[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foa0ik55iGOeyTYG3-M4_D7B0SeH8wAMIjZDfd9iVh34":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":56,"analysis":161,"fingerprints":267},"header-footer","Head, Footer and Post Injections","3.3.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Why you have to install 10 plugins to add Google Analytics, Facebook Pixel, custom\u003Cbr \u002F>\ntracking code, Google DFP code, Google Webmaster\u002FAlexa\u002FBing\u002FTradedoubler verification code and so on…\u003C\u002Fp>\n\u003Cp>With Header and Footer plugin you can just copy the code those services give you\u003Cbr \u002F>\nin a centralized point to manage them all. And theme independent: you can change your theme\u003Cbr \u002F>\nwithout loosing the code injected!\u003C\u002Fp>\n\u003Ch4>Injection points and features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>in the  page section where most if the codes are usually added\u003C\u002Fli>\n\u003Cli>just after the  tag as required by some JavaScript SDK (like Facebook)\u003C\u002Fli>\n\u003Cli>in the page footer (just before the  tag)\u003C\u002Fli>\n\u003Cli>recognize and execute PHP code to add logic to your injections\u003C\u002Fli>\n\u003Cli>distinct desktop and mobile injections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>AMP\u003C\u002Fh4>\n\u003Cp>A new AMP dedicated section compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Famp\" rel=\"ugc\">AMP plugin\u003C\u002Fa> lets you to inject specific codes in\u003Cbr \u002F>\nAMP pages. Should be ok even with other AMP plugins.\u003C\u002Fp>\n\u003Ch4>Post Top and Bottom Codes\u003C\u002Fh4>\n\u003Cp>Do you need to inject a banner over the post content or after it? No problem. With Header and\u003Cbr \u002F>\nFooter you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add codes on \u003Cem>top\u003C\u002Fem>, \u003Cem>bottom\u003C\u002Fem> and in the \u003Cem>middle\u003C\u002Fem> of posts and pages\u003C\u002Fli>\n\u003Cli>Differentiate between \u003Cem>mobile\u003C\u002Fem> and \u003Cem>desktop\u003C\u002Fem> (you don’t display the same ad format on both, true?)\u003C\u002Fli>\n\u003Cli>Separate post and page configuration\u003C\u002Fli>\n\u003Cli>Native PHP code enabled\u003C\u002Fli>\n\u003Cli>Shortcodes enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Special Injections\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Just after the opening BODY tag\u003C\u002Fli>\n\u003Cli>In the middle of post content (using configurable rules)\u003C\u002Fli>\n\u003Cli>Everywhere on template (using placeholders)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>bbPress\u003C\u002Fh4>\n\u003Cp>The specific bbPress injections are going to be removed. Switch to my\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fads-bbpress\" rel=\"ugc\">Ads for bbPress\u003C\u002Fa>, which is more flexible and complete.\u003C\u002Fp>\n\u003Ch4>Limits\u003C\u002Fh4>\n\u003Cp>This plugin cannot change the menu or the footer layout, those features must be covered by your theme!\u003C\u002Fp>\n\u003Cp>Official page: \u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fads-bbpress\u002F\" rel=\"ugc\">Ads for bbPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>You can contribute to translate this plugin in your language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">WordPress Translate\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy and GDPR\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or process any personal user data.\u003C\u002Fp>\n","Head and Footer plugin lets you to add HTML code to the head and footer sections of your site pages, inside posts... and more!",300000,5509086,98,734,"2026-02-03T07:01:00.000Z","6.9.4","6.1","7.0",[20,21,22,23,24],"ads","amp","analytics","footer","header","https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheader-footer.3.3.3.zip",99,1,0,"2025-02-20 22:46:06","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28},"CVE-2024-13900","head-footer-and-post-injections-authenticated-administrator-php-code-injection-in-multisite-environments","Head, Footer and Post Injections \u003C= 3.3.0 - Authenticated (Administrator+) PHP Code Injection in Multisite Environments","The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.",null,"\u003C=3.3.0","3.3.1","medium",4.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Improper Control of Generation of Code ('Code Injection')","2025-02-21 11:09:34",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5177bde6-4922-48ee-9155-577c392809a0?source=api-prod",{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"satollo",14,515450,94,650,75,"2026-04-04T21:14:24.389Z",[57,78,98,118,139],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":11,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":16,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":77,"fetched_at":31},"wp-headers-and-footers","Insert Headers And Footers","3.1.3","Adnan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiddenpearls\u002F","\u003Cp>WP Headers and Footers plugin helps you to insert code to your WordPress website headers and footers section like Google Analytics tracking code, Facebook Pixels code, Google Optimize code for A\u002FB testing, Custom CSS code, and more. You don’t need to edit the theme files to insert the code.\u003C\u002Fp>\n\u003Cp>The simple interface of this plugin allows you to add code and different scripts from one place to your WordPress website (\u003Cstrong>Headers, Footers, and Body section\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert code to your WordPress headers & Footers\u003C\u002Fli>\n\u003Cli>Insert Google Analytics Code to any WordPress theme\u003C\u002Fli>\n\u003Cli>Insert Facebook Pixels Code\u003C\u002Fli>\n\u003Cli>Add Google Optimize Code for A\u002FB testing ( Ab Testing )\u003C\u002Fli>\n\u003Cli>Add Google search console authentication code to any theme for verification\u003C\u002Fli>\n\u003Cli>Add Custom CSS, any script, and HTML to your website\u003C\u002Fli>\n\u003Cli>Google Tag Manager code\u002Fscript insertion\u003C\u002Fli>\n\u003Cli>You can also add microsoft clarity tracking code to your website\u003C\u002Fli>\n\u003Cli>You can also insert code to your website body section\u003C\u002Fli>\n\u003Cli>Can add Bing webmaster tool code for website verification\u003C\u002Fli>\n\u003Cli>Add Google AdSense code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>If you find our plugin useful, please leave a good rating\u002Freview and check our other plugins.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fanalytify.io\u002Fref\u002F73\u002F?utm_source=wp-headers-and-footers&utm_medium=readme&utm_campaign=pro-upgrade\" rel=\"nofollow ugc\">Analytify – Google Analytics Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Floginpress.pro\u002F?utm_source=wp-headers-and-footers\" rel=\"nofollow ugc\">LoginPress\u003C\u002Fa> – For Custom login page and login page security\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplesocialbuttons.com?utm_source=wp-headers-and-footers&utm_medium=readme&utm_campaign=pro-upgrade\" rel=\"nofollow ugc\">Simple Social Buttons\u003C\u002Fa> – Plugin for Social share buttons and social icons\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-thumbnails\u002F\" rel=\"ugc\">Related Posts Thumbnails Plugin\u003C\u002Fa> – For related posts\u002Fproducts\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpbrigade.com\u002Frecommend\u002Fmaintenance-mode?utm_source=wp-headers-and-footers&utm_medium=readme&utm_campaign=pro-upgrade\" rel=\"nofollow ugc\">Under Construction, Coming Soon & Maintenance Mode\u003C\u002Fa> – Plugin for Under construction & Coming soon page\u003C\u002Fli>\n\u003C\u002Ful>\n","Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.",2339048,100,127,"2026-01-05T15:03:00.000Z","5.0","",[72,73,23,74,24],"custom-css","facebook-pixel","google-analytics","https:\u002F\u002Fwww.WPBrigade.com\u002Fwordpress\u002Fplugins\u002Fwp-headers-and-footers\u002F?utm_source=?utm_source=wp-headers-and-footers&utm_medium=author-uri-link","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-headers-and-footers.3.1.3.zip","2025-04-18 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":70,"tags":93,"homepage":95,"download_link":96,"security_score":27,"vuln_count":89,"unpatched_count":29,"last_vuln_date":97,"fetched_at":31},"header-footer-code","NinjaTeam Header Footer Custom Code","1.2","Ninja Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fninjateam\u002F","\u003Cp>Easily add CSS, JavaScript, and custom code snippets to your website’s \u003Ccode>\u003Chead>\u003C\u002Fcode> or before the \u003Ccode>\u003C\u002Fbody>\u003C\u002Fcode> tag with this powerful plugin. Whether you need to integrate \u003Cstrong>Google Analytics\u003C\u002Fstrong>, \u003Cstrong>Facebook Pixel\u003C\u002Fstrong>, \u003Cstrong>custom CSS\u003C\u002Fstrong>, or other scripts, this plugin makes it simple—no theme file editing required. Plus, your code remains safe even when you update your theme!\u003C\u002Fp>\n\u003Cp>This is a must-have plugin for any WordPress website.\u003C\u002Fp>\n\u003Cp>If you’re wondering how to add code to the header in WordPress or searching for a \u003Cstrong>WordPress plugin to insert code into the header or footer\u003C\u002Fstrong>, you’ve come to the right place. This plugin gets the job done quickly!\u003C\u002Fp>\n\u003Ch4>FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to insert code to header and footer\u003C\u002Fli>\n\u003Cli>Add Google Analytics code to any theme\u003C\u002Fli>\n\u003Cli>Add custom CSS to any theme\u003C\u002Fli>\n\u003Cli>Add Facebook Pixel to any theme\u003C\u002Fli>\n\u003Cli>Friendly\u003C\u002Fli>\n\u003Cli>Support code editor\u003C\u002Fli>\n\u003Cli>And more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For WordPress Full Site Editing (FSE) users:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>FSE reduces the need to access and edit core theme files, which can make it harder for advanced users who prefer working directly with PHP or CSS in template files.\u003C\u002Fli>\n\u003Cli>Some modifications may require custom block creation, which involves more advanced coding.\u003C\u002Fli>\n\u003Cli>Since \u003Ca href=\"https:\u002F\u002Fwpbrandy.com\u002Ffull-site-editing-in-wordpress\u002F\" rel=\"nofollow ugc\">FSE themes\u003C\u002Fa> are heavily block-based, any manual modifications to theme files might be overridden during updates, so adding code snippets needs to be done carefully.\u003C\u002Fli>\n\u003Cli>When adding PHP or backend functionality, rely on plugins like Header Footer Custom Code to avoid directly editing theme files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>INSTALLATION\u003C\u002Fh4>\n\u003Cp>Manual installation is easy and takes fewer than one minute.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Download the plugin from wordpress.org, unpack it and upload the \u003Cstrong>[NinjaTeam Insert Code Header Footer]\u003C\u002Fstrong> folder to your \u003Cstrong>wp-content\u002Fplugins\u002F\u003C\u002Fstrong> directory.\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins‘ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to your main \u003Cstrong>WordPress menu > Header Footer Code\u003C\u002Fstrong> to add your custom code.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You’re done. Enjoy.\u003C\u002Fp>\n","Help you easy to insert CSS and JavaScript codes to  or before .",200,6189,70,2,"2025-04-25T01:48:00.000Z","6.8.5","3.0",[94,73,23,74,24],"custom-code","https:\u002F\u002Fninjateam.org\u002Fheader-footer-code","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheader-footer-code.zip","2024-08-15 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":66,"downloaded":106,"rating":29,"num_ratings":29,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":70,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"in-page-script","In Page Script","0.1","Phuc Pham","https:\u002F\u002Fprofiles.wordpress.org\u002Fsvincoll4\u002F","\u003Cp>This plugin helps to add scripts into the header (before close tag \u003C\u002FHEAD>) or the footer (before close tag \u003C\u002FBODY>).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add header\u002Ffooter scripts for all pages\u003C\u002Fli>\n\u003Cli>Add header\u002Ffooter scripts for individual page\u003C\u002Fli>\n\u003Cli>Add header\u002Ffooter scripts for Order Received page (Woocommerce)\u003C\u002Fli>\n\u003Cli>Allows filter to support custom post types\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Although this plugin has been created to add these scripts only, there is no limit to add other things on the page such as META tags, STYLESHEET\u002FCSS tags, HTML tags…\u003C\u002Fp>\n","This plugin helps to add scripts into the header (before close tag \u003C\u002FHEAD>) or the footer (before close tag \u003C\u002FBODY>).",3483,"2015-09-07T07:21:00.000Z","4.3.34","3.0.1",[111,112,113,114],"adwords-script","footer-script","google-analytics-script","header-script","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fin-page-script\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fin-page-script.0.1.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":66,"downloaded":126,"rating":66,"num_ratings":89,"last_updated":127,"tested_up_to":128,"requires_at_least":69,"requires_php":129,"tags":130,"homepage":136,"download_link":137,"security_score":138,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"its-tracking-code","KP Tracking Code","1.0.4","Kalpesh Prajapati","https:\u002F\u002Fprofiles.wordpress.org\u002Fkprajapati22\u002F","\u003Cp>Add tracking code on your website without hacking your theme file.\u003C\u002Fp>\n\u003Cp>This plugin provide simple way to add your tracking code in html head or footer section of the site.\u003C\u002Fp>\n\u003Cp>Also you can use different language. To change language you need to generate .po and .mo files.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add tracking code like Google analytics, Facebook pixel, thridpary script code to header & footer of your website.\u003C\u002Fli>\n\u003Cli>Translation Compatible.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin used to add tracking code to header & footer section.",6161,"2025-02-07T20:21:00.000Z","6.7.5","7.4",[131,132,133,134,135],"analytics-code","code","header-and-footer","pixel-code","tracking","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkp-disable-admin-bar-based-on-user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fits-tracking-code.1.0.4.zip",92,{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":147,"downloaded":148,"rating":149,"num_ratings":150,"last_updated":151,"tested_up_to":16,"requires_at_least":152,"requires_php":129,"tags":153,"homepage":158,"download_link":159,"security_score":66,"vuln_count":28,"unpatched_count":29,"last_vuln_date":160,"fetched_at":31},"google-site-kit","Site Kit by Google – Analytics, Search Console, AdSense, Speed","1.174.0","Google","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoogle\u002F","\u003Cp>Site Kit is the official WordPress plugin from Google for insights about how people find and use your site. Site Kit is the one-stop solution to deploy, manage, and get insights from critical Google tools to make the site successful on the web. It provides authoritative, up-to-date insights from multiple Google products directly on the WordPress dashboard for easy access, all for free.\u003C\u002Fp>\n\u003Ch4>Bringing the best of Google tools to WordPress\u003C\u002Fh4>\n\u003Cp>Site Kit includes powerful features that make using these Google products seamless and flexible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy-to-understand stats directly on your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Official stats from multiple Google tools, all in one dashboard\u003C\u002Fli>\n\u003Cli>Quick setup for multiple Google tools without having to edit the source code of your site\u003C\u002Fli>\n\u003Cli>Metrics for your entire site and for individual posts\u003C\u002Fli>\n\u003Cli>Easy-to-manage, granular permissions across WordPress and different Google products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Google tools\u003C\u002Fh4>\n\u003Cp>Site Kit shows key metrics and insights from different Google products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Search Console:\u003C\u002Fstrong> Understand how Google Search discovers and displays your pages in Google Search. Track how many people saw your site in Search results, and what query they used to search for your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics:\u003C\u002Fstrong> Explore how users navigate your site and track goals you’ve set up for your users to complete.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AdSense:\u003C\u002Fstrong> Keep track of how much your site is earning you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PageSpeed Insights:\u003C\u002Fstrong> See how your pages perform compared to other real-world sites. Improve performance with actionable tips from PageSpeed Insights.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tag Manager:\u003C\u002Fstrong> Use Site Kit to easily set up Tag Manager- no code editing required. Then, manage your tags in Tag Manager.\u003C\u002Fli>\n\u003C\u002Ful>\n","Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.",5000000,243881054,84,980,"2026-03-10T15:16:00.000Z","5.2",[154,22,155,156,157],"adsense","google","pagespeed-insights","search-console","https:\u002F\u002Fsitekit.withgoogle.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-site-kit.1.174.0.zip","2020-05-21 00:00:00",{"attackSurface":162,"codeSignals":228,"taintFlows":239,"riskAssessment":259,"analyzedAt":266},{"hooks":163,"ajaxHandlers":224,"restRoutes":225,"shortcodes":226,"cronEvents":227,"entryPointCount":29,"unprotectedCount":29},[164,170,173,176,179,183,189,193,196,200,203,206,209,212,216,220],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","admin_init","closure","admin\\admin.php",5,{"type":165,"name":171,"callback":167,"file":168,"line":172},"admin_menu",19,{"type":165,"name":174,"callback":167,"file":168,"line":175},"admin_enqueue_scripts",26,{"type":165,"name":177,"callback":167,"file":168,"line":178},"add_meta_boxes",35,{"type":165,"name":180,"callback":181,"file":168,"line":182},"save_post","hefo_save_post",39,{"type":184,"name":185,"callback":186,"file":187,"line":188},"filter","style_loader_tag","hefo_style_loader_tag","plugin.php",50,{"type":165,"name":190,"callback":191,"priority":28,"file":187,"line":192},"template_redirect","hefo_template_redirect",79,{"type":165,"name":194,"callback":195,"priority":28,"file":187,"line":67},"wp_head","hefo_wp_head_pre",{"type":165,"name":194,"callback":197,"priority":198,"file":187,"line":199},"hefo_wp_head_post",11,153,{"type":165,"name":201,"callback":167,"priority":66,"file":187,"line":202},"amp_post_template_head",163,{"type":165,"name":204,"callback":167,"priority":66,"file":187,"line":205},"amp_post_template_css",167,{"type":165,"name":207,"callback":167,"priority":66,"file":187,"line":208},"amp_post_template_body_open",171,{"type":165,"name":210,"callback":167,"priority":66,"file":187,"line":211},"amp_post_template_footer",175,{"type":165,"name":213,"callback":214,"file":187,"line":215},"wp_footer","hefo_wp_footer",179,{"type":165,"name":217,"callback":218,"file":187,"line":219},"the_content","hefo_the_content",191,{"type":165,"name":221,"callback":222,"file":187,"line":223},"the_excerpt","hefo_the_excerpt",312,[],[],[],[],{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":232,"fileOperations":29,"externalRequests":29,"nonceChecks":237,"capabilityChecks":237,"bundledLibraries":238},[],{"prepared":29,"raw":29,"locations":231},[],{"escaped":188,"rawEcho":28,"locations":233},[234],{"file":187,"line":235,"context":236},367,"raw output",3,[],[240],{"entryPoint":241,"graph":242,"unsanitizedCount":29,"severity":258},"\u003Coptions> (admin\\options.php:0)",{"nodes":243,"edges":255},[244,250],{"id":245,"type":246,"label":247,"file":248,"line":249},"n0","source","$_SERVER['REQUEST_URI'] (x2)","admin\\options.php",80,{"id":251,"type":252,"label":253,"file":248,"line":249,"wp_function":254},"n1","sink","echo() [XSS]","echo",[256],{"from":245,"to":251,"sanitized":257},true,"low",{"summary":260,"deductions":261},"The \"header-footer\" plugin v3.3.3 exhibits a generally strong security posture based on the static analysis. The absence of direct entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the attack surface. Code signals also indicate good practices, with all SQL queries utilizing prepared statements, a high percentage of output properly escaped, and the presence of nonce and capability checks. The taint analysis shows no unsanitized paths, further reinforcing the impression of secure coding. The plugin's history of a single medium-severity CVE, which is now patched, suggests a responsible approach to security over time.  However, the existence of any past vulnerability, even if resolved, warrants ongoing vigilance. The plugin has demonstrated good security practices in its current version but historical issues suggest it is not entirely immune to vulnerabilities.",[262,264],{"reason":263,"points":169},"Medium severity vulnerability found historically",{"reason":265,"points":169},"Past vulnerability of Code Injection type","2026-03-16T17:02:44.522Z",{"wat":268,"direct":277},{"assetPaths":269,"generatorPatterns":271,"scriptPaths":272,"versionParams":274},[270],"\u002Fwp-content\u002Fplugins\u002Fheader-footer\u002Fadmin\u002Fcss\u002Fadmin.css",[],[273],"\u002Fwp-content\u002Fplugins\u002Fheader-footer\u002Fadmin\u002Fjs\u002Fadmin.js",[275,276],"header-footer\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","header-footer\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":278,"htmlComments":279,"htmlAttributes":291,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":298},[],[280,281,282,283,284,285,286,287,288,289,290],"\u003C!-- Made with love by Stefano Lissa https:\u002F\u002Fwww.satollo.net -->","\u003C!-- START: Head, Footer and Post Injections -->","\u003C!-- END: Head, Footer and Post Injections -->","\u003C!-- START: AMP Head, Footer and Post Injections -->","\u003C!-- END: AMP Head, Footer and Post Injections -->","\u003C!-- START: AMP CSS -->","\u003C!-- END: AMP CSS -->","\u003C!-- START: AMP Body -->","\u003C!-- END: AMP Body -->","\u003C!-- START: AMP Footer -->","\u003C!-- END: AMP Footer -->",[292,293],"data-hefo-type","data-hefo-id",[],[296,297],"window.hefo_options","window.hefo_is_mobile",[]]