[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWPUvt8bWZL74cGOsIr8_YlOsY7SmIaFYe6CqR9Sy340":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":122,"fingerprints":219},"footer-header-js-css","Footer header JS & CSS","1.2.2","ghz1990","https:\u002F\u002Fprofiles.wordpress.org\u002Fghz1990\u002F","\u003Cp>Add scripts to the footer and header with versions and handles. Add styles to header.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add local and remote scripts and styles to the header and footer.\u003C\u002Fli>\n\u003Cli>Add custom scripts and styles to the footer and header.\u003C\u002Fli>\n\u003Cli>Change version of included scripts and styles.\u003C\u002Fli>\n\u003Cli>Register with handles.\u003C\u002Fli>\n\u003Cli>Easy to use.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add scripts to the footer and header with versions and handles. Add styles to header.",90,4490,100,1,"2020-08-01T19:44:00.000Z","5.4.19","3.0.1","",[20,21,22,23,24],"css","footer","handle","js","version","https:\u002F\u002Fweb-tutor.net\u002Fextensions\u002Ffooter-header-js-css\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffooter-header-js-css.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":13,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},2,30,84,"2026-04-05T15:11:38.872Z",[38,58,75,90,105],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-header-footer-html","Simple Header Footer HTML","1.3.0","Otto Kekäläinen","https:\u002F\u002Fprofiles.wordpress.org\u002Fottok\u002F","\u003Cp>This plugin is useful if you have want to enable your users to insert custom CSS or add custom headers or some JavaScript into the site without having to edit any theme files. Unlike similar header\u002Ffooter plugins, this plugin by design does not allow to insert PHP code and does not contain any evil eval() calls.\u003C\u002Fp>\n\u003Cp>The plugin is safe to use in WordPress Network installations, where site admins are not supposed to have PHP execution access but any HTML\u002FCSS\u002FJS code is safe to accept.\u003C\u002Fp>\n\u003Cp>Simple Header Footer HTML is made by Seravo.com. Seravo provides Premium Hosting and Upkeep service for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Source available at https:\u002F\u002Fgithub.com\u002FSeravo\u002Fwp-simple-header-footer-html\u003C\u002Fp>\n","A simple plugin for injecting HTML into various places in your WordPress theme output.",4000,30284,94,9,"2020-08-06T10:15:00.000Z","5.5.18","3.8.9",[20,21,54,55,23],"header","https","https:\u002F\u002Fgithub.com\u002FSeravo\u002Fwp-simple-header-footer-html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-header-footer-html.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":14,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":18,"download_link":74,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"assets-to-footer","Assets to footer","1.0.1","Sebastian Pisula","https:\u002F\u002Fprofiles.wordpress.org\u002Fsebastianpisula\u002F","\u003Cp>Moves scripts and styles to the footer to decrease page load times. You can exclude to move specific styles and scripts to footer.\u003C\u002Fp>\n","Moves scripts and styles to the footer.",200,6417,"2021-08-20T10:21:00.000Z","5.8.13","4.6",[72,20,21,23,73],"assets","pagespeed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fassets-to-footer.1.0.1.zip",{"slug":76,"name":77,"version":61,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":66,"downloaded":82,"rating":13,"num_ratings":14,"last_updated":83,"tested_up_to":84,"requires_at_least":17,"requires_php":18,"tags":85,"homepage":88,"download_link":89,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cs-remove-version-number-from-css-js","CS Remove Version Number From CSS & JS","Chetan Satasiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fketuchetan\u002F","\u003Cp>This plugin will remove the version number from CSS and JS files.\u003C\u002Fp>\n","This plugin will remove the version number from CSS and JS files.",4930,"2022-01-27T04:59:00.000Z","5.9.13",[20,23,86,87,24],"remove","remover-version-number","http:\u002F\u002Fchetansatasiya.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcs-remove-version-number-from-css-js.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":66,"downloaded":98,"rating":13,"num_ratings":99,"last_updated":100,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":101,"homepage":103,"download_link":104,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"filename-based-asset-cache-busting","Filename based asset cache busting","1.4","benlumley","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenlumley\u002F","\u003Cp>Filename based cache busting for WordPress scripts\u002Fstyles using last modified date.\u003C\u002Fp>\n\u003Cp>Stop telling clients or users to hard refresh \u002F shift refresh. The url to all of the css\u002Fjs files on your site will change automatically whenever the files are modified. You can set proper long cache lifetimes to help get top scores on Google Pagespeed without running into cached css\u002Fjavascript problems.\u003C\u002Fp>\n\u003Cp>Based on this gist https:\u002F\u002Fgist.github.com\u002Focean90\u002F1966227 from Dominik Schilling, I’ve enhanced it by automatically replacing the asset version with the files modification time and automatically editing htaccess – making it install + forget.\u003C\u002Fp>\n\u003Cp>Includes querystring option as a fallback – which works in more scenarios.\u003C\u002Fp>\n\u003Ch3>Webservers\u003C\u002Fh3>\n\u003Ch4>Apache\u003C\u002Fh4>\n\u003Cp>The plugin should add what it needs to your .htaccess file jsut like WP itself. But if for any reason that doesn’t work for you – here’s what it adds:\u003C\u002Fp>\n\u003Cpre>\u003Ccode># FBACB\n\u003CIfModule mod_rewrite.c>\n  RewriteEngine On\n  RewriteBase \u002F\n\n  RewriteCond %{REQUEST_FILENAME} !-f\n  RewriteCond %{REQUEST_FILENAME} !-d\n  RewriteRule ^(.+)\\.([0-9\\.]+)\\.(js|css)$ $1.$3 [L]\n\u003C\u002FIfModule>\n\n# still fbacb\n\u003CIfModule mod_expires.c>\n    ExpiresActive on\n    ExpiresByType text\u002Fcss                            \"access plus 1 year\"\n    ExpiresByType application\u002Fjavascript              \"access plus 1 year\"\n\u003C\u002FIfModule>\n# END FBACB\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>NGINX\u003C\u002Fh4>\n\u003Cpre>\u003Ccode> location ~* ^(.+)\\.(?:\\d+)\\.(min.js|min.css|js|css)($|\\?.*$) {\n   try_files $uri $1.$2;\n }\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Host specific notes\u003C\u002Fh3>\n\u003Cp>Some webhosts need a bit of custom config to get the filename based urls working.\u003C\u002Fp>\n\u003Ch4>WP Engine\u003C\u002Fh4>\n\u003Cp>To work on WP-Engine, you’ll need the following redirect added via my.wpengine -> installname -> Redirect rules\u003C\u002Fp>\n\u003Cpre>\u003Ccode> Source: ^(.+)\\.([0-9\\.]+)\\.(js|css)$\n Dest: $1.$3\n Type: break (this is under advanced)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>CloudWays\u003C\u002Fh4>\n\u003Cp>Just works.\u003C\u002Fp>\n\u003Ch4>Flywheel\u003C\u002Fh4>\n\u003Cp>Just works.\u003C\u002Fp>\n\u003Ch4>PHP Fallback\u003C\u002Fh4>\n\u003Cp>If your webserver is failing to serve assets using url rewriting, the plugin attempts to serve them itsef (ie: via PHP). Obviously this is slow\u002Fless than ideal in production (it’ll be much slower) – so you should configure your web server correctly to serve the files. If you see this HTTP header “FBACB-Php-Fallback: yes” on your assets, this applies to you.\u003C\u002Fp>\n\u003Cp>Note that hosts are increasingly configured to serve css\u002Fjs directly from disk and won’t fall back to PHP + WordPress error handling – this fallback then won’t work.\u003C\u002Fp>\n","Filename based cache busting for WordPress scripts\u002Fstyles using last modified date.",9968,5,"2020-04-27T21:47:00.000Z",[102,72,20,23,24],"asset","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffilename-based-asset-cache-busting\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffilename-based-asset-cache-busting.zip",{"slug":106,"name":107,"version":61,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":13,"downloaded":112,"rating":13,"num_ratings":14,"last_updated":113,"tested_up_to":114,"requires_at_least":17,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":121,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"manageremove-version-number-from-css-js","Manage\u002FRemove version number from CSS & JS","Chetan Vaghela","https:\u002F\u002Fprofiles.wordpress.org\u002Fthechetanvaghela\u002F","\u003Cp>The plugin allows you to manage or remove the version number from CSS and JS files.\u003C\u002Fp>\n","This plugin provide an option to manage or remove the version number from CSS and JS files.",2126,"2024-05-01T13:41:00.000Z","6.5.8","7.0",[117,118,86,24],"js-css","manage","https:\u002F\u002Fgithub.com\u002Fthechetanvaghela\u002Fmanage-remove-version-number-from-css-js","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanageremove-version-number-from-css-js.zip",92,{"attackSurface":123,"codeSignals":149,"taintFlows":182,"riskAssessment":210,"analyzedAt":218},{"hooks":124,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":28,"unprotectedCount":28},[125,131,135,138,141,143],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","admin_menu","add_admin_menu","footer-header-js-and-css.php",44,{"type":126,"name":132,"callback":133,"file":129,"line":134},"wp_head","closure",121,{"type":126,"name":136,"callback":133,"file":129,"line":137},"wp_footer",133,{"type":126,"name":139,"callback":133,"file":129,"line":140},"wp_enqueue_scripts",155,{"type":126,"name":139,"callback":133,"file":129,"line":142},162,{"type":126,"name":139,"callback":133,"file":129,"line":144},186,[],[],[],[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":153,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":181},[],{"prepared":28,"raw":28,"locations":152},[],{"escaped":28,"rawEcho":154,"locations":155},12,[156,159,161,164,166,167,169,171,173,175,177,179],{"file":129,"line":157,"context":158},123,"raw output",{"file":129,"line":160,"context":158},135,{"file":162,"line":163,"context":158},"main-page.php",31,{"file":162,"line":165,"context":158},37,{"file":162,"line":130,"context":158},{"file":162,"line":168,"context":158},50,{"file":162,"line":170,"context":158},55,{"file":162,"line":172,"context":158},63,{"file":162,"line":174,"context":158},69,{"file":162,"line":176,"context":158},76,{"file":162,"line":178,"context":158},83,{"file":162,"line":180,"context":158},88,[],[183,202],{"entryPoint":184,"graph":185,"unsanitizedCount":14,"severity":201},"__construct (footer-header-js-and-css.php:41)",{"nodes":186,"edges":198},[187,192],{"id":188,"type":189,"label":190,"file":129,"line":191},"n0","source","$_POST",56,{"id":193,"type":194,"label":195,"file":129,"line":196,"wp_function":197},"n1","sink","update_option() [Settings Manipulation]",58,"update_option",[199],{"from":188,"to":193,"sanitized":200},false,"low",{"entryPoint":203,"graph":204,"unsanitizedCount":14,"severity":201},"\u003Cfooter-header-js-and-css> (footer-header-js-and-css.php:0)",{"nodes":205,"edges":208},[206,207],{"id":188,"type":189,"label":190,"file":129,"line":191},{"id":193,"type":194,"label":195,"file":129,"line":196,"wp_function":197},[209],{"from":188,"to":193,"sanitized":200},{"summary":211,"deductions":212},"The 'footer-header-js-css' plugin, version 1.2.2, exhibits a mixed security posture. On the positive side, it has a zero attack surface, no known CVEs, and all SQL queries utilize prepared statements. This suggests a deliberate effort to avoid common vulnerabilities like SQL injection and to keep the plugin free of known exploits.\n\nHowever, significant concerns arise from the code analysis, particularly the complete lack of output escaping for all 12 identified outputs. This is a critical flaw that can lead to Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is reflected without proper sanitization. The taint analysis revealing two flows with unsanitized paths, even without critical or high severity, corroborates the XSS risk, indicating potential pathways for malicious input to reach unescaped output points.\n\nIn conclusion, while the plugin avoids certain common pitfalls, the pervasive lack of output escaping is a major security weakness that exposes users to XSS attacks. The absence of any historical vulnerabilities might be due to its small attack surface and limited functionality, but it does not negate the immediate risks posed by the unescaped outputs.",[213,216],{"reason":214,"points":215},"All outputs unescaped",8,{"reason":217,"points":99},"Flows with unsanitized paths","2026-03-16T21:23:03.237Z",{"wat":220,"direct":228},{"assetPaths":221,"generatorPatterns":223,"scriptPaths":224,"versionParams":225},[222],"\u002Fwp-content\u002Fplugins\u002Ffooter-header-js-css\u002F",[],[129],[226,227],"header_scripts_version","footer_scripts_version",{"cssClasses":229,"htmlComments":230,"htmlAttributes":231,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":235},[],[],[232],"aria-label",[],[],[]]