[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fo7lIt6PVHwm_IgwTQE_c6nyXKMyIzFc3MVoRSIPBbyo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":215},"headwp","Head.WP","2.0.3","kylereicks","https:\u002F\u002Fprofiles.wordpress.org\u002Fkylereicks\u002F","\u003Cp>Head.js is a script to asynchronously load and manage dependencies of javascript and CSS assets.\u003C\u002Fp>\n\u003Cp>This plugin loads the scripts and styles enqueued in footer with the head.js loader. It does not include head.js’ feature detection.\u003C\u002Fp>\n\u003Cp>Head.js.wp assumes that scripts are loaded via \u003Ccode>wp_enqueue_script()\u003C\u002Fcode> and that any script enqueued in the \u003Ccode>\u003Chead>\u003C\u002Fcode> intends to be loaded before the rest of the page.\u003C\u002Fp>\n","Head.js is a script to asynchronously load and manage dependencies of javascript and CSS assets.",10,2629,0,"2014-02-18T00:00:00.000Z","3.7.41","3.2","",[19,20,21,22,23],"async","asynchronous","headjs","javascript","script-loading","http:\u002F\u002Fgithub.com\u002Fkylereicks\u002Fhead.js.wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheadwp.2.0.3.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,60,30,84,"2026-04-05T07:24:28.193Z",[37,54,75,96,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":34,"num_ratings":47,"last_updated":48,"tested_up_to":15,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":52,"download_link":53,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"async-js-and-css","Async JS and CSS","1.7.13","dmikam","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmikam\u002F","\u003Cp>When your page is loaded by browser – all that stuff placed in HEAD tag is loaded before the page content – in blocking way. So the content is delivered to user in the last moment, after all javascript and css files are loaded.\u003C\u002Fp>\n\u003Cp>If you are a webmaster or just want to make your web to make better your positions on search engines (yes, they preffer faster webs), just take a look on Google PageSpeed Insights – you’ll see that one of the mos important things is fastenes and one of the reason why your page is not so fast – is “Render-blocking JavaScript and CSS”.\u003C\u002Fp>\n\u003Cp>This plugin makes ALL scripts loaded by other plugins to be loaded in asynchronous way just like Google PageSpeed Insights recommends.\u003Cbr \u002F>\nAll CSS files will be inserted inline into the document code or moved from the document beginning to the end, just before closing BODY tag (or just where you placed wp_foot() function). There are various methods to do that – they are all in plugin’s configuration page.\u003C\u002Fp>\n\u003Cp>Plugin makes all scripts to be loaded asynchronously using wp_enqueue_script and also can detect scrips included inside of wp_head and wp_footer hooks.\u003C\u002Fp>\n\u003Cp>All CSS files loaded using wp_enqueue_style can be loaded just before closing BODY tag by four methods:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* inserting \u003Clink rel=\"stylesheet\" ...> tag\n\n* inserting \u003Cstyle>@import url(...);\u003C\u002Fstyle>\n\n* generating \u003Clink rel=\"stylesheet\" ...> tag with javascript after all have loaded\n\n* inserting ALL CSS CODE INLINE into the document (the fastest way)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>I was inspired to create this small plugin by Asynchronous Javascript but it works in completely different way.\u003C\u002Fp>\n\u003Ch3>Known incompatibilities\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>* Internet Explorer 7 - Some scripts could be loaded impropertly (trying to fix it)\n\n* Plugin - WP JetPack - Share - everithing works but \"More\" dropdown menú\n\n* Plugin - Google Analyticator\u003Ch3>Special thanks\u003C\u002Fh3>\n* NicMic\u003Ch3>TODO\u003C\u002Fh3>\n* Inline JS\n* Minify JS\n* Cache\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Converts render-blocking CSS and JS files into NON-render-blocking, improving performance of web page.",800,113934,51,"2017-11-28T15:34:00.000Z","2.6",[19,20,21,22,51],"js","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002FasyncJSandCSS\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasync-js-and-css.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":74,"fetched_at":28},"asynchronous-javascript","Asynchronous Javascript","1.3.5","Paris Holley","https:\u002F\u002Fprofiles.wordpress.org\u002Fparisholley\u002F","\u003Cp>This plugin is meant to be a drop-in to your wordpress installation with no additional configuration. The goals\u002Ffeatures of this plugin are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Load javascript files in an asynchronous manner to improve time to DomReady\u002FOnLoad\u003C\u002Fli>\n\u003Cli>Use existing wordpress APIs for backwards compatability and prevent coupling to this plugin\u003C\u002Fli>\n\u003Cli>Leverage dependency model wordpress provides for assets to improve loading performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please submit bugs or contributions to the github location and not here on wordpress’ system:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fparisholley\u002Fwordpress-asynchronous-javascript\u002F\u003C\u002Fp>\n\u003Cp>SEO: async js, asynchronous js, async javascript\u003C\u002Fp>\n\u003Ch3>Incompatibility\u003C\u002Fh3>\n\u003Cp>This plugin will not work out the box with the following plugins (unless they are modified to support asynchronous loading).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Jetpack by WordPress.com (social plugin)\u003C\u002Fli>\n\u003Cli>WP Most Popular\u003C\u002Fli>\n\u003C\u002Ful>\n","Improve page load performance by asynchronously loading javascript using head.js",200,35705,74,9,"2013-11-02T21:58:00.000Z","3.5.2","3.5",[19,20,21,22,51],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fasynchronous-javascript\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasynchronous-javascript.zip",63,1,"2026-01-27 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":11,"downloaded":83,"rating":32,"num_ratings":31,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":95},"ajax-loading","AJAX Loading","1.1","Mahesh Thorat","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaheshmthorat\u002F","\u003Cp>Enhance your website’s performance and user experience with our \u003Cstrong>Ajax Page Loading Plugin\u003C\u002Fstrong>. Load content asynchronously without reloading the page, thanks to the power of AJAX. Enjoy seamless content updates and a smoother browsing experience with lightweight JavaScript implementation—no heavy JS frameworks required.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cp>🔹 \u003Cstrong>Seamless Content Updates:\u003C\u002Fstrong> Load new content without refreshing the entire page, ensuring a fluid and uninterrupted user experience.\u003Cbr \u002F>\n🔹 \u003Cstrong>Lightweight Implementation:\u003C\u002Fstrong> Boost your website’s performance with minimal JavaScript, avoiding the bloat of heavy frameworks.\u003Cbr \u002F>\n🔹 \u003Cstrong>Customizable JavaScript Callback:\u003C\u002Fstrong> Leverage the \u003Ccode>wp_ajax_load_complete\u003C\u002Fcode> callback function for tailored JS hooks and custom behaviors.\u003C\u002Fp>\n\u003Ch3>JavaScript Callback Function\u003C\u002Fh3>\n\u003Cp>Use below callback function in your javascript library or you can just directly use * wp_footer * hook for add custom script.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>wp_ajax_load_complete = function() {\n  \u002F\u002F YOUR JS HOOKS\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin improves your users page experience without reloading pages using AJAX.",2260,"2025-03-07T11:45:00.000Z","6.7.5","4.5","5.6",[89,20,90,22,91],"ajax","content","page-loading","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fajax-loading\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-loading.1.1.zip",92,"2026-03-15T14:54:45.397Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":115,"download_link":116,"security_score":34,"vuln_count":31,"unpatched_count":13,"last_vuln_date":117,"fetched_at":28},"async-javascript","Async JavaScript","2.21.08.31","David Clough","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloughit\u002F","\u003Cp>Eliminate Render-blocking Javascript in above-the-fold content with Async Javascript.\u003C\u002Fp>\n\u003Cp>Render-blocking Javascript prevents above-the-fold content on your page from being rendered until the javascript has finished loading. This can impact on your page speed and ultimately your ranking within search engines. It can also impact your user’s experience.\u003C\u002Fp>\n\u003Cp>Async JavaScript gives you full control of which scripts to add an ‘async’ or ‘defer’ attribute to or to exclude to help increase the performance of your WordPress website.\u003C\u002Fp>\n","Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres &hellip;",80000,2047749,94,102,"2023-06-22T08:00:00.000Z","6.2.9","4.6",[19,22,112,113,114],"pagespeed","performance","render-blocking","https:\u002F\u002Fautoptimize.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasync-javascript.2.21.08.31.zip","2021-06-13 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":68,"requires_php":17,"tags":132,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"speed-up-optimize-css-delivery","Speed Up – Optimize CSS Delivery","1.0.11","nigro.simone","https:\u002F\u002Fprofiles.wordpress.org\u002Fnigrosimone\u002F","\u003Cp>This small plugin (5 Kb) loads the stylesheets asynchronously and improve page load times.\u003C\u002Fp>\n\u003Cp>The recommended use of this plugin is to load your vital stylesheets synchronously and non-vital CSS files asynchronously.\u003Cbr \u002F>\nNon-vital CSS-files can be for example: fonts, icons, before the fold template-specific CSS, etc.\u003C\u002Fp>\n\u003Cp>You can choose which files to load synchronously with a filter in your function.php, eg.:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F exclude main and child stylesheets from delivery optimization\nfunction exclude_from_delivery_optimization($handle){\n    return in_array($handle, array('main-stylesheet', 'child-stylesheet'));\n}\nadd_filter('speed-up-optimize-css-delivery', 'exclude_from_delivery_optimization');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Note: this only works if your other plugins and theme add the CSS correctly.\u003C\u002Fp>\n","This plugin load the stylesheets asynchronously and improve page load times.",1000,59120,100,8,"2023-03-05T07:27:00.000Z","6.0.11",[19,20,113,133,134],"seo","wp_enqueue_style","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspeed-up-optimize-css-delivery\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspeed-up-optimize-css-delivery.1.0.11.zip",{"attackSurface":138,"codeSignals":166,"taintFlows":201,"riskAssessment":202,"analyzedAt":214},{"hooks":139,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":165,"entryPointCount":31,"unprotectedCount":13},[140,146,150],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","init","add_update_hook","inc\\class-head-js-wp.php",39,{"type":141,"name":147,"callback":148,"file":144,"line":149},"wp_enqueue_scripts","enqueue_scripts",40,{"type":141,"name":151,"callback":152,"priority":65,"file":144,"line":153},"wp_print_footer_scripts","print_footer_scripts",41,[],[],[157,162],{"tag":158,"callback":159,"file":160,"line":161},"enqueue_style","shortcode_enqueue_style","inc\\class-shortcodes-head-js-wp.php",7,{"tag":163,"callback":164,"file":160,"line":11},"enqueue_script","shortcode_enqueue_script",[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":173,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[],{"prepared":13,"raw":73,"locations":169},[170],{"file":144,"line":171,"context":172},32,"$wpdb->get_col() with variable interpolation",{"escaped":13,"rawEcho":174,"locations":175},13,[176,180,182,183,186,188,190,191,193,194,196,198,199],{"file":177,"line":178,"context":179},"inc\\class-view-head-js-wp.php",24,"raw output",{"file":181,"line":73,"context":179},"inc\\templates\\head-load-template.php",{"file":181,"line":73,"context":179},{"file":184,"line":185,"context":179},"inc\\templates\\head-ready-template.php",4,{"file":187,"line":185,"context":179},"inc\\templates\\load-async-script-template.php",{"file":187,"line":189,"context":179},6,{"file":187,"line":129,"context":179},{"file":192,"line":73,"context":179},"inc\\templates\\min\\head-load-template.php",{"file":192,"line":73,"context":179},{"file":195,"line":185,"context":179},"inc\\templates\\min\\head-ready-template.php",{"file":197,"line":73,"context":179},"inc\\templates\\min\\load-async-script-template.php",{"file":197,"line":73,"context":179},{"file":197,"line":73,"context":179},[],[],{"summary":203,"deductions":204},"The \"headwp\" plugin v2.0.3 exhibits a mixed security posture. On the positive side, it has a very small attack surface with only two shortcodes and no AJAX handlers or REST API routes. Crucially, none of these entry points are reported as unprotected. The plugin also has no known historical CVEs, indicating a generally stable security track record.  However, significant concerns arise from the code analysis.  The plugin uses raw SQL queries without prepared statements, which is a substantial risk for SQL injection vulnerabilities. Furthermore, none of the 13 identified output operations are properly escaped, leaving it highly susceptible to Cross-Site Scripting (XSS) attacks. The absence of nonce and capability checks on all entry points is also a critical oversight, further widening the potential for exploits.",[205,207,209,212],{"reason":206,"points":129},"No SQL prepared statements",{"reason":208,"points":129},"No output escaping",{"reason":210,"points":211},"No nonce checks",5,{"reason":213,"points":211},"No capability checks","2026-03-17T00:54:24.508Z",{"wat":216,"direct":224},{"assetPaths":217,"generatorPatterns":219,"scriptPaths":220,"versionParams":221},[218],"\u002Fwp-content\u002Fplugins\u002Fheadwp\u002Fjs\u002Flibs\u002Fhead.load.min.js",[],[218],[222,223],"head-js-wp\u002Fjs\u002Flibs\u002Fhead.load.min.js?ver=","head-js-wp\u002Fjs\u002Flibs\u002Fhead.load.min.js?ver=1.0.3",{"cssClasses":225,"htmlComments":226,"htmlAttributes":227,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":230},[],[],[],[],[],[231,232],"[enqueue_style","[enqueue_script"]