[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMpEe1t6W5nfD4XLsQJXDanAzrkJ4s02Wwg3zEMaT0KM":3,"$fa-XgxN9ZebXRbnJliFsNlwdJUGlOUvdOfian4nQzRzw":473,"$fmQGydh4cmK3NPXeDLRRpnjza4KHl4kEi1lARXZ0XAV0":478},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":66,"crawl_stats":39,"alternatives":74,"analysis":188,"fingerprints":455},"luckywp-scripts-control","LuckyWP Scripts Control","1.2.5","LuckyWP","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheluckywp\u002F","\u003Cp>The “LuckyWP Scripts Control” plugin allows you to insert and manage custom code into website. For example, you can insert Google Analytics code, Google Search Console verification meta tag, Facebook pixel, custom CSS\u002FJS and other code without edit theme files.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Great user interface: simple and functionally.\u003C\u002Fli>\n\u003Cli>Insert code before \u003Ccode>\u003C\u002Fhead>\u003C\u002Fcode>, after \u003Ccode>\u003Cbody>\u003C\u002Fcode> or before \u003Ccode>\u003C\u002Fbody>\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Items sortable.\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Google Analytics\u003C\u002Fstrong> code.\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Google Verification\u003C\u002Fstrong> meta tag.\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Google Tag Manager\u003C\u002Fstrong> code.\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Facebook pixel\u003C\u002Fstrong> code.\u003C\u002Fli>\n\u003Cli>Add custom meta tags.\u003C\u002Fli>\n\u003Cli>Add custom JS\u002FCSS\u002FHTML code.\u003C\u002Fli>\n\u003Cli>RTL support.\u003C\u002Fli>\n\u003C\u002Ful>\n","A great way to insert and manage custom code (CSS, JS, meta tags, etc.) into website before \u003C\u002Fhead>, after \u003Cbody> or before \u003C\u002Fbody>.",4000,34500,96,39,"2025-06-09T13:01:00.000Z","6.8.5","4.7","5.6.20",[20,21,22,23,24],"css","custom-code","insert","js","script","https:\u002F\u002Ftheluckywp.com\u002Fproduct\u002Fscripts-control\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.2.5.zip",99,2,0,"2023-11-14 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,52],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-47778","luckywp-scripts-control-missing-authorization","LuckyWP Scripts Control \u003C= 1.2.1  - Missing Authorization","The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the \u002Fadmin\u002Fcontrollers\u002FItemController.php file in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.",null,"\u003C=1.2.1","1.2.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-10-18 13:49:06",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F51c42ca2-cdba-49f5-bea2-83c9b8cf0db7?source=api-prod",340,[],false,{"id":53,"url_slug":54,"title":55,"description":56,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64,"patch_diff_files":65,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-29239","luckywp-scripts-control-cross-site-request-forgery","LuckyWP Scripts Control \u003C= 1.2.1 - Cross-Site Request Forgery","The LuckyWP Scripts Control plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on several functions in the \u002Fadmin\u002Fcontrollers\u002FItemController.php file. This makes it possible for unauthenticated attackers to add, edit, delete, enable, disable, and sort items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Cross-Site Request Forgery (CSRF)","2023-08-28 00:00:00","2024-10-18 13:50:15",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3?source=api-prod",418,[],{"slug":67,"display_name":7,"profile_url":8,"plugin_count":68,"total_installs":69,"avg_security_score":70,"avg_patch_time_days":71,"trust_score":72,"computed_at":73},"theluckywp",5,119200,93,174,74,"2026-05-19T19:28:48.806Z",[75,99,124,147,168],{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":28,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":96,"download_link":97,"security_score":98,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"wpc-insert-code","Insert Code by Angie Makes","1.2","Chris Baldelomar","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbaldelomar\u002F","\u003Cp>This plugin makes it easy for you to add custom scripts to the head and footer sections of your site. A theme can also add theme support to enable the insert of custom code (HTML, Javascript, and CSS) at the top of a page, above header, below header, above content, and below content.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fhallie.angiemakes.com\u002Fad-spots\u002F\" rel=\"nofollow ugc\">Live Demo & Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Easily insert HTML, Javascript, CSS, into the head and footer areas of your site.",900,26344,100,"2017-05-10T16:44:00.000Z","4.7.33","3.9.1","",[91,92,93,94,95],"html","insert-css","insert-html","insert-javascript","insert-js","http:\u002F\u002Fangiemakes.com\u002Ffeminine-wordpress-blog-themes-women\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpc-insert-code.zip",85,{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":29,"last_vuln_date":123,"fetched_at":31},"insert-php","Woody Code Snippets – Insert PHP, CSS, JS, and Header\u002FFooter Scripts","2.7.2","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Woody Code Snippets is a WordPress plugin that helps you insert code into your site without editing theme files.\u003C\u002Fp>\n\u003Cp>Many WordPress users still add PHP, JavaScript, CSS, tracking pixels, or ad scripts directly into functions.php, header.php, or footer.php. This approach breaks easily when themes update and becomes hard to manage as your site grows.\u003C\u002Fp>\n\u003Cp>Woody solves this by giving you a centralized code snippet manager where you can safely add header scripts, footer scripts, PHP snippets, custom CSS, JavaScript, and HTML from the WordPress admin.\u003C\u002Fp>\n\u003Cp>You can use Woody as a header and footer code manager, a PHP snippet plugin, or a way to reuse content and scripts across your site using shortcodes or automatic insertion.\u003C\u002Fp>\n\u003Cp>Each snippet can be enabled or disabled instantly, placed in specific locations like before content or after paragraphs, and shown only when certain conditions are met.\u003C\u002Fp>\n\u003Ch3>Quick Links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Fcollection\u002F2410-woody-code-snippets\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003C\u002Fp>\n\u003Cp>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finsert-php\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Community help and expert support\u003C\u002Fp>\n\u003Cp>⭐ \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock advanced features and priority support\u003C\u002Fp>\n\u003Ch3>What Problems Does Woody Solve?\u003C\u002Fh3>\n\u003Cp>Woody is built for real WordPress workflows. It helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert code into headers and footers without editing theme files\u003C\u002Fli>\n\u003Cli>Add analytics scripts, tracking pixels, and ad code safely\u003C\u002Fli>\n\u003Cli>Manage PHP snippets without touching functions.php\u003C\u002Fli>\n\u003Cli>Reuse scripts and content across pages using shortcodes\u003C\u002Fli>\n\u003Cli>Control where code runs using placement rules and conditions\u003C\u002Fli>\n\u003Cli>Enable, disable, or roll back snippets without breaking your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you are building client sites, running marketing experiments, or maintaining your own project, Woody gives you control without unnecessary complexity.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cp>Woody lets you create code snippets and control where and when they run, all from the WordPress admin.\u003C\u002Fp>\n\u003Ch4>Example #1\u003C\u002Fh4>\n\u003Cp>Create a JavaScript snippet and add your analytics or tracking code.\u003Cbr \u002F>\nPlace it in the site header and add a condition to exclude administrators so your own visits are not tracked.\u003C\u002Fp>\n\u003Ch4>Example #2\u003C\u002Fh4>\n\u003Cp>Create a text snippet with reusable content or a shortcode.\u003Cbr \u002F>\nAdd conditions to show it only to logged-in users, then insert it anywhere using the snippet shortcode or automatic placement rules.\u003C\u002Fp>\n\u003Cp>This makes it easy to manage repeated logic and content without editing theme files.\u003C\u002Fp>\n\u003Ch3>Who Should Use Woody Code Snippets\u003C\u002Fh3>\n\u003Cp>Woody is designed for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Developers who want a structured way to manage custom code\u003C\u002Fli>\n\u003Cli>Marketers adding analytics, ads, and tracking scripts\u003C\u002Fli>\n\u003Cli>Solopreneurs who want flexibility without editing theme files\u003C\u002Fli>\n\u003Cli>Agencies managing multiple sites and shared snippets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you regularly need to insert code into WordPress, Woody fits naturally into your workflow.\u003C\u002Fp>\n\u003Ch3>Supported Snippet Types\u003C\u002Fh3>\n\u003Cp>Woody supports multiple snippet types, so you can manage all custom code in one place. You can create:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>PHP snippets\u003C\u002Fstrong> for functions, hooks, classes, and global variables\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript snippets\u003C\u002Fstrong> for analytics, integrations, and interactive features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSS snippets\u003C\u002Fstrong> to add custom styles without editing theme files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTML snippets\u003C\u002Fstrong> for markup and layout elements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Text snippets\u003C\u002Fstrong> using the WordPress editor for reusable content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad snippets\u003C\u002Fstrong> for ads and banners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal snippets\u003C\u002Fstrong> that combine PHP, HTML, CSS, and JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why do you need this plugin?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Insert Google AdSense Ads, Amazon Native Shopping Contextual Ads, Yandex Direct Ads, Media.net on your website.\u003C\u002Fli>\n\u003Cli>Insert Google Analytic Tracking code, Yandex Metrika Tracking Code, Yandex Counter to Header, Footer.\u003C\u002Fli>\n\u003Cli>Insert PHP Code Snippets and execute on your website. Register PHP functions, classes, global variables everywhere.\u003C\u002Fli>\n\u003Cli>Insert Social media widgets, add any external resources widgets.\u003C\u002Fli>\n\u003Cli>Insert Facebook Pixels, Facebook Scripts, Facebook og:image Tag, Google Conversion Pixels, Vk Pixels.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Header and Footer Code Management\u003C\u002Fh3>\n\u003Cp>Woody works as a full header and footer code manager.\u003C\u002Fp>\n\u003Cp>You can insert snippets:\u003Cbr \u002F>\n– Into the site header before the closing  tag\u003Cbr \u002F>\n– Into the site footer before the closing  tag\u003C\u002Fp>\n\u003Cp>Common examples include analytics scripts, tracking pixels, verification tags, and global JavaScript or CSS.\u003C\u002Fp>\n\u003Ch3>Advanced Placement Options\u003C\u002Fh3>\n\u003Cp>Beyond headers and footers, Woody lets you insert snippets into specific locations.\u003C\u002Fp>\n\u003Cp>You can place code:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Before or after post or page content  \u003C\u002Fli>\n\u003Cli>Before or after a specific paragraph  \u003C\u002Fli>\n\u003Cli>Before or after a post  \u003C\u002Fli>\n\u003Cli>Inside archives, categories, and taxonomy pages  \u003C\u002Fli>\n\u003Cli>Between posts on archive pages  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Pages\u003C\u002Fh4>\n\u003Cp>Woody supports automatic snippet placement on WooCommerce pages.\u003C\u002Fp>\n\u003Cp>You can insert snippets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Before or after the product list  \u003C\u002Fli>\n\u003Cli>Before or after a single product  \u003C\u002Fli>\n\u003Cli>Before or after the single product summary  \u003C\u002Fli>\n\u003Cli>After the product title, price, or excerpt  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Common use cases include conversion tracking, promotional banners, custom JavaScript, and trust notices.\u003C\u002Fp>\n\u003Ch3>Shortcodes and Reusable Content\u003C\u002Fh3>\n\u003Cp>Woody supports shortcodes so you can insert snippets exactly where you need them. You can place snippets inside posts, pages, widgets, and page builders.\u003C\u002Fp>\n\u003Cp>With \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_shortcode\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>, you can define custom shortcode names that are readable and portable across sites.\u003C\u002Fp>\n\u003Ch3>Conditional Logic for Code Snippets\u003C\u002Fh3>\n\u003Cp>Woody allows you to control when a snippet is displayed.\u003C\u002Fp>\n\u003Cp>[FREE] Available in the free version:\u003Cbr \u002F>\n– User role and registration date\u003Cbr \u002F>\n– Page, post type, or taxonomy\u003Cbr \u002F>\n– Referrer or cookie value\u003C\u002Fp>\n\u003Cp>[PRO] Advanced conditions available in \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_conditions\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>:\u003Cbr \u002F>\n– Device type, browser, and operating system\u003Cbr \u002F>\n– JavaScript availability or ad blocker detection\u003Cbr \u002F>\n– User country, visit depth, time of day, and total visits\u003C\u002Fp>\n\u003Cp>Conditions can be combined using AND and OR logic.\u003C\u002Fp>\n\u003Cp>Unlock advanced conditions with \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_conditions\" rel=\"nofollow ugc\">Woody Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Snippet Management and Organization\u003C\u002Fh3>\n\u003Cp>Woody includes features to keep snippets organized and easy to manage.\u003C\u002Fp>\n\u003Cp>You can:\u003Cbr \u002F>\n– Enable or disable snippets instantly\u003Cbr \u002F>\n– Control execution order using priorities\u003Cbr \u002F>\n– Tag and clone snippets\u003Cbr \u002F>\n– Import and export snippets between sites\u003C\u002Fp>\n\u003Ch3>Code Revisions and Rollback [PRO]\u003C\u002Fh3>\n\u003Cp>With \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_restore\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>, Woody automatically saves snippet revisions. You can view previous versions, compare changes, and restore earlier revisions if something goes wrong.\u003C\u002Fp>\n\u003Cp>This adds an extra layer of safety when working with custom code.\u003C\u002Fp>\n\u003Ch3>Cloud Templates and Sync [PRO]\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_cloud\" rel=\"nofollow ugc\">Woody Pro\u003C\u002Fa> includes cloud-based snippet templates.\u003C\u002Fp>\n\u003Cp>You can save snippets as templates and reuse them across multiple sites, which is especially useful for agencies and developers managing repeated setups.\u003C\u002Fp>\n\u003Ch3>Settings and Developer Options\u003C\u002Fh3>\n\u003Cp>Woody includes advanced settings for fine-grained control.\u003C\u002Fp>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Preserve HTML entities without automatic conversion  \u003C\u002Fli>\n\u003Cli>Execute shortcodes inside snippets  \u003C\u002Fli>\n\u003Cli>Enable error email notifications  \u003C\u002Fli>\n\u003Cli>Automatically activate snippets on save  \u003C\u002Fli>\n\u003Cli>Fully remove plugin data on uninstall  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Code Editor\u003C\u002Fh4>\n\u003Cp>The built-in editor includes:\u003Cbr \u002F>\n– Syntax highlighting and line numbers\u003Cbr \u002F>\n– Configurable indentation and tab size\u003Cbr \u002F>\n– Optional line wrapping\u003Cbr \u002F>\n– Automatic bracket and quote closing\u003Cbr \u002F>\n– Highlighting of matching variables and functions\u003C\u002Fp>\n\u003Ch3>Use This Plugin Responsibly\u003C\u002Fh3>\n\u003Cp>Woody allows you to run custom PHP, JavaScript, and CSS on your site. Always make sure you understand the code you add. Using unverified or outdated scripts may affect site security or stability. On multisite installations, only trusted administrators should have access to snippet creation.\u003C\u002Fp>\n\u003Cp>Woody includes safeguards such as snippet disabling, revisions, and error notifications, but it cannot validate third-party code you choose to run.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finsert-php\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>, and we will be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Learn how to make the most of Woody with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Fcollection\u002F2410-woody-code-snippets\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Woody is backed by \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody\" rel=\"nofollow ugc\">Themeisle\u003C\u002Fa>, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Insert PHP, JavaScript, CSS, HTML, ads, and tracking code into WordPress headers, footers, pages, and content using conditional logic, without editing &hellip;",60000,1718294,90,221,"2026-01-27T15:40:00.000Z","6.9.4","5.6","7.0",[116,21,117,100,118],"code-snippets","header-footer-scripts","snippet","https:\u002F\u002Fwoodysnippet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finsert-php.2.7.2.zip",82,8,"2026-03-23 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":89,"tags":139,"homepage":145,"download_link":146,"security_score":98,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"bwp-minify","Better WordPress Minify","1.3.3","Khang Minh","https:\u002F\u002Fprofiles.wordpress.org\u002Foddoneout\u002F","\u003Cp>Allows you to combine and minify your CSS and JS files to improve page load time. This plugin uses the PHP library \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fp\u002Fminify\u002F\" rel=\"nofollow ugc\">Minify\u003C\u002Fa> and relies on WordPress’s enqueueing system rather than the output buffer, which respects the order of CSS and JS files as well as their dependencies. BWP Minify is very customizable and easy to use.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Useful resources to help you get started and make the most out of BWP Minify\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-minify\u002F#usage\" rel=\"nofollow ugc\">Official Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-minify-javascript-css\u002F\" rel=\"nofollow ugc\">WordPress Minify Best Practices\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Some Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses enqueueing system of WordPress which improves compatibility with other plugins and themes\u003C\u002Fli>\n\u003Cli>Allows you to move enqueued files to desired locations (header, footer, oblivion, etc.) via a dedicated management page\u003C\u002Fli>\n\u003Cli>Allows you to change various Minify settings (cache directory, cache age, debug mode, etc.) directly in admin\u003C\u002Fli>\n\u003Cli>Allows you to use friendly Minify urls, such as \u003Ccode>http:\u002F\u002Fexample.com\u002Fpath\u002Fto\u002Fcache\u002Fsomestring.js\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Allows you to use CDN for minified contents, one CDN host for JS and one for CSS with SSL support\u003C\u002Fli>\n\u003Cli>Allows you to split long Minify strings into shorter ones\u003C\u002Fli>\n\u003Cli>Offers various way to add a cache buster to your minify string such as WordPress’s version, Theme’s version, Cache folder’s last modified timestap, etc.\u003C\u002Fli>\n\u003Cli>Supports script localization (\u003Ccode>wp_localize_script()\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Supports inline styles\u003C\u002Fli>\n\u003Cli>Supports RTL stylesheets\u003C\u002Fli>\n\u003Cli>Supports media-specific stylesheets (e.g. ‘screen’, ‘print’, etc.)\u003C\u002Fli>\n\u003Cli>Supports conditional stylesheets (e.g. \u003Ccode>\u003C!--[if lt IE 7]>\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Provides hooks for further customization\u003C\u002Fli>\n\u003Cli>WordPress Multi-site compatible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please don’t forget to rate this plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fbwp-minify?filter=5\" rel=\"ugc\">5 shining stars\u003C\u002Fa> if you like it, thanks!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get in touch\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support is provided via \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fcommunity\u002F\" rel=\"nofollow ugc\">BetterWP.net Community\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Follow and contribute to development via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FOddOneOut\u002FBetter-WordPress-Minify\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>You can also follow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002F0dd0ne0ut\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out \u003Ca href=\"http:\u002F\u002Ffeeds.feedburner.com\u002FBetterWPnet\" rel=\"nofollow ugc\">latest WordPress Tips and Ideas\u003C\u002Fa> from BetterWP.net.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO) – Thanks to \u003Ca href=\"www.enjoyprepaid.com\" rel=\"nofollow ugc\">Luke Tyler, International Calling Cards\u003C\u002Fa>!\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) – Thanks to Hakan E\u003C\u002Fli>\n\u003Cli>French (fr_FR) – Thanks to Sebastien\u003C\u002Fli>\n\u003Cli>Italian (it_IT) – Thanks to Gabriele – http:\u002F\u002Fcookspot.it\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) –  Thanks to Ruben Hernandez – http:\u002F\u002Fusitility.com\u002F\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) – Thanks to Martijn van Egmond\u003C\u002Fli>\n\u003Cli>German (de_DE) – Thanks to Matthias\u003C\u002Fli>\n\u003Cli>Serbo-Croatian (sr_RS) – Thanks to Borisa Djuraskovic – \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\u002F\" rel=\"nofollow ugc\">Web Hosting Hub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Indonesian (id_ID) – Thanks to Nasrulhaq Muiz – http:\u002F\u002Fal-badar.net\u003C\u002Fli>\n\u003Cli>Russian (ru_RU) – Thanks to Эдуард Валеев\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-tips\u002Fcreate-pot-file-using-poedit\u002F\" rel=\"nofollow ugc\">help translate\u003C\u002Fa> this plugin!\u003C\u002Fp>\n","Allows you to combine and minify your CSS and JS files to improve page load time.",8000,693183,84,137,"2017-11-28T05:12:00.000Z","4.0.38","3.1",[140,141,142,143,144],"minify","minify-css","minify-javascript","minify-js","minify-stylesheet","http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-minify\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbwp-minify.1.3.3.zip",{"slug":148,"name":149,"version":150,"author":151,"author_profile":152,"description":153,"short_description":154,"active_installs":155,"downloaded":156,"rating":85,"num_ratings":28,"last_updated":157,"tested_up_to":112,"requires_at_least":158,"requires_php":159,"tags":160,"homepage":164,"download_link":165,"security_score":27,"vuln_count":166,"unpatched_count":29,"last_vuln_date":167,"fetched_at":31},"cm-header-footer-script-loader","CM Header and Footer  – Add custom scripts and styles to your header and footer with ease","1.3.0","CreativeMindsSolutions","https:\u002F\u002Fprofiles.wordpress.org\u002Fcreativemindssolutions\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fwordpress-header-and-footer-script-loader-plugin\u002F\" rel=\"nofollow ugc\">Premium Plugin Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.videolessonsplugin.com\u002Fvideo-lesson\u002Flesson\u002Fheader-footer-script-loader-plugin\u002F\" rel=\"nofollow ugc\">Videos\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fcreativeminds.helpscoutdocs.com\u002Fcategory\u002F452-header-and-footer-script-loader\" rel=\"nofollow ugc\">User Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easily manage and control header and footer scripts and styles on your WordPress site using a simple and user-friendly plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>⭐ \u003Cem>We’re excited to introduce the updated 2025 version of the CM Header and Footer plugin! This release brings a fresh, modern design to the script creation and editing interface, making it even more intuitive and user-friendly. Install now and enjoy the improved experience!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>With the Header and Footer Script Loader plugin, you can easily manage and control additional scripts and styles on your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin allows you to pre-load all scripts and styles in the plugin settings, as well as inject custom JavaScript and code to suit your needs.\u003C\u002Fp>\n\u003Cp>You have the option to choose whether a script should be automatically or manually uploaded in all posts.\u003C\u002Fp>\n\u003Ch3>Insert Headers and Footers Premium Edition\u003C\u002Fh3>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fwordpress-header-and-footer-script-loader-plugin\u002F\" rel=\"nofollow ugc\">Insert Headers and Footers Plugin Premium editions\u003C\u002Fa> includes even more powerful features, such as: each post has a header and footer metabox that allows you to control the various scripts and styles, device selection for each script and stlye and much more.\u003C\u002Fp>\n\u003Ch3>Insert Headers and Footers Plugin Introduction Video (Pro Version)\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F141020978\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Insert Script Plugin Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Control Site Scripts\u003C\u002Fstrong> – Easily add or replace various scripts and styles to your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Loading Per Post\u003C\u002Fstrong> – Target scripts and styles to specific posts or groups of custom posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce Script Load\u003C\u002Fstrong> – Reduce the amount of scripts loaded throughout the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Target Script to Specific Posts or URL Pattern\u003C\u002Fstrong> (premium plugin) – Target scripts to load on a specific URL or URL pattern.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per Device Script Support\u003C\u002Fstrong> (premium plugin) – Load script on a Mobile or Desktop or both.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Basic Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add unlimited number of JS scripts and CSS styles.\u003C\u002Fli>\n\u003Cli>Load scripts in header or footer.\u003C\u002Fli>\n\u003Cli>Load scripts on all posts and pages.\u003C\u002Fli>\n\u003Cli>Load scripts on selected post types.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version Features\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fwordpress-header-and-footer-script-loader-plugin\u002F\" rel=\"nofollow ugc\">Pro Version Detailed Features List\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add unlimited number of JS, CSS, PHP and HTML scripts.\u003C\u002Fli>\n\u003Cli>Load scripts in header, footer, after opening body tag, before or after content.\u003C\u002Fli>\n\u003Cli>Support script loading on custom posts.\u003C\u002Fli>\n\u003Cli>Target scripts to selected posts and pages.\u003C\u002Fli>\n\u003Cli>Target scripts to posts of chosen categories.\u003C\u002Fli>\n\u003Cli>Target scripts to posts of chosen tags.\u003C\u002Fli>\n\u003Cli>Target scripts by URL or group of URLs.\u003C\u002Fli>\n\u003Cli>Target by device type: desktop only, mobile only or both for each script you set.\u003C\u002Fli>\n\u003Cli>Control script loading on specific posts using a metabox.\u003C\u002Fli>\n\u003Cli>Control when to launch scripts by adding timeframe.\u003C\u002Fli>\n\u003Cli>Add titles and internal notes to scripts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Follow Us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fcategory\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Blog\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fcmplugins\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fcreativeminds\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fuser\u002Fcmindschannel\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fwww.pinterest.com\u002Fcmplugins\u002F\" rel=\"nofollow ugc\">Pinterest\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcmplugins\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Plugin usage instructions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Click “Add New Script”.\u003C\u002Fli>\n\u003Cli>Fill the “Script Name” field and paste “Script Code”.\u003C\u002Fli>\n\u003Cli>Click “Expand Additional Settings”.\u003C\u002Fli>\n\u003Cli>Optionally, add a note with explanations for a script.\u003C\u002Fli>\n\u003Cli>Select “Script Type”, “Script Location” and “Where to Load”.\u003C\u002Fli>\n\u003Cli>Click “Save Script”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Suggested Plugins by CreativeMinds\u003C\u002Fh3>\n\u003Cp>List of all \u003Ca href=\"https:\u002F\u002Fwww.cminds.com\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> by CreativeMinds\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fglossaryplugin.com\u002F\" rel=\"nofollow ugc\">CM Tooltip Glossary\u003C\u002Fa> – Easily creates a Glossary, Encyclopaedia or Dictionary of your website’s terms and shows them as a tooltip in posts and pages when hovering. With many more powerful features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.downloadmanagerplugin.com\u002F\" rel=\"nofollow ugc\">CM Download Manager\u003C\u002Fa> – Allows users to upload, manage, track and support documents or files in a download directory listing database for others to contribute, use and comment upon.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.answersplugin.com\u002F\" rel=\"nofollow ugc\">CM Answers Plugin\u003C\u002Fa> – A fully-featured WordPress Questions & Answers Plugin that allows you to build multiple discussion forum systems Just like StackOverflow, Yahoo Answers and Quora, Now with MicroPayments and Anonymous posting support.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Frestrictcontent.com\u002F\" rel=\"nofollow ugc\">CM Restrict Content\u003C\u002Fa> – A full-featured, powerful membership solution and content restriction plugin for WordPress. Support access by role to content on your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fonboardingplugin.com\u002F\" rel=\"nofollow ugc\">CM OnBoarding\u003C\u002Fa> – Superb Guidance tool which improves the online experience and the user satisfaction.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add custom CSS and JavaScript to headers and footers on your site with the header and footer plugin for enhanced control and design.",1000,44384,"2026-01-29T11:00:00.000Z","5.4.0","5.2.4",[161,162,163,93,94],"custom-css","footer","header","https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fwordpress-header-and-footer-script-loader-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-header-footer-script-loader.zip",1,"2025-04-03 00:00:00",{"slug":169,"name":170,"version":171,"author":172,"author_profile":173,"description":174,"short_description":175,"active_installs":155,"downloaded":176,"rating":177,"num_ratings":178,"last_updated":179,"tested_up_to":180,"requires_at_least":181,"requires_php":89,"tags":182,"homepage":184,"download_link":185,"security_score":186,"vuln_count":166,"unpatched_count":166,"last_vuln_date":187,"fetched_at":31},"custom-css-editor","Custom CSS","1.4.0","FRESHFACE","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreshface\u002F","\u003Cp>Create custom CSS and JS codes. Delivered with our awesome Conditional Logic, you can easily specify\u003Cbr \u002F>\nwhere you want to your custom CSS code appear. You can write your CSS and JS codes inside\u003Cbr \u002F>\nnice ACE editor with syntax highlighter.Codes will be still presented, after you change the theme,\u003Cbr \u002F>\nso this is really good way to write CSS adjustments into your theme.\u003C\u002Fp>\n","Add custom CSS, JS, PHP, tracking code. Very easy to use!",69353,50,17,"2017-11-28T15:06:00.000Z","4.6.30","4.0.0",[21,161,183],"custom-js","http:\u002F\u002Ffreshface.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-editor.zip",63,"2025-10-08 00:00:00",{"attackSurface":189,"codeSignals":296,"taintFlows":417,"riskAssessment":442,"analyzedAt":454},{"hooks":190,"ajaxHandlers":254,"restRoutes":292,"shortcodes":293,"cronEvents":294,"entryPointCount":295,"unprotectedCount":295},[191,197,201,206,211,215,220,223,228,232,236,239,242,244,248,251,253],{"type":192,"name":193,"callback":194,"file":195,"line":196},"action","admin_menu","menu","admin\\Admin.php",25,{"type":192,"name":198,"callback":199,"file":195,"line":200},"admin_enqueue_scripts","assets",26,{"type":192,"name":202,"callback":203,"file":204,"line":205},"plugins_loaded","initAjax","admin\\controllers\\ItemController.php",22,{"type":192,"name":207,"callback":208,"file":209,"line":210},"init","closure","admin\\controllers\\RateController.php",13,{"type":192,"name":212,"callback":213,"file":209,"line":214},"admin_notices","notice",15,{"type":216,"name":217,"callback":208,"file":218,"line":219},"filter","install_plugins_nonmenu_tabs","admin\\controllers\\ScriptsController.php",33,{"type":216,"name":221,"callback":208,"file":218,"line":222},"install_plugins_table_api_args_luckywp",37,{"type":192,"name":224,"callback":225,"file":226,"line":227},"wp_loaded","anonymous","core\\admin\\AdminController.php",21,{"type":192,"name":229,"callback":208,"file":230,"line":231},"after_setup_theme","core\\base\\BasePlugin.php",62,{"type":192,"name":233,"callback":234,"file":235,"line":109},"admin_init","adminInit","core\\wp\\Settings.php",{"type":192,"name":207,"callback":208,"file":237,"line":238},"front\\Front.php",14,{"type":192,"name":240,"callback":208,"file":237,"line":241},"wp_head",18,{"type":192,"name":243,"callback":208,"priority":166,"file":237,"line":200},"wp_body_open",{"type":192,"name":245,"callback":208,"priority":246,"file":237,"line":247},"template_include",999,30,{"type":192,"name":249,"callback":208,"file":237,"line":250},"wp_footer",40,{"type":192,"name":233,"callback":208,"file":252,"line":214},"modules\\welcome\\Welcome.php",{"type":192,"name":212,"callback":213,"file":252,"line":178},[255,259,263,266,270,274,277,280,284,288],{"action":256,"nopriv":51,"callback":257,"hasNonce":51,"hasCapCheck":51,"file":204,"line":258},"lwpsc_add_item","ajaxAddItem",28,{"action":260,"nopriv":51,"callback":261,"hasNonce":51,"hasCapCheck":51,"file":204,"line":262},"lwpsc_edit_item","ajaxEditItem",29,{"action":264,"nopriv":51,"callback":265,"hasNonce":51,"hasCapCheck":51,"file":204,"line":247},"lwpsc_disable_item","ajaxDisableItem",{"action":267,"nopriv":51,"callback":268,"hasNonce":51,"hasCapCheck":51,"file":204,"line":269},"lwpsc_enable_item","ajaxEnableItem",31,{"action":271,"nopriv":51,"callback":272,"hasNonce":51,"hasCapCheck":51,"file":204,"line":273},"lwpsc_delete_item","ajaxDeleteItem",32,{"action":275,"nopriv":51,"callback":276,"hasNonce":51,"hasCapCheck":51,"file":204,"line":219},"lwpsc_sort","ajaxSort",{"action":278,"nopriv":51,"callback":279,"hasNonce":51,"hasCapCheck":51,"file":209,"line":241},"lwpsc_rate","ajaxRate",{"action":281,"nopriv":51,"callback":282,"hasNonce":51,"hasCapCheck":51,"file":209,"line":283},"lwpsc_show_later","ajaxShowLater",19,{"action":285,"nopriv":51,"callback":286,"hasNonce":51,"hasCapCheck":51,"file":209,"line":287},"lwpsc_already_rate","ajaxAlreadyRate",20,{"action":289,"nopriv":51,"callback":290,"hasNonce":51,"hasCapCheck":51,"file":291,"line":210},"lwpsc_welcome_hide","ajaxHide","modules\\welcome\\controllers\\MainController.php",[],[],[],10,{"dangerousFunctions":297,"sqlUsage":298,"outputEscaping":300,"fileOperations":29,"externalRequests":29,"nonceChecks":166,"capabilityChecks":415,"bundledLibraries":416},[],{"prepared":29,"raw":29,"locations":299},[],{"escaped":301,"rawEcho":72,"locations":302},12,[303,306,308,310,312,314,316,317,318,319,321,323,325,327,329,331,332,334,335,337,338,340,341,342,343,345,346,348,349,350,351,352,353,354,355,356,357,358,361,363,364,365,366,367,369,371,372,373,375,376,378,379,380,382,384,386,388,389,390,392,393,394,395,398,400,402,404,406,408,409,410,411,413,414],{"file":204,"line":304,"context":305},57,"raw output",{"file":204,"line":307,"context":305},88,{"file":204,"line":309,"context":305},116,{"file":204,"line":311,"context":305},134,{"file":204,"line":313,"context":305},153,{"file":315,"line":238,"context":305},"admin\\views\\item\\_modal_add.php",{"file":315,"line":214,"context":305},{"file":315,"line":178,"context":305},{"file":315,"line":287,"context":305},{"file":315,"line":320,"context":305},27,{"file":315,"line":322,"context":305},35,{"file":315,"line":324,"context":305},38,{"file":315,"line":326,"context":305},44,{"file":315,"line":328,"context":305},47,{"file":315,"line":330,"context":305},54,{"file":315,"line":304,"context":305},{"file":333,"line":210,"context":305},"admin\\views\\item\\_modal_delete_confirm.php",{"file":333,"line":238,"context":305},{"file":333,"line":336,"context":305},16,{"file":333,"line":283,"context":305},{"file":333,"line":339,"context":305},23,{"file":333,"line":320,"context":305},{"file":333,"line":247,"context":305},{"file":333,"line":273,"context":305},{"file":333,"line":344,"context":305},36,{"file":333,"line":14,"context":305},{"file":347,"line":238,"context":305},"admin\\views\\item\\_modal_edit.php",{"file":347,"line":214,"context":305},{"file":347,"line":178,"context":305},{"file":347,"line":287,"context":305},{"file":347,"line":320,"context":305},{"file":347,"line":322,"context":305},{"file":347,"line":324,"context":305},{"file":347,"line":326,"context":305},{"file":347,"line":328,"context":305},{"file":347,"line":330,"context":305},{"file":347,"line":304,"context":305},{"file":359,"line":360,"context":305},"admin\\views\\rate\\notice.php",9,{"file":359,"line":362,"context":305},11,{"file":359,"line":178,"context":305},{"file":359,"line":287,"context":305},{"file":359,"line":320,"context":305},{"file":359,"line":219,"context":305},{"file":359,"line":368,"context":305},41,{"file":370,"line":238,"context":305},"admin\\views\\scripts\\index.php",{"file":370,"line":196,"context":305},{"file":370,"line":247,"context":305},{"file":370,"line":374,"context":305},42,{"file":370,"line":328,"context":305},{"file":370,"line":377,"context":305},51,{"file":370,"line":304,"context":305},{"file":370,"line":231,"context":305},{"file":381,"line":295,"context":305},"admin\\views\\scripts\\plugins.php",{"file":383,"line":122,"context":305},"admin\\views\\scripts\\settings.php",{"file":385,"line":178,"context":305},"admin\\widgets\\header\\views\\widget.php",{"file":385,"line":387,"context":305},24,{"file":385,"line":269,"context":305},{"file":385,"line":222,"context":305},{"file":391,"line":205,"context":305},"admin\\widgets\\itemRow\\views\\row.php",{"file":391,"line":387,"context":305},{"file":391,"line":200,"context":305},{"file":391,"line":320,"context":305},{"file":396,"line":397,"context":305},"core\\base\\Controller.php",67,{"file":399,"line":324,"context":305},"core\\base\\Widget.php",{"file":235,"line":401,"context":305},275,{"file":235,"line":403,"context":305},403,{"file":235,"line":405,"context":305},467,{"file":235,"line":407,"context":305},469,{"file":237,"line":283,"context":305},{"file":237,"line":320,"context":305},{"file":237,"line":368,"context":305},{"file":412,"line":360,"context":305},"modules\\welcome\\views\\main\\notice.php",{"file":412,"line":336,"context":305},{"file":412,"line":283,"context":305},3,[],[418,433],{"entryPoint":419,"graph":420,"unsanitizedCount":166,"severity":42},"showTabs (core\\wp\\Settings.php:392)",{"nodes":421,"edges":431},[422,426],{"id":423,"type":424,"label":425,"file":235,"line":403},"n0","source","$_GET['page']",{"id":427,"type":428,"label":429,"file":235,"line":403,"wp_function":430},"n1","sink","echo() [XSS]","echo",[432],{"from":423,"to":427,"sanitized":51},{"entryPoint":434,"graph":435,"unsanitizedCount":166,"severity":441},"\u003CSettings> (core\\wp\\Settings.php:0)",{"nodes":436,"edges":439},[437,438],{"id":423,"type":424,"label":425,"file":235,"line":403},{"id":427,"type":428,"label":429,"file":235,"line":403,"wp_function":430},[440],{"from":423,"to":427,"sanitized":51},"low",{"summary":443,"deductions":444},"The luckywp-scripts-control plugin v1.2.5 presents a significant security risk due to a large attack surface consisting of 10 AJAX handlers, all of which lack proper authorization checks. While the code shows good practices in handling SQL queries with prepared statements and has no critical or high severity vulnerabilities in its history, the absence of authentication on numerous entry points is a major concern.  The 14% proper output escaping is also concerning, suggesting potential for cross-site scripting (XSS) vulnerabilities, though the taint analysis did not flag critical or high severity flows. The plugin's vulnerability history indicates past issues with Missing Authorization and CSRF, further reinforcing the need for robust authentication and input validation on its AJAX endpoints. Overall, the plugin has some strengths like secure SQL handling, but the unprotected AJAX endpoints and past vulnerability types create a weak security posture that requires immediate attention.",[445,447,450,452],{"reason":446,"points":295},"AJAX handlers without authorization checks",{"reason":448,"points":449},"Low percentage of properly escaped output",7,{"reason":451,"points":295},"Known medium severity vulnerabilities",{"reason":453,"points":68},"Missing nonce checks on AJAX handlers","2026-03-16T18:16:34.343Z",{"wat":456,"direct":465},{"assetPaths":457,"generatorPatterns":460,"scriptPaths":461,"versionParams":462},[458,459],"\u002Fwp-content\u002Fplugins\u002Fluckywp-scripts-control\u002Fadmin\u002Fassets\u002Fmain.min.css","\u002Fwp-content\u002Fplugins\u002Fluckywp-scripts-control\u002Fadmin\u002Fassets\u002Fmain.min.js",[],[],[463,464],"luckywp-scripts-control\u002Fadmin\u002Fassets\u002Fmain.min.css?ver=","luckywp-scripts-control\u002Fadmin\u002Fassets\u002Fmain.min.js?ver=",{"cssClasses":466,"htmlComments":467,"htmlAttributes":468,"restEndpoints":469,"jsGlobals":470,"shortcodeOutput":472},[],[],[],[],[471],"lwpscMain",[],{"error":474,"url":475,"statusCode":476,"statusMessage":477,"message":477},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fluckywp-scripts-control\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":360,"versions":479},[480,485,492,499,505,514,522,531,540],{"version":6,"download_url":26,"svn_tag_url":481,"released_at":39,"has_diff":51,"diff_files_changed":482,"diff_lines":39,"trac_diff_url":483,"vulnerabilities":484,"is_current":474},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.4&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.5",[],{"version":486,"download_url":487,"svn_tag_url":488,"released_at":39,"has_diff":51,"diff_files_changed":489,"diff_lines":39,"trac_diff_url":490,"vulnerabilities":491,"is_current":51},"1.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.3&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.4",[],{"version":493,"download_url":494,"svn_tag_url":495,"released_at":39,"has_diff":51,"diff_files_changed":496,"diff_lines":39,"trac_diff_url":497,"vulnerabilities":498,"is_current":51},"1.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.2&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.3",[],{"version":41,"download_url":500,"svn_tag_url":501,"released_at":39,"has_diff":51,"diff_files_changed":502,"diff_lines":39,"trac_diff_url":503,"vulnerabilities":504,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.1&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.2",[],{"version":506,"download_url":507,"svn_tag_url":508,"released_at":39,"has_diff":51,"diff_files_changed":509,"diff_lines":39,"trac_diff_url":510,"vulnerabilities":511,"is_current":51},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.2&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.2.1",[512,513],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":57,"vuln_type":59,"patched_in_version":41},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":78,"download_url":515,"svn_tag_url":516,"released_at":39,"has_diff":51,"diff_files_changed":517,"diff_lines":39,"trac_diff_url":518,"vulnerabilities":519,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.1&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.2",[520,521],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":57,"vuln_type":59,"patched_in_version":41},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":523,"download_url":524,"svn_tag_url":525,"released_at":39,"has_diff":51,"diff_files_changed":526,"diff_lines":39,"trac_diff_url":527,"vulnerabilities":528,"is_current":51},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.0.1&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.1",[529,530],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":57,"vuln_type":59,"patched_in_version":41},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":532,"download_url":533,"svn_tag_url":534,"released_at":39,"has_diff":51,"diff_files_changed":535,"diff_lines":39,"trac_diff_url":536,"vulnerabilities":537,"is_current":51},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fluckywp-scripts-control%2Ftags%2F1.0.0&new_path=%2Fluckywp-scripts-control%2Ftags%2F1.0.1",[538,539],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":57,"vuln_type":59,"patched_in_version":41},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":541,"download_url":542,"svn_tag_url":543,"released_at":39,"has_diff":51,"diff_files_changed":544,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":545,"is_current":51},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fluckywp-scripts-control.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fluckywp-scripts-control\u002Ftags\u002F1.0.0\u002F",[],[546,547],{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":57,"vuln_type":59,"patched_in_version":41},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41}]