Does Insert Html Snippet have any unpatched vulnerabilities?

No. All known vulnerabilities in Insert Html Snippet have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Insert Html Snippet compatible with WordPress 6.8.5?

According to WordPress.org data, Insert Html Snippet 1.4.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Insert Html Snippet updated?

Insert Html Snippet was last updated on Oct 23, 2025. Frequent updates are generally a positive security signal.

What is Insert Html Snippet's security score?

Insert Html Snippet has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Insert Html Snippet Security & Risk Analysis

wordpress.org/plugins/insert-html-snippet

Add HTML, CSS and javascript code to your pages and posts easily using shortcodes.

20K active installs v1.4.3 PHP + WP 5.0+ Updated Oct 23, 2025

add-htmlinsert-addthis-codeinsert-adsinsert-adsenseinsert-html

A · Safe

CVEs total1

Unpatched0

Last CVENov 29, 2016

Plugin page Download

Safety Verdict

Is Insert Html Snippet Safe to Use in 2026?

Generally Safe

Score 100/100

Insert Html Snippet has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 29, 2016Updated 5mo ago

Risk Assessment

The "insert-html-snippet" plugin version 1.4.4 exhibits a mixed security posture. On the positive side, there are no reported critical or high severity vulnerabilities in its history, and the static analysis did not reveal any critical or high severity taint flows or dangerous functions. The plugin also demonstrates good practices with a significant number of nonce checks and capability checks, and the majority of its SQL queries utilize prepared statements, reducing the risk of SQL injection.

However, there are notable areas of concern. The presence of an unprotected AJAX handler significantly increases the attack surface. Furthermore, the code analysis indicates that only 37% of output is properly escaped, leaving room for potential Cross-Site Scripting (XSS) vulnerabilities, which is corroborated by its past vulnerability history including a medium severity XSS issue. The plugin's single known CVE, although patched, was for XSS, suggesting a historical susceptibility to this type of vulnerability. The limited number of capability checks in conjunction with an unprotected AJAX endpoint is a significant weakness.

In conclusion, while the plugin has made efforts to secure its codebase through prepared statements and nonce checks, the unprotected AJAX handler and poor output escaping practices present real risks. The historical XSS vulnerability further emphasizes the need for vigilance in sanitizing user inputs and ensuring all entry points are properly authenticated and authorized.

Key Concerns

Unprotected AJAX handler present
Low percentage of output properly escaped
One medium severity vulnerability in history (XSS)
Limited capability checks (3)

Vulnerabilities

Insert Html Snippet Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-71aeca29-a9bd-42c0-8150-814b79e931fa-insert-html-snippetmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Insert Html Snippet <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 29, 2016 Patched in 1.2.1 (2611d)

Code Analysis

Analyzed Mar 16, 2026

Insert Html Snippet Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

144

86 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

70% prepared44 total queries

Output Escaping

37% escaped230 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

<header> (admin\header.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Insert Html Snippet Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_ihs_backlinkajax-handler.php:6

authwp_ajax_xyz_ihs_sync_usageajax-handler.php:23

Shortcodes 1

[xyz-ihs] shortcode-handler.php:8

WordPress Hooks 21

actionadmin_initadd_shortcode_tynimce.php:5

filtermce_buttonsadd_shortcode_tynimce.php:12

filtermce_external_pluginsadd_shortcode_tynimce.php:13

actionadmin_noticesadmin\admin-notices.php:75

actionadmin_menuadmin\menu.php:10

actionadmin_enqueue_scriptsadmin\menu.php:89

filterquery_varsdirect_call.php:9

actionparse_requestdirect_call.php:20

actionwp_footerinsert-html-snippet.php:59

actionadmin_initinsert-html-snippet.php:66

actionadmin_enqueue_scriptsinsert-html-snippet.php:89

actionadmin_footerinsert-html-snippet.php:92

actionsave_postinsert-html-snippet.php:112

actionbefore_delete_postinsert-html-snippet.php:127

actionadmin_headshortcode-handler.php:20

actionadmin_footershortcode-handler.php:30

actionwp_headshortcode-handler.php:41

actionwp_footershortcode-handler.php:52

filterwidget_textshortcode-handler.php:137

actionwidgets_initwidget.php:96

filterplugin_row_metaxyz-functions.php:67

Maintenance & Trust

Insert Html Snippet Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 23, 2025

PHP min version

Downloads648K

Community Trust

Rating98/100

Number of ratings235

Active installs20K

Alternatives

Insert Html Snippet Alternatives

WP Simple Adsense Insertion

wordpress-plugin-for-simple-google-adsense-insertion

Easy to use Wordpress plugin to insert Google Adsense to your posts, pages and sidebar.

3K 1 CVE

XT-Easy-Google-Adsense-Injection

xt-easy-google-adsense-injection

Quickly and efficiently insert Google Adsense or Affiliate adverts to your posts, pages and sidebar with this easy to use Wordpress plugin.

10 No CVEs

html after URL

html-after-url

Plugin is used to add .html after every URL of page

4K No CVEs

CM Header and Footer – Add custom scripts and styles to your header and footer with ease

cm-header-footer-script-loader

Add custom CSS and JavaScript to headers and footers on your site with the header and footer plugin for enhanced control and design.

1K 1 CVE

Append extensions on Pages

append-extensions-on-pages

This plugin helps to appends .html or .asp or .htm etc on the wordpress pages when used with permalink.

900 1 unpatched

Developer Profile

Insert Html Snippet Developer Profile

f1logic

15 plugins · 142K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

352 days

View full developer profile

Detection Fingerprints

How We Detect Insert Html Snippet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/insert-html-snippet/images/logo.png

Script Paths

/wp-content/plugins/insert-html-snippet/js/admin.js

Version Parameters

insert-html-snippet/css/admin.css?ver=insert-html-snippet/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

xyz-ihs-modal-overlayxyz-ihs-modal-boxxyz-ihs-modal-buttonsxyz-ihs-proceed-deactivatexyz-ihs-cancel-deactivate

HTML Comments

Data Attributes

data-xyz-ihs-shortcode-id

JS Globals

xyz_ihs_shortcode_id

Shortcode Output

[xyz-ihs-snippet id="[xyz-ihs-snippet]

FAQ