WP-Safety

Lenix scss compiler Security & Risk Analysis

wordpress.org/plugins/lenix-scss-compiler

An excellent way to write Scss in wordpress

800 active installs v1.2 PHP + WP 3.8+ Updated May 21, 2022
compilercsslocal-compilersassscss
42
D · High Risk
CVEs total2
Unpatched2
Last CVESep 26, 2025
Plugin page Download
Safety Verdict

Is Lenix scss compiler Safe to Use in 2026?

High Risk

Score 42/100

Lenix scss compiler carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Sep 26, 2025Updated 3yr ago
Risk Assessment

The "lenix-scss-compiler" v1.2 plugin presents a mixed security picture. On the positive side, the static analysis reveals a zero attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events, with no identified unprotected entry points. Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests, suggesting good practices in these areas.

However, significant concerns arise from the presence of dangerous functions like "unserialize" and "assert," which can be exploited if user-controlled data is passed to them without proper sanitization. While taint analysis found no explicit flows, the "unserialize" function itself is a known risk vector. The output escaping is also only at 67%, indicating a potential for stored or reflected cross-site scripting vulnerabilities in the remaining 33% of outputs.

The plugin's vulnerability history is a major red flag, with two known medium-severity CVEs that remain unpatched. The fact that these vulnerabilities were related to Cross-Site Scripting and Cross-Site Request Forgery suggests a pattern of insecure handling of user input or insufficient protection against malicious actions. The last vulnerability was also very recent, indicating ongoing security issues. While the plugin has a limited attack surface, the unpatched vulnerabilities and the presence of dangerous functions necessitate immediate attention to mitigate risks.

Key Concerns

  • Unpatched CVEs (2)
  • Dangerous functions (unserialize, assert)
  • Output escaping at 67%
  • No nonce checks
  • No capability checks
Vulnerabilities
2

Lenix scss compiler Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-60144medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lenix scss compiler <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 26, 2025Unpatched
CVE-2025-60145medium · 4.3Cross-Site Request Forgery (CSRF)

Lenix scss compiler <= 1.2 - Cross-Site Request Forgery

Sep 26, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Lenix scss compiler Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
0 prepared
Unescaped Output
8
16 escaped
Nonce Checks
0
Capability Checks
0
File Operations
17
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$c = unserialize($c);scssphp\src\Cache.php:136
unserialize$value = unserialize($value);scssphp\src\Compiler.php:784
assertassert($selfParent !== null, 'at-root blocks must have a selfParent set.');scssphp\src\Compiler.php:1433
assertassert(!empty($parsedPrototypes));scssphp\src\Compiler.php:6275
assertassert(\is_string($arg[0][1]));scssphp\src\Compiler.php:6573
assertassert(\is_string($name));scssphp\src\Compiler.php:6598
assertassert($originalRestArgumentName !== null);scssphp\src\Compiler.php:6730
assertassert($default !== null);scssphp\src\Compiler.php:6751
assertassert(! empty($block->selectors));scssphp\src\Formatter\Compressed.php:72
assertassert(! empty($block->selectors));scssphp\src\Formatter\Crunched.php:74
assertassert(! empty($block->selectors));scssphp\src\Formatter.php:168

Output Escaping

67% escaped24 total outputs
Attack Surface

Lenix scss compiler Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actioninitlenix-scss-compiler.php:18
actionadmin_menuoptions.php:7
actionadmin_initoptions.php:8
filterlenix_force_recompileoptions.php:304
filterlenix_disable_recompileoptions.php:313
filterplugin_action_linksoptions.php:323
Maintenance & Trust

Lenix scss compiler Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMay 21, 2022
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings3
Active installs800
Alternatives

Lenix scss compiler Alternatives

Sass To CSS Compiler

Sass To CSS Compiler

sass-to-css-compiler

A
100

Compile Your Theme-Plugin Sass (.scss) files to .css on the fly.

10 No CVEs
WP-SCSS

WP-SCSS

wp-scss

A
100

Compiles .scss files to .css and enqueues them.

40K No CVEs
Instant CSS

Instant CSS

instant-css

B
84

Write your styles beautifully with the power of Visual Studio Code

4K 2 CVEs
WP Compiler

WP Compiler

wp-compiler

C
63

Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools.

1K 1 unpatched
SCSS-4-WP

SCSS-4-WP

scss-4-wp

A
85

Use ScssPhp. to compile scss files on your wordpress install into a single lightweight CSS file. There is an included settings page for configuring d &hellip;

20 No CVEs
Developer Profile

Lenix scss compiler Developer Profile

yonifre

6 plugins · 41K total installs

76
trust score
Avg Security Score
83/100
Avg Patch Time
85 days
View full developer profile
Detection Fingerprints

How We Detect Lenix scss compiler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lenix-scss-compiler/css/lenix-scss-compiler.css/wp-content/plugins/lenix-scss-compiler/js/lenix-scss-compiler.js
Script Paths
/wp-content/plugins/lenix-scss-compiler/js/lenix-scss-compiler.js
Version Parameters
lenix-scss-compiler/css/lenix-scss-compiler.css?ver=lenix-scss-compiler/js/lenix-scss-compiler.js?ver=

HTML / DOM Fingerprints

JS Globals
lenix_scss_compiler
FAQ

Frequently Asked Questions about Lenix scss compiler