",900,26197,"2017-05-10T16:44:00.000Z","4.7.32","3.9.1",[112,129,130,131,132],"insert-css","insert-html","insert-javascript","insert-js","http:\u002F\u002Fangiemakes.com\u002Ffeminine-wordpress-blog-themes-women\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpc-insert-code.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":13,"num_ratings":63,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":152,"download_link":153,"security_score":154,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-custom-cssjs","Custom CSS\u002FJS","1.4.2","johnibom","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnibom\u002F","\u003Cp>Welcome to WP Custom CSS JS by PieSolutions.\u003Cbr \u002F>\nSo you want to add HTML, CSS, Javascript, Jquery or Tracking Pixel on your Website without messing up with your theme’s files? This small and light weight plugin gives you ability to do that right from the wordpress dashboard.\u003C\u002Fp>\n\u003Cp>=Features=\u003C\u002Fp>\n\u003Cp>\u003Cstrong>HTML (All tags are supported) in the header Block\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inline CSS in Header\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inline JS\u002FjQuery in Header\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>HTML (All tags are supported) in the footer Block\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inline CSS in Footer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inline JS\u002FjQuery in Footer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>LOCALIZATION\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We are looking for translators. Please reach out to us and\u002For translate this plugin to your own language here: https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-custom-cssjs\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Custom CSS JS plugin allows you to add any HTML, CSS, Javascript, jQuery or Tracking Pixel easily on your wordpress site right from your dashboard.",800,15316,"2025-03-16T01:09:00.000Z","6.7.5","4.5","5.6",[20,21,150,22,151],"jquery","tracking-pixel","http:\u002F\u002Fpie-solutions.com\u002Fwp-custom-cssjs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-cssjs.1.4.2.zip",92,{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":163,"downloaded":164,"rating":68,"num_ratings":165,"last_updated":166,"tested_up_to":167,"requires_at_least":18,"requires_php":168,"tags":169,"homepage":175,"download_link":176,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"code-manager","Code Manager","1.0.45","Passionate Programmer Peter","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeterschulznl\u002F","\u003Cp>The Code Manager allows WordPress users to write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Code Management\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List, edit, delete, copy, import and export code\u003C\u002Fli>\n\u003Cli>Open multiple code editors simultaneously in tab mode\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable code\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable preview mode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode (FREE)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP code blocks from a shortcode\u003C\u002Fli>\n\u003Cli>JavaScript code blocks from a shortcode\u003C\u002Fli>\n\u003Cli>CSS from a shortcode\u003C\u002Fli>\n\u003Cli>HTML blocks from a shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced code (PREMIUM)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP server code – no more need to edit functions.php\u003C\u002Fli>\n\u003Cli>Add CCS and JS resource files to back-end and front-end\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit the plugin website for downloadable demos and example code.\u003C\u002Fp>\n\u003Ch3>Plugin Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002F\" rel=\"nofollow ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-manager\u002F\" rel=\"ugc\">Download Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002Fblog\u002Fdocs\u002Findex\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002Fcode\u002F\" rel=\"nofollow ugc\">Code Examples\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.",500,84963,8,"2025-12-02T11:45:00.000Z","6.9.4","7.0",[170,171,172,173,174],"code-blocks","code-snippets","css-editor","javascript-editor","php-editor","https:\u002F\u002Fcode-manager.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-manager.1.0.45.zip",{"attackSurface":178,"codeSignals":216,"taintFlows":237,"riskAssessment":274,"analyzedAt":284},{"hooks":179,"ajaxHandlers":207,"restRoutes":208,"shortcodes":209,"cronEvents":215,"entryPointCount":63,"unprotectedCount":28},[180,186,191,195,199,203],{"type":181,"name":182,"callback":183,"file":184,"line":185},"action","plugins_loaded","alg_ccjp","custom-css.php",49,{"type":181,"name":187,"callback":188,"file":189,"line":190},"init","localize","includes\\class-alg-custom-css-js-php.php",68,{"type":181,"name":192,"callback":193,"file":189,"line":194},"admin_init","version_updated",82,{"type":181,"name":192,"callback":196,"file":197,"line":198},"save_options","includes\\settings\\class-alg-custom-css-js-php-settings.php",28,{"type":181,"name":200,"callback":201,"file":197,"line":202},"admin_menu","add_plugin_options_pages",29,{"type":181,"name":204,"callback":205,"file":197,"line":206},"admin_enqueue_scripts","enqueue_code_editor_scripts",30,[],[],[210],{"tag":211,"callback":212,"file":213,"line":214},"alg_custom_php","add_custom_php_shortcode","includes\\class-alg-custom-css-js-php-core.php",52,[],{"dangerousFunctions":217,"sqlUsage":218,"outputEscaping":220,"fileOperations":235,"externalRequests":28,"nonceChecks":63,"capabilityChecks":27,"bundledLibraries":236},[],{"prepared":28,"raw":28,"locations":219},[],{"escaped":221,"rawEcho":222,"locations":223},10,5,[224,227,229,231,233],{"file":213,"line":225,"context":226},129,"raw output",{"file":213,"line":228,"context":226},139,{"file":213,"line":230,"context":226},149,{"file":213,"line":232,"context":226},159,{"file":197,"line":234,"context":226},339,4,[],[238,257],{"entryPoint":239,"graph":240,"unsanitizedCount":28,"severity":256},"save_options (includes\\settings\\class-alg-custom-css-js-php-settings.php:142)",{"nodes":241,"edges":253},[242,247],{"id":243,"type":244,"label":245,"file":197,"line":246},"n0","source","$_POST",175,{"id":248,"type":249,"label":250,"file":197,"line":251,"wp_function":252},"n1","sink","update_option() [Settings Manipulation]",178,"update_option",[254],{"from":243,"to":248,"sanitized":255},true,"low",{"entryPoint":258,"graph":259,"unsanitizedCount":28,"severity":256},"\u003Cclass-alg-custom-css-js-php-settings> (includes\\settings\\class-alg-custom-css-js-php-settings.php:0)",{"nodes":260,"edges":271},[261,262,263,266],{"id":243,"type":244,"label":245,"file":197,"line":246},{"id":248,"type":249,"label":250,"file":197,"line":251,"wp_function":252},{"id":264,"type":244,"label":245,"file":197,"line":265},"n2",162,{"id":267,"type":249,"label":268,"file":197,"line":269,"wp_function":270},"n3","echo() [XSS]",348,"echo",[272,273],{"from":243,"to":248,"sanitized":255},{"from":264,"to":267,"sanitized":255},{"summary":275,"deductions":276},"The 'custom-css' plugin v2.4.3 exhibits a generally positive security posture with several good practices in place. The absence of AJAX handlers and REST API routes, along with a single shortcode entry point, indicates a limited attack surface. Notably, all SQL queries are prepared, and there are no identified critical or high-severity taint flows. The presence of nonce and capability checks, though limited, further contribute to its security. However, a significant concern arises from the plugin's vulnerability history, which includes two known CVEs, with a past high-severity vulnerability and a medium-severity one. The common types of past vulnerabilities, Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS), coupled with the fact that the last vulnerability was dated in the future, suggests a pattern of past security weaknesses. While the current version has no unpatched vulnerabilities and appears to have addressed past issues, this history warrants caution and highlights the importance of continued vigilance and timely updates.",[277,280,282],{"reason":278,"points":279},"Vulnerability history shows past high\u002Fmedium severity issues",15,{"reason":281,"points":222},"Some output escaping is not properly implemented",{"reason":283,"points":221},"Vulnerabilities common: CSRF and XSS","2026-03-16T19:42:53.142Z",{"wat":286,"direct":291},{"assetPaths":287,"generatorPatterns":288,"scriptPaths":289,"versionParams":290},[],[],[],[],{"cssClasses":292,"htmlComments":293,"htmlAttributes":294,"restEndpoints":295,"jsGlobals":296,"shortcodeOutput":297},[],[],[],[],[],[298],"[alg_custom_php]"]