Does Insert Headers and Footers Code – HT Script have any unpatched vulnerabilities?

No. All known vulnerabilities in Insert Headers and Footers Code – HT Script have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Insert Headers and Footers Code – HT Script compatible with WordPress 6.9.4?

According to WordPress.org data, Insert Headers and Footers Code – HT Script 1.1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Insert Headers and Footers Code – HT Script updated?

Insert Headers and Footers Code – HT Script was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Insert Headers and Footers Code – HT Script's security score?

Insert Headers and Footers Code – HT Script has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Insert Headers and Footers Code – HT Script Security & Risk Analysis

wordpress.org/plugins/insert-headers-and-footers-script

This plugin allows you to insert Google analytic code, Facebook pixel code, custom javascript, custom style in your website's header and footer.

7K active installs v1.1.8 PHP + WP 5.0+ Updated Feb 26, 2026

facebook-pixelgoogle-analyticsinject-codeinject-htmlinject-javascript

A · Safe

CVEs total2

Unpatched0

Last CVENov 7, 2025

Plugin page Download

Safety Verdict

Is Insert Headers and Footers Code – HT Script Safe to Use in 2026?

Generally Safe

Score 98/100

Insert Headers and Footers Code – HT Script has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 7, 2025Updated 1mo ago

Risk Assessment

The 'insert-headers-and-footers-script' plugin version 1.1.8 exhibits a mixed security posture. While it demonstrates good practices in its handling of SQL queries by exclusively using prepared statements and generally good output escaping (79% properly escaped), there are notable concerns. The presence of an AJAX handler without authentication checks significantly expands the attack surface and presents a direct entry point for potential unauthorized actions.

The static analysis reveals a moderate attack surface with 5 AJAX handlers, one of which lacks authorization. Although no critical or high severity taint flows were found, two flows with unsanitized paths were identified, suggesting a potential for vulnerabilities if exploited. The vulnerability history, featuring two medium severity CVEs primarily related to Cross-Site Scripting and Missing Authorization, points to a recurring pattern of authorization and input sanitization issues in past versions.

In conclusion, the plugin has some solid security foundations, particularly with its database interactions. However, the unprotected AJAX endpoint is a critical weakness that needs immediate attention. The past vulnerabilities indicate a need for continued vigilance in authorization and input handling to prevent future exploits. The overall risk is moderate, primarily driven by the unprotected AJAX endpoint and the history of authorization-related vulnerabilities.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
Medium severity vulnerabilities in history
Output escaping below 100%

Vulnerabilities

Insert Headers and Footers Code – HT Script Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-12112medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting

Nov 7, 2025 Patched in 1.1.7 (1d)

CVE-2025-2779medium · 6.5Missing Authorization

Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

Apr 1, 2025 Patched in 1.1.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

Insert Headers and Footers Code – HT Script Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

218 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

79% escaped276 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

__construct (admin\class-diagnostic-data.php:76)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Insert Headers and Footers Code – HT Script Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_ihafs_diagnostic_dataadmin\class-diagnostic-data.php:98

authwp_ajax_htscript_noticesadmin\class-rating-notice.php:51

authwp_ajax_cmb2_oembed_handleradmin\cmb2\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handleradmin\cmb2\includes\CMB2_Ajax.php:52

authwp_ajax_ihafs_ajax_plugin_activationadmin\recommended-plugins\class.recommended-plugins.php:84

WordPress Hooks 63

actionadmin_noticesadmin\class-diagnostic-data.php:93

actioninitadmin\class-diagnostic-data.php:115

actionadmin_noticesadmin\class-rating-notice.php:49

actionadmin_footeradmin\class-rating-notice.php:50

filterwp_prepare_attachment_for_jsadmin\cmb2\includes\CMB2.php:1558

actionadmin_enqueue_scriptsadmin\cmb2\includes\CMB2.php:1576

actioncmb2_save_options-page_fieldsadmin\cmb2\includes\CMB2_Ajax.php:54

filterget_post_metadataadmin\cmb2\includes\CMB2_Ajax.php:147

filterupdate_post_metadataadmin\cmb2\includes\CMB2_Ajax.php:150

filtercmb2_show_onadmin\cmb2\includes\CMB2_Hookup.php:79

actionedit_form_topadmin\cmb2\includes\CMB2_Hookup.php:115

actionedit_form_before_permalinkadmin\cmb2\includes\CMB2_Hookup.php:119

actionedit_form_after_titleadmin\cmb2\includes\CMB2_Hookup.php:123

actionedit_form_after_editoradmin\cmb2\includes\CMB2_Hookup.php:127

actionadd_meta_boxesadmin\cmb2\includes\CMB2_Hookup.php:131

actionadd_meta_boxesadmin\cmb2\includes\CMB2_Hookup.php:134

actionadd_attachmentadmin\cmb2\includes\CMB2_Hookup.php:135

actionedit_attachmentadmin\cmb2\includes\CMB2_Hookup.php:136

actionsave_postadmin\cmb2\includes\CMB2_Hookup.php:137

actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:144

actionadd_meta_boxes_commentadmin\cmb2\includes\CMB2_Hookup.php:152

actionedit_commentadmin\cmb2\includes\CMB2_Hookup.php:153

filtermanage_edit-comments_columnsadmin\cmb2\includes\CMB2_Hookup.php:156

actionmanage_comments_custom_columnadmin\cmb2\includes\CMB2_Hookup.php:157

filtermanage_edit-comments_sortable_columnsadmin\cmb2\includes\CMB2_Hookup.php:158

actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:159

actionshow_user_profileadmin\cmb2\includes\CMB2_Hookup.php:168

actionedit_user_profileadmin\cmb2\includes\CMB2_Hookup.php:169

actionuser_new_formadmin\cmb2\includes\CMB2_Hookup.php:170

actionpersonal_options_updateadmin\cmb2\includes\CMB2_Hookup.php:172

actionedit_user_profile_updateadmin\cmb2\includes\CMB2_Hookup.php:173

actionuser_registeradmin\cmb2\includes\CMB2_Hookup.php:174

filtermanage_users_columnsadmin\cmb2\includes\CMB2_Hookup.php:177

filtermanage_users_custom_columnadmin\cmb2\includes\CMB2_Hookup.php:178

filtermanage_users_sortable_columnsadmin\cmb2\includes\CMB2_Hookup.php:179

actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:180

actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:226

actioncreated_termadmin\cmb2\includes\CMB2_Hookup.php:230

actionedited_termsadmin\cmb2\includes\CMB2_Hookup.php:231

actiondelete_termadmin\cmb2\includes\CMB2_Hookup.php:232

actioncmb2_do_oembedadmin\cmb2\includes\helper-functions.php:131

filteris_protected_metaadmin\cmb2\includes\rest-api\CMB2_REST.php:144

actioninitadmin\cmb2\init.php:131

filtermanage_ihafs_script_posts_columnsadmin\functions.php:4

actionmanage_ihafs_script_posts_custom_columnadmin\functions.php:20

actionadmin_menuadmin\recommended-plugins\class.recommended-plugins.php:80

actionadmin_enqueue_scriptsadmin\recommended-plugins\class.recommended-plugins.php:81

actioninitinc\custom-posts.php:73

filteruser_has_capinc\custom-posts.php:87

actioncmb2_render_select_multipleinc\metabox-multiple-select.php:29

filtercmb2_sanitize_select_multipleinc\metabox-multiple-select.php:42

actioncmb2_meta_boxesinc\metabox.php:44

actioninitinit.php:33

actionadmin_headinit.php:39

actioncmb2_admin_initinit.php:75

actioninitinit.php:90

actionadmin_menuinit.php:94

actionadmin_footerinit.php:103

actionadmin_enqueue_scriptsinit.php:126

actionadmin_footerinit.php:142

actionwp_headinit.php:154

actionwp_footerinit.php:181

actionwp_body_openinit.php:208

Maintenance & Trust

Insert Headers and Footers Code – HT Script Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version

Downloads102K

Community Trust

Rating100/100

Number of ratings8

Active installs7K

Alternatives

Insert Headers and Footers Code – HT Script Alternatives

Insert Headers And Footers

wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Tag Manager – Header, Body And Footer

tag-manager-header-body-footer

100

Simple plugin that allow you add head, body and footer codes for google tag manager, analytics & facebook pixel codes.

30K No CVEs

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

Track GA4 Analytics, Google Ads, Microsoft Ads, & Conversion with server-side tracking (CAPI) & product feed to improve ROAS, reports for WooCommerce.

10K 10 CVEs

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels

pixel-manager-for-woocommerce

100

Pixel Tag Manager for WooCommerce is a powerful plugin to monitor eCommerce events with seamless integration. Track Google Analytics 4, Google Ads, Bi …

3K No CVEs

Developer Profile

Insert Headers and Footers Code – HT Script Developer Profile

HT Plugins

23 plugins · 64K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect Insert Headers and Footers Code – HT Script

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/insert-headers-and-footers-script/assets/css/backend.css/wp-content/plugins/insert-headers-and-footers-script/assets/css/frontend.css/wp-content/plugins/insert-headers-and-footers-script/assets/js/backend.js/wp-content/plugins/insert-headers-and-footers-script/assets/js/frontend.js

Script Paths

/wp-content/plugins/insert-headers-and-footers-script/assets/js/backend.js/wp-content/plugins/insert-headers-and-footers-script/assets/js/frontend.js

Version Parameters

insert-headers-and-footers-script/assets/css/backend.css?ver=insert-headers-and-footers-script/assets/css/frontend.css?ver=insert-headers-and-footers-script/assets/js/backend.js?ver=insert-headers-and-footers-script/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

hastech-review-notice-wraphastech-rating-notice-logohastech-review-notice-contenthastech-review-notice-action

Data Attributes

data-already-did

JS Globals

HTScript_Notices

FAQ