JS File Selector Security & Risk Analysis
wordpress.org/plugins/js-file-selectorSelect Javascript files and/or write Javascript functions to any single page or post
Is JS File Selector Safe to Use in 2026?
Generally Safe
Score 85/100JS File Selector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "js-file-selector" v1.0.3 plugin exhibits a generally positive security posture, demonstrating good practices in several key areas. The static analysis reveals no identified attack surface points, a complete absence of dangerous functions, and all SQL queries utilizing prepared statements, which significantly mitigates SQL injection risks. Furthermore, the presence of nonce and capability checks indicates an effort to secure its operations. The vulnerability history is clean, with no known CVEs, suggesting a lack of historical security weaknesses.
However, a notable concern arises from the output escaping. With only 25% of outputs properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This is particularly concerning as it is a common and impactful vulnerability type. The limited number of analyzed flows in the taint analysis (only 1) and the absence of critical or high severity flows do not entirely alleviate this concern, as a single unescaped output can be sufficient for an XSS attack.
In conclusion, while the plugin benefits from a clean vulnerability history and a lack of exploitable entry points in its current state, the inadequate output escaping presents a tangible and significant security risk. This weakness, coupled with the limited scope of the taint analysis, means careful attention should be paid to how data is handled before being outputted to the user.
Key Concerns
- Low output escaping (25%)
JS File Selector Security Vulnerabilities
JS File Selector Code Analysis
Output Escaping
Data Flow Analysis
JS File Selector Attack Surface
WordPress Hooks 8
Maintenance & Trust
JS File Selector Maintenance & Trust
Maintenance Signals
Community Trust
JS File Selector Alternatives
Insert JS or CSS in post via Custom Field
insert-js-or-css-in-post-via-custom-field
This plugin will insert urls of JavaScript or CSS stylesheet files added into a particular posts or page via Custom Fields.
Insert JavaScript and CSS
insert-javascript-css
Adds fields to the post and page edit pages that allow you to insert custom JavaScript or CSS for that post or page.
Page Specific Scripts
page-specific-scripts
Simple and easy to use wordpress plugin to add jQuery/JS Scripts only to specific pages.
Specific CSS/JS for Posts and Pages
specific-cssjs-for-posts-and-pages
With Specific CSS/JS for Posts and Pages you can add CSS or JavaScript files to a specific page or post.
Sortable Posts
sortable-posts
Sortable Posts is a small plugin for WordPress that adds sortability to post types and taxonomies from the admin panel.
JS File Selector Developer Profile
2 plugins · 40 total installs
How We Detect JS File Selector
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/js-file-selector/inc/css/jsfileselector.css/wp-content/plugins/js-file-selector/inc/js/jsfileselector.js/wp-content/plugins/js-file-selector/inc/js/jsfileselector.jsjs-file-selector/style.css?ver=js-file-selector/script.js?ver=HTML / DOM Fingerprints
js-file-select-divjs-file-selector-row<!-- js File Selector (Javascript functions) -->name="gil_js_file_selector_file[]"name="js-file-selector-position-name="gil_js_file_selector_functions"name="js-file-selector-functions-position"id="js-file-selector-functions"