[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqfIPUVbCXsjhKMh97yQSJQSb_D5183oc3yiIMruB9sY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":139,"fingerprints":318},"enhanced-header-footer-injections","Enhanced Header \u002F Footer Injections","0.2","chriscarvache","https:\u002F\u002Fprofiles.wordpress.org\u002Fchriscarvache\u002F","\u003Cp>Enhanced Header \u002F Footer Injections allows you to insert HTML code into the header and footer sections of your templates on a page per page basis.  This also works with custom post types, archive pages, the 404 page, the main blog page and the front page (if used).  The plugin is designed to help speed up the development process when creating custom sites for clients.\u003C\u002Fp>\n","Add code to the header and footer sections of your site on a page-per-page basis.",100,15645,66,7,"2012-03-24T04:28:00.000Z","3.4.2","3.1","",[20,21,22,23,24],"ehfi","scripts","styles","wp_footer","wp_head","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fenhanced-header-footer-injections","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenhanced-header-footer-injections.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},3,120,30,84,"2026-04-04T12:32:14.950Z",[39,61,83,102,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-scripts-customizer","WP Scripts Customizer","1.0.0","Han","https:\u002F\u002Fprofiles.wordpress.org\u002Fhwijaya\u002F","\u003Cp>WP Scripts Customizer provides you with two fields that will output to the head section of your site before the closing head tag and just before the closing body tag. These will appear on every page of the site and are a great way to add analytic code, Google Font and other scripts. Only user with unfiltered_html capability that able to access these fields. unfiltered_html allows you to post HTML markup or even JavaScript code. Developed by \u003Ca href=\"http:\u002F\u002Fthemehall.com\" title=\"themehall\" rel=\"nofollow ugc\">themehall\u003C\u002Fa>\u003C\u002Fp>\n","WP Scripts Customizer allows to enter scripts you would like output to head and footer of your WordPress theme page via WordPress Theme customizer.",10,1634,"2014-07-08T14:27:00.000Z","3.9.40","3.5",[53,54,55,56,57,21,58,23,24],"admin","analytic-code","customizer","google-analytic","google-font","unfiltered_html","http:\u002F\u002Fthemehall.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-scripts-customizer.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wc-speed-drain-repair","WC Speed Repair","4.5","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>WooCommerce is powerful but it loads dozens of scripts and styles even when they are re not needed, which can slow your site down.\u003Cbr \u002F>\nThis plugin gives you an instant performance boost by letting you disable unnecessary WooCommerce frontend assets on non WooCommerce pages.\u003Cbr \u002F>\n\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– One-click toggles for each WooCommerce asset JS and CSS\u003Cbr \u002F>\n– Grouped by functionality: Core Scripts, Cart, Block Styles, General Styles\u003Cbr \u002F>\n– Savings Test Tool per URL\u003Cbr \u002F>\n– Custom WooCommerce handle entry for global disable\u003Cbr \u002F>\n– Front end WooCommerce Assets menu\u003Cbr \u002F>\n– Per page list of script assets loading with disable option\u003Cbr \u002F>\n– Per page list of style assets loading with disable option\u003Cbr \u002F>\n– Meta box for custom handle input per page disable rules\u003Cbr \u002F>\n– Select All and Deselect All buttons to quickly apply optimizations\u003Cbr \u002F>\nBy reducing what loads on non-commerce pages, your site becomes leaner and faster especially for blog, landing, or informational pages.\u003Cbr \u002F>\n\u003Cstrong>How It Works\u003C\u002Fstrong>\u003Cbr \u002F>\nOnly WooCommerce pages (like shop, cart, checkout, and product pages) truly need WooCommerce assets.\u003Cbr \u002F>\nSo this plugin:\u003Cbr \u002F>\n– Lets you turn off WooCommerce assets on non-WooCommerce pages\u003Cbr \u002F>\n– Automatically preserves functionality where needed (e.g. checkout\u002Fcart)\u003Cbr \u002F>\n– Saves bandwidth, server load, and improves core Web Vitals\u003Cbr \u002F>\nThere’s no need to write any code or modify theme files.\u003C\u002Fp>\n","Make WooCommerce sites BLAZING fast by disabling unused scripts and styles with one click toggles.",1000,52080,76,25,"2025-07-08T13:37:00.000Z","6.8.5","5.6","7.4",[78,79,80],"disabling-unused-woocommerce-scripts-and-styles","make-woocommerce-sites-blazing-fast","woocommerce-speed","https:\u002F\u002Fwww.wpfixit.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-speed-drain-repair.4.5.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":11,"num_ratings":92,"last_updated":93,"tested_up_to":74,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":100,"download_link":101,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"version-assets","Version Assets","1.1.3","Evan Mattson","https:\u002F\u002Fprofiles.wordpress.org\u002Faaemnnosttv\u002F","\u003Cp>Automatically apply a content-based version on all of your assets to optimize browser caching.\u003C\u002Fp>\n","Automatically apply a content-based version on all of your assets to optimize browser caching.",4938,1,"2025-08-16T22:40:00.000Z","2.6.0","5.4",[97,98,99,21,22],"content-hash","css","js","https:\u002F\u002Faaemnnost.tv\u002Fversion-assets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fversion-assets.1.1.3.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":11,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":119,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-script-optimizer","WP Scripts & Styles Optimizer","0.4.5","Hendrik Lersch","https:\u002F\u002Fprofiles.wordpress.org\u002Friddler84\u002F","\u003Cp>Optimization of included JavaScript- and CSS-files can be a very important thing, if you want a faster site. Many WordPress plugins comes with multiple third-party and\u002For own JavaScript-files that are then often be included on every page of your site. In worst cases you have more than one of the same file included on your site. That slows down your site!\u003C\u002Fp>\n\u003Cp>But also “Render blocking” can easily slow down a website. Every external JavaScript- or CSS-file, that is included in the head of your site, blocks the site from rendering, until all files are completely processed. It’s a common practice to move all these Scripts and Styles (except critical CSS) to the footer of your site, so the rendering is no longer blocked and your website loads faster.\u003C\u002Fp>\n\u003Cp>This is where WP Script Optimizer helps you! It makes it possible to control the output of every registered JavaScript or CSS-file. You can easily create rules for it or deactivate files completely. You can also move files to the footer of your site or vice versa.\u003C\u002Fp>\n\u003Cp>Check out the following lists for all currently avaiable and planned features. If you like this plugin, please upvote and comment. That would be really helpful.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What you can currently do with WP Script Optimizer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get an overview of all frontend JavaScript and CSS files, that are included on your site (divided in categories)\u003C\u002Fli>\n\u003Cli>Control scripts and styles for as many single pages as you want or simply globally\u003C\u002Fli>\n\u003Cli>Change the positioning (Header\u002FFooter) of specific JavaScripts \u002F CSS or all at once\u003C\u002Fli>\n\u003Cli>Deactivate specific Javascripts or CSS-files completely, if not needed\u003C\u002Fli>\n\u003Cli>Easily create logical rules to control under which conditions a file is included or not (by use of wordpress’s conditional tags)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What you can do in future with WP Script Optimizer (planned, but not currently implemented)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minify and\u002For encrypt JavaScript- and CSS-files\u003C\u002Fli>\n\u003Cli>Include your own JavaScript\u002FCSS files or JavaScript\u002FCSS inline code, without do it manually through functions.php\u003C\u002Fli>\n\u003Cli>Add extra code to any registered JavaScript or CSS-file\u003C\u002Fli>\n\u003Cli>Concatenate two or more (or all) files of one type (JS or CSS) to speed up loading times\u003C\u002Fli>\n\u003Cli>Better overview of dependents and its dependencys\u003C\u002Fli>\n\u003Cli>… feel free to make suggestions 🙂\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>IMPORTANT – Please read:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin can not decide if a file is needed or not needed in a specific situation. Your settings have the potential to break features and functions of your site. If that is the case, you can easily change or delete your settings via the admin panel, so everything will be like it was before.\u003C\u002Fp>\n\u003Cp>tl;dr: you have to know what you’re doing 😉\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If You had any problems with this plugin, please contact me, so i could fix it. Please don’t write a negative review without gave me the chance to correct any issues. Thanks.\u003C\u002Fstrong>\u003C\u002Fp>\n","Improve your site-rendering speed by customizing all of your JavaScript- and CSS-files. Deactivate, set conditions or change positioning of files",16219,94,15,"2017-10-10T14:37:00.000Z","4.8.28","4.4.0",[98,117,118,21,22],"into-header","javascript","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-script-optimizer.0.4.5.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":28,"num_ratings":28,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":18,"tags":133,"homepage":137,"download_link":138,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-hooks","WP Hooks","1.0.6","Andy Whalen","https:\u002F\u002Fprofiles.wordpress.org\u002Fanukit\u002F","\u003Cp>WP Hooks is a plugin for WordPress that allows you to add JavaScript, HTML, or other code to your\u003Cbr \u002F>\nheader and footer without modifying your theme. WP Hooks uses the wp_head() and wp_footer() hooks\u003Cbr \u002F>\nbuilt in to WordPress to add content to your header and\u002For footer. It’s great for those who have\u003Cbr \u002F>\ncustom JavaScript, CSS, or other code (Google Analytics, meta tags, etc.) in their header or footer\u003Cbr \u002F>\nand don’t want to or can’t modify their theme.\u003C\u002Fp>\n\u003Cp>Find \u003Ca href=\"http:\u002F\u002Famwhalen.com\u002Fblog\u002Fprojects\u002Fwp-hooks\u002F\" rel=\"nofollow ugc\">more instructions and discussion\u003C\u002Fa> on the WP Hooks home page.\u003C\u002Fp>\n","WP Hooks allows you to add JavaScript, CSS, meta tags, etc. to your header and footer without modifying your theme.",80,6460,"2016-04-17T19:58:00.000Z","4.5.33","2.1",[134,135,136,23,24],"footer","head","hooks","http:\u002F\u002Famwhalen.com\u002Fblog\u002Fprojects\u002Fwp-hooks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hooks.zip",{"attackSurface":140,"codeSignals":174,"taintFlows":308,"riskAssessment":309,"analyzedAt":317},{"hooks":141,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":28,"unprotectedCount":28},[142,148,152,156,160,164,167],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_enqueue_scripts","nlws_ehfi_add_scripts","ehfi-init.php",49,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_init","nlws_ehfi_register_settings",50,{"type":143,"name":153,"callback":154,"file":146,"line":155},"admin_menu","nlws_ehfi_plugin_menu",51,{"type":143,"name":157,"callback":158,"file":146,"line":159},"add_meta_boxes","nlws_ehfi_add_meta",53,{"type":143,"name":161,"callback":162,"file":146,"line":163},"save_post","nlws_ehfi_save_post",54,{"type":143,"name":24,"callback":165,"file":146,"line":166},"nlws_ehfi_head",56,{"type":143,"name":23,"callback":168,"file":146,"line":169},"nlws_ehfi_footer",57,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":306,"bundledLibraries":307},[],{"prepared":28,"raw":28,"locations":177},[],{"escaped":28,"rawEcho":179,"locations":180},75,[181,185,187,189,191,193,195,197,199,201,203,205,207,210,212,214,216,217,219,221,222,224,226,227,229,231,232,233,235,236,237,239,240,241,243,244,245,247,249,250,251,253,255,256,257,259,260,261,262,263,264,266,267,268,270,272,273,274,276,278,280,282,283,284,286,288,290,291,292,294,296,298,300,302,304],{"file":182,"line":183,"context":184},"ehfi-functions.php",161,"raw output",{"file":182,"line":186,"context":184},164,{"file":182,"line":188,"context":184},172,{"file":182,"line":190,"context":184},179,{"file":182,"line":192,"context":184},182,{"file":182,"line":194,"context":184},184,{"file":182,"line":196,"context":184},202,{"file":182,"line":198,"context":184},205,{"file":182,"line":200,"context":184},213,{"file":182,"line":202,"context":184},220,{"file":182,"line":204,"context":184},223,{"file":182,"line":206,"context":184},226,{"file":208,"line":209,"context":184},"ehfi-views.php",21,{"file":208,"line":211,"context":184},28,{"file":208,"line":213,"context":184},37,{"file":208,"line":215,"context":184},44,{"file":208,"line":155,"context":184},{"file":208,"line":218,"context":184},58,{"file":208,"line":220,"context":184},72,{"file":208,"line":220,"context":184},{"file":208,"line":223,"context":184},73,{"file":208,"line":225,"context":184},86,{"file":208,"line":225,"context":184},{"file":208,"line":228,"context":184},92,{"file":208,"line":230,"context":184},103,{"file":208,"line":230,"context":184},{"file":208,"line":230,"context":184},{"file":208,"line":234,"context":184},104,{"file":208,"line":234,"context":184},{"file":208,"line":234,"context":184},{"file":208,"line":238,"context":184},105,{"file":208,"line":238,"context":184},{"file":208,"line":238,"context":184},{"file":208,"line":242,"context":184},106,{"file":208,"line":242,"context":184},{"file":208,"line":242,"context":184},{"file":208,"line":246,"context":184},110,{"file":208,"line":248,"context":184},112,{"file":208,"line":248,"context":184},{"file":208,"line":248,"context":184},{"file":208,"line":252,"context":184},113,{"file":208,"line":254,"context":184},118,{"file":208,"line":254,"context":184},{"file":208,"line":254,"context":184},{"file":208,"line":258,"context":184},119,{"file":208,"line":258,"context":184},{"file":208,"line":258,"context":184},{"file":208,"line":34,"context":184},{"file":208,"line":34,"context":184},{"file":208,"line":34,"context":184},{"file":208,"line":265,"context":184},121,{"file":208,"line":265,"context":184},{"file":208,"line":265,"context":184},{"file":208,"line":269,"context":184},125,{"file":208,"line":271,"context":184},127,{"file":208,"line":271,"context":184},{"file":208,"line":271,"context":184},{"file":208,"line":275,"context":184},128,{"file":208,"line":277,"context":184},140,{"file":208,"line":279,"context":184},142,{"file":208,"line":281,"context":184},144,{"file":208,"line":281,"context":184},{"file":208,"line":281,"context":184},{"file":208,"line":285,"context":184},145,{"file":208,"line":287,"context":184},148,{"file":208,"line":289,"context":184},150,{"file":208,"line":289,"context":184},{"file":208,"line":289,"context":184},{"file":208,"line":293,"context":184},151,{"file":208,"line":295,"context":184},242,{"file":208,"line":297,"context":184},251,{"file":208,"line":299,"context":184},260,{"file":208,"line":301,"context":184},316,{"file":208,"line":303,"context":184},325,{"file":208,"line":305,"context":184},334,2,[],[],{"summary":310,"deductions":311},"The \"enhanced-header-footer-injections\" v0.2 plugin exhibits a concerning security posture despite a lack of recorded historical vulnerabilities or critical taint analysis findings. The static analysis reveals a significant weakness: 100% of output operations are not properly escaped. This is a substantial risk, as unescaped output can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website's content, which could then be executed in the browsers of other users.\n\nWhile the plugin has no identified CVEs and a seemingly clean vulnerability history, this does not negate the present risks identified in the code. The absence of critical taint flows and dangerous functions is a positive sign, but it is overshadowed by the critical flaw in output sanitization. The plugin also lacks nonce checks on its limited entry points, which, although few, are still points of potential exploitation if any interaction were to occur.\n\nIn conclusion, the plugin has strengths in its minimal attack surface, use of prepared statements for SQL, and presence of capability checks. However, the widespread lack of output escaping presents a high risk of XSS vulnerabilities. This should be addressed as a priority to improve the plugin's overall security.",[312,314],{"reason":313,"points":112},"100% of outputs not properly escaped",{"reason":315,"points":316},"No nonce checks on entry points",5,"2026-03-16T21:11:12.540Z",{"wat":319,"direct":326},{"assetPaths":320,"generatorPatterns":323,"scriptPaths":324,"versionParams":325},[321,322],"\u002Fwp-content\u002Fplugins\u002Fenhanced-header-footer-injections\u002Fcss\u002Fjquery-ui-1.8.16.custom.css","\u002Fwp-content\u002Fplugins\u002Fenhanced-header-footer-injections\u002Fjs\u002Fehfi.js",[],[322],[],{"cssClasses":327,"htmlComments":328,"htmlAttributes":329,"restEndpoints":331,"jsGlobals":332,"shortcodeOutput":333},[],[],[330],"nlws_ehfi_meta",[],[],[]]