Does Headings have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Headings compatible with WordPress 3.2.1?

According to WordPress.org data, Headings 1.1 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Headings updated?

Headings was last updated on Nov 27, 2011. Frequent updates are generally a positive security signal.

What is Headings's security score?

Headings has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Headings Security & Risk Analysis

wordpress.org/plugins/headings

Make Styled Note box, Alert box, Help box, Tip Box, Important Box and loads of of other boxes in your posts using classes.

10 active installs v1.1 PHP + WP 2.0.2+ Updated Nov 27, 2011

headingsstyle-box

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Headings Safe to Use in 2026?

Generally Safe

Score 85/100

Headings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'headings' plugin v1.1 exhibits a very strong security posture based on the provided static analysis and vulnerability history. The complete absence of identified attack surface points, dangerous functions, unpatched CVEs, and critical taint flows is highly commendable. The code also demonstrates good practices with 100% of SQL queries using prepared statements. However, a significant concern arises from the output escaping. With 100% of outputs not being properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. This is a critical weakness that overshadows the otherwise excellent security hygiene. The plugin's clean vulnerability history suggests a generally well-developed and maintained codebase, but the unescaped output is a fundamental security flaw that needs immediate attention.

Key Concerns

100% of outputs not properly escaped

Vulnerabilities

None known

Headings Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Headings Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Headings Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Headings Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwp_headstyle-box.php:57

Maintenance & Trust

Headings Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedNov 27, 2011

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Headings Alternatives

Notice Boxes with Shortcodes

notice-boxes-with-shortcodes

This plugin allows you to make notice boxes (styled content boxes of different colors) to display different messages via shortcodes.

80 No CVEs

Add Anchor Links

add-anchor-links

100

Creates anchor links to heading tags in the content of selected posts, just like Github does within the Readme.md files.

1K No CVEs

Copy Link to Heading – Easily add Anchor links for Headings

copy-link-to-heading

100

Adds a copy link icon to headings for easy copying anchor links, that helps to bookmarking, sharing, and navigation within the content.

20 No CVEs

Correct My Headings

correct-my-headings

If your subheadings appear on archive pages, they need to start from H3 (because H2 tags are used by the post titles on archive pages).

10 No CVEs

jcwp simple table of contents

jcwp-simple-table-of-contents

This plugin gives options to display "Table of contents" container on your wordpress post or page

10 No CVEs

Developer Profile

Headings Developer Profile

themevedanta

2 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Headings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/headings/style.css

HTML / DOM Fingerprints

FAQ