Does Enhanced Header / Footer Injections have any unpatched vulnerabilities?

No. All known vulnerabilities in Enhanced Header / Footer Injections have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Enhanced Header / Footer Injections compatible with WordPress 3.4.2?

According to WordPress.org data, Enhanced Header / Footer Injections 0.2 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Enhanced Header / Footer Injections updated?

Enhanced Header / Footer Injections was last updated on Mar 24, 2012. Frequent updates are generally a positive security signal.

What is Enhanced Header / Footer Injections's security score?

Enhanced Header / Footer Injections has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Enhanced Header / Footer Injections Security & Risk Analysis

wordpress.org/plugins/enhanced-header-footer-injections

Add code to the header and footer sections of your site on a page-per-page basis.

100 active installs v0.2 PHP + WP 3.1+ Updated Mar 24, 2012

ehfiscriptsstyleswp_footerwp_head

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Enhanced Header / Footer Injections Safe to Use in 2026?

Generally Safe

Score 85/100

Enhanced Header / Footer Injections has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "enhanced-header-footer-injections" v0.2 plugin exhibits a concerning security posture despite a lack of recorded historical vulnerabilities or critical taint analysis findings. The static analysis reveals a significant weakness: 100% of output operations are not properly escaped. This is a substantial risk, as unescaped output can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website's content, which could then be executed in the browsers of other users.

While the plugin has no identified CVEs and a seemingly clean vulnerability history, this does not negate the present risks identified in the code. The absence of critical taint flows and dangerous functions is a positive sign, but it is overshadowed by the critical flaw in output sanitization. The plugin also lacks nonce checks on its limited entry points, which, although few, are still points of potential exploitation if any interaction were to occur.

In conclusion, the plugin has strengths in its minimal attack surface, use of prepared statements for SQL, and presence of capability checks. However, the widespread lack of output escaping presents a high risk of XSS vulnerabilities. This should be addressed as a priority to improve the plugin's overall security.

Key Concerns

100% of outputs not properly escaped
No nonce checks on entry points

Vulnerabilities

None known

Enhanced Header / Footer Injections Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Enhanced Header / Footer Injections Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped75 total outputs

Attack Surface

Enhanced Header / Footer Injections Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_enqueue_scriptsehfi-init.php:49

actionadmin_initehfi-init.php:50

actionadmin_menuehfi-init.php:51

actionadd_meta_boxesehfi-init.php:53

actionsave_postehfi-init.php:54

actionwp_headehfi-init.php:56

actionwp_footerehfi-init.php:57

Maintenance & Trust

Enhanced Header / Footer Injections Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedMar 24, 2012

PHP min version

Downloads16K

Community Trust

Rating66/100

Number of ratings7

Active installs100

Alternatives

Enhanced Header / Footer Injections Alternatives

WP Scripts Customizer

wp-scripts-customizer

WP Scripts Customizer allows to enter scripts you would like output to head and footer of your WordPress theme page via WordPress Theme customizer.

10 No CVEs

WC Speed Repair

wc-speed-drain-repair

100

Make WooCommerce sites BLAZING fast by disabling unused scripts and styles with one click toggles.

1K No CVEs

Version Assets

version-assets

100

Automatically apply a content-based version on all of your assets to optimize browser caching.

100 No CVEs

WP Scripts & Styles Optimizer

wp-script-optimizer

Improve your site-rendering speed by customizing all of your JavaScript- and CSS-files. Deactivate, set conditions or change positioning of files

100 No CVEs

WP Hooks

wp-hooks

WP Hooks allows you to add JavaScript, CSS, meta tags, etc. to your header and footer without modifying your theme.

80 No CVEs

Developer Profile

Enhanced Header / Footer Injections Developer Profile

chriscarvache

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Enhanced Header / Footer Injections

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/enhanced-header-footer-injections/css/jquery-ui-1.8.16.custom.css/wp-content/plugins/enhanced-header-footer-injections/js/ehfi.js

Script Paths

/wp-content/plugins/enhanced-header-footer-injections/js/ehfi.js

HTML / DOM Fingerprints

Data Attributes

nlws_ehfi_meta

FAQ