[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAUG1NRK73k2zB5-cUdXGeUD1Oa5wcny_Dk1deJkTnAM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":98},"inject-header-and-footer","Inject Header And Footer","1.0","WebRecourse","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitaladquest\u002F","\u003Cp>This is a simple plugin which allows you to add \u002F insert scripts, codes, or texts to the header (head section) and footer (footer section) of your WordPress Website and Blogs.\u003C\u002Fp>\n\u003Cp>For Example: Simple copy and paste the Google Analytics code in the text box and save it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add \u002F Insert Scripts, Codes, Texts To Head Section (Header).\u003C\u002Fli>\n\u003Cli>Add \u002F Insert Scripts, Codes, Texts To Footer Section.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Plugin’s Website: \u003Ca href=\"https:\u002F\u002Fdigitaladquest.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdigitaladquest.com\u002Fwordpress-plugins\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Author’s Website: \u003Ca href=\"https:\u002F\u002Fdigitaladquest.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdigitaladquest.com\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin allows you to easily add scripts, codes, or texts to the header (head section) and footer (footer section) of your WordPress Website and B …",30,2504,0,"2017-06-02T11:45:00.000Z","4.8.28","3.0","",[19,20,21,22,23],"add-codes-footer-section","add-codes-head-section","add-insert-scripts-codes","insert-scripts-to-footer","insert-scripts-to-header","https:\u002F\u002Fwww.digitaladquest.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finject-header-and-footer.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"digitaladquest",3,140,84,"2026-04-04T22:02:03.932Z",[],{"attackSurface":38,"codeSignals":70,"taintFlows":91,"riskAssessment":92,"analyzedAt":97},{"hooks":39,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":69,"entryPointCount":13,"unprotectedCount":13},[40,46,50,54,58,62],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","daq_ihaf_add_menu","inject-header-and-footer.php",27,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_enqueue_scripts","daq_ihaf_custom_wp_admin_style",60,{"type":41,"name":51,"callback":52,"file":44,"line":53},"admin_init","daq_ihaf_reg_function",64,{"type":41,"name":55,"callback":56,"file":44,"line":57},"wp_head","daq_ihaf_inject_header",80,{"type":41,"name":59,"callback":60,"file":44,"line":61},"wp_footer","daq_ihaf_inject_footer",93,{"type":41,"name":63,"callback":64,"file":44,"line":65},"wp_dashboard_setup","daq_ihaf_plugin_setup_function",99,[],[],[],[],{"dangerousFunctions":71,"sqlUsage":72,"outputEscaping":74,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":90},[],{"prepared":13,"raw":13,"locations":73},[],{"escaped":13,"rawEcho":75,"locations":76},6,[77,80,82,84,86,88],{"file":44,"line":78,"context":79},76,"raw output",{"file":44,"line":81,"context":79},89,{"file":44,"line":83,"context":79},105,{"file":44,"line":85,"context":79},150,{"file":44,"line":87,"context":79},160,{"file":44,"line":89,"context":79},179,[],[],{"summary":93,"deductions":94},"The \"inject-header-and-footer\" plugin v1.0 exhibits a generally good security posture in terms of attack surface and known vulnerabilities.  It has no recorded CVEs, a clean vulnerability history, and a seemingly minimal attack surface with zero identified entry points.  However, a significant concern arises from the code analysis: 100% of output operations are not properly escaped. This means that any data processed by the plugin and then displayed to users or logged could potentially be vulnerable to cross-site scripting (XSS) attacks if that data originates from an untrusted source.\n\nWhile the absence of SQL injection vulnerabilities due to prepared statements and the lack of dangerous functions are strengths, the unescaped output presents a clear and present danger. The plugin's vulnerability history being entirely clean is positive, suggesting either good development practices or a lack of discovery, but it doesn't negate the risks identified in the static analysis. The lack of explicit capability checks, nonces, and authentication on potential entry points (though none were identified) is a minor concern in isolation, but could become more significant if new entry points are added in future versions without proper security considerations.",[95],{"reason":96,"points":75},"Unescaped output found","2026-03-16T22:30:20.051Z",{"wat":99,"direct":105},{"assetPaths":100,"generatorPatterns":102,"scriptPaths":103,"versionParams":104},[101],"\u002Fwp-content\u002Fplugins\u002Finject-header-and-footer\u002Fcss\u002Fstyle.css",[],[],[],{"cssClasses":106,"htmlComments":111,"htmlAttributes":112,"restEndpoints":115,"jsGlobals":116,"shortcodeOutput":117},[107,108,109,110],"daq-ihaf-orange-color","daq-ihaf-dashboard","daq-ihaf-sidebar","daq-ihaf-width-100",[],[113,114],"name=\"daq_ihaf_header_content\"","name=\"daq_ihaf_footer_content\"",[],[],[]]