Sassify Security & Risk Analysis

wordpress.org/plugins/sassify

Adds support for SCSS stylesheets to wp_enqueue_style.

20 active installs v1.0.0 PHP + WP 3.5.0+ Updated Jul 7, 2015
csssassscss
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Sassify Safe to Use in 2026?

Generally Safe

Score 85/100

Sassify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "sassify" plugin v1.0.0 exhibits a concerning security posture despite a lack of reported vulnerabilities or a large attack surface. The static analysis reveals two critical weaknesses: unsanitized paths identified in the taint analysis and a complete lack of output escaping. The presence of unsanitized paths in two flows is a significant concern, as it indicates potential vulnerabilities related to file system manipulation or directory traversal if these paths are user-controllable. Furthermore, the 100% of outputs not being properly escaped is a serious oversight, opening the door to cross-site scripting (XSS) attacks, especially if any of the output is user-generated content. While the plugin's vulnerability history is clean, this can be attributed to its small attack surface and potentially limited functionality, rather than inherent strong security practices. The absence of any capability checks or nonce checks, coupled with the file operation signals, further amplifies the risk of unauthorized actions or data compromise. The plugin's strengths lie in its lack of direct SQL query risks and a small attack surface in terms of common entry points like AJAX, REST, and shortcodes.

Key Concerns

  • Two flows with unsanitized paths
  • 0% of outputs properly escaped
  • No capability checks
  • No nonce checks
Vulnerabilities
None known

Sassify Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sassify Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Sassify Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
style_loader_src (class-sassify-plugin.php:28)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Sassify Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionadmin_menuclass-sassify-admin.php:10
actionadmin_initclass-sassify-admin.php:11
actionwp_footerclass-sassify-plugin.php:21
filterstyle_loader_srcclass-sassify-plugin.php:22
Maintenance & Trust

Sassify Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedJul 7, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Developer Profile

Sassify Developer Profile

funkjedi

3 plugins · 9K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sassify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sassify/scss.inc.php

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Sassify