PerformerJS Security & Risk Analysis
wordpress.org/plugins/performerjsPerformerJS allows you to add really cool effects and features to your website by doing some simple editing of the HTML code in your pages.
Is PerformerJS Safe to Use in 2026?
Generally Safe
Score 85/100PerformerJS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The performerjs plugin v1.0.5 exhibits a strong initial security posture based on the provided static analysis. The absence of any identified attack surface points, dangerous functions, file operations, external HTTP requests, or taint flows is highly encouraging. This suggests the plugin is designed with security in mind, avoiding common entry points for vulnerabilities. Furthermore, all SQL queries are prepared, and there is no recorded vulnerability history, indicating a history of stable and secure releases.
However, a significant concern arises from the output escaping analysis. With one total output and 0% properly escaped, any data rendered to the user interface is vulnerable to cross-site scripting (XSS) attacks. This is a critical weakness that could allow attackers to inject malicious scripts, steal user credentials, or perform other harmful actions. The use of an outdated bundled library, jQuery v1.0.4, also presents a potential risk, as older versions are often susceptible to known vulnerabilities that may not be addressed in this plugin's context.
In conclusion, while performerjs v1.0.5 demonstrates excellent security hygiene in its design and lack of historical vulnerabilities, the critical deficiency in output escaping and the outdated bundled library represent significant risks that must be addressed. The plugin is otherwise well-protected, but these specific issues expose it to common and dangerous attack vectors.
Key Concerns
- Output escaping is not implemented
- Bundled outdated library: jQuery v1.0.4
PerformerJS Security Vulnerabilities
PerformerJS Code Analysis
Bundled Libraries
Output Escaping
PerformerJS Attack Surface
WordPress Hooks 2
Maintenance & Trust
PerformerJS Maintenance & Trust
Maintenance Signals
Community Trust
PerformerJS Alternatives
Raw HTML
raw-html
Lets you use raw HTML or any other code in your posts. You can also disable smart quotes and other automatic formatting on a per-post basis.
Code Embed
simple-embed-code
Code Embed provides a very easy and efficient way to embed code (JavaScript, CSS and HTML) in your posts and pages.
WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript
wp-super-minify
A lightweight plugin that automatically minifies, compresses, and caches HTML, CSS, and JavaScript on demand to improve your website’s load speed.
WebberZone Snippetz – Header, Body and Footer manager
add-to-all
The ultimate snippet manager for WordPress. Create and manage custom HTML, CSS, or JS code snippets and control where and when they are displayed.
CM Header and Footer – Add custom scripts and styles to your header and footer with ease
cm-header-footer-script-loader
Add custom CSS and JavaScript to headers and footers on your site with the header and footer plugin for enhanced control and design.
PerformerJS Developer Profile
11 plugins · 460 total installs
How We Detect PerformerJS
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/performerjs/performer.jquery.min.js/wp-content/plugins/performerjs/performer.mootools.min.js/wp-content/plugins/performerjs/performer.prototype.min.js/wp-content/plugins/performerjs/performer.prototype.min.js/wp-content/plugins/performerjs/performer.mootools.min.js/wp-content/plugins/performerjs/performer.jquery.min.jsperformer.jquery.min.js?ver=performer.mootools.min.js?ver=performer.prototype.min.js?ver=HTML / DOM Fingerprints
window.Prototypewindow.MooToolswindow.jQuery