[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiXum3gZoOPV9i6eLtYQU1XV4x2zdFw6XVVwHJKXiqN0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":143,"fingerprints":242},"scripts-to-footerphp","Scripts To Footer","0.7.3","Joshua David Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshuadnelson\u002F","\u003Cp>This small plugin moves scripts to the footer. Note that this only works if you have plugins and a theme that utilizes \u003Ccode>wp_enqueue_scripts\u003C\u002Fcode> correctly.\u003C\u002Fp>\n\u003Cp>You can disable the plugin on specific pages and posts directly via the post\u002Fpage edit screen metabox.\u003C\u002Fp>\n\u003Cp>You can disable the plugin on specific archive pages (blog page, search page, post type and taxonomy archives) via the settings page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Everything Broken?\u003C\u002Fstrong> Try placing jQuery back into the header via Settings > Scripts to Footer, “Keep jQuery in the Header” checkbox. If that doesn’t work, refer to the walkthrough below for using the \u003Ccode>stf_exclude_scripts\u003C\u002Fcode> filter for the script that is causing the issue.\u003C\u002Fp>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Fscripts-to-footer\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Fscripts-to-footer\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> or some quick walkthroughs below.\u003C\u002Fp>\n\u003Ch4>Keeping specific Scripts in the Header\u003C\u002Fh4>\n\u003Cp>As of version 0.6 you can now keep specific scripts in the header. Note: this will print any scripts they depend on as well (if you want to keep \u003Ccode>jquery-effects-core\u003C\u002Fcode> in the header, you’ll also get \u003Ccode>jQuery\u003C\u002Fcode> in the header, so no need to add both).\u003C\u002Fp>\n\u003Cp>Specifically for jQuery, see the settings page option, as it is a common request we’ve built it into the settings.\u003C\u002Fp>\n\u003Cp>For any other scripts, use this filter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'stf_exclude_scripts', 'jdn_header_scripts', 10, 1 );\nfunction jdn_header_scripts( $scripts ) {\n\n    $scripts[] = 'backbone'; \u002F\u002F Replace 'backbone' with the script slug\n\n    return $scripts;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You will need the correct script slug, which is used when the script is registered, and the script will only be printed into the header \u003Cem>if it’s enqueued\u003C\u002Fem>. Check out the scripts that come registered \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_enqueue_script#Default_Scripts_Included_and_Registered_by_WordPress\" rel=\"nofollow ugc\">out-of-the-box with WordPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> As of version 0.6.3, \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">conditional tags\u003C\u002Fa> will work with the \u003Ccode>stf_exclude_scripts\u003C\u002Fcode> filter.\u003C\u002Fp>\n\u003Ch4>Custom Post Type Support\u003C\u002Fh4>\n\u003Cp>If you’re comfortable with code you can use the \u003Ccode>scripts_to_footer_post_types\u003C\u002Fcode> filter to change the post types this applies to (it only applies to pages and posts by default). For example, if you have a custom post type called “project” you could add support for this metabox via the post type filter like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function stf_add_cpt_support( $post_types ) {\n\n    $post_types[] = 'project';\n\n    return $post_types;\n}\nadd_filter( 'scripts_to_footer_post_types', 'stf_add_cpt_support' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Excluding Pages\u002FPosts\u002FTemplates Via Filter\u003C\u002Fh4>\n\u003Cp>You can either use the checkbox option to disable the plugin’s action on a specific page\u002Fpost, or you can utilize a filter. The filter also passes the post\u002Fpage id, if there is one (archive templates don’t have ids!).\u003C\u002Fp>\n\u003Cp>For example, for the “page” post type:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function stf_exclude_my_page( $exclude_page, $post_id ) {\n\n    if ( is_front_page() ) {\n        $exclude_page = 'on'; \u002F\u002F this turns on the \"exclude\" option\n    }\n\n    return $exclude_page;\n}\nadd_filter( 'stf_page', 'stf_exclude_my_page' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Replace \u003Ccode>stf_page\u003C\u002Fcode> with \u003Ccode>stf_post\u003C\u002Fcode> for posts, or the slug of your custom post type. For instance, a post type called “project” can be filtered with \u003Ccode>stf_project\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>More Documentation\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Fscripts-to-footer\u002Fwiki\" rel=\"nofollow ugc\">See the plugin’s wiki\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Development \u002F Contributing\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Fscripts-to-footer\" rel=\"nofollow ugc\">View this plugin on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Please feel free to open a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Fscripts-to-footer\u002Fissues\" rel=\"nofollow ugc\">Github Issue\u003C\u002Fa> to report conflicts or goto \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fscripts-to-footerphp\" rel=\"ugc\">the WP.org support forum\u003C\u002Fa>. If there is something wrong with Scripts-to-Footer, we’ll update it. However, if it’s a another plugin or theme we can only contact the developer with the issue to attempt to resolve it.\u003C\u002Fp>\n","Move your scripts to the footer to help speed up perceived page load times and improve user experience.",8000,253349,94,37,"2025-11-17T02:54:00.000Z","6.8.5","5.3","7.4",[20,21,22,23,24],"footer","head","javascript","performance","speed","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fscripts-to-footerphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscripts-to-footerphp.0.7.3.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":13,"computed_at":37},"joshuadnelson",3,23000,30,"2026-04-04T05:03:01.366Z",[39,59,81,102,122],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":27,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":56,"download_link":57,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"evolution-footer-scripts","AH Footer Scripts","1.0.2","Andreas Hecht","https:\u002F\u002Fprofiles.wordpress.org\u002Fahecht\u002F","\u003Cp>This small plugin moves all scripts (including jQuery) to the footer to help speed up page load times, while keep stylesheets in the header. Note that this only works if you have plugins and a theme that utilizes wp_enqueue_scripts correctly.\u003C\u002Fp>\n","This small plugin moves all scripts (including jQuery) to the footer to help speed up page load times, while keep stylesheets in the header.",10,3421,2,"2017-09-23T17:00:00.000Z","4.8.28","4.7.0","",[20,22,55,23,24],"jquery","https:\u002F\u002Fandreas-hecht.com\u002Fah-footer-scripts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fevolution-footer-scripts.1.0.2.zip",85,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":13,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":53,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":49,"unpatched_count":28,"last_vuln_date":80,"fetched_at":30},"async-javascript","Async JavaScript","2.21.08.31","David Clough","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloughit\u002F","\u003Cp>Eliminate Render-blocking Javascript in above-the-fold content with Async Javascript.\u003C\u002Fp>\n\u003Cp>Render-blocking Javascript prevents above-the-fold content on your page from being rendered until the javascript has finished loading. This can impact on your page speed and ultimately your ranking within search engines. It can also impact your user’s experience.\u003C\u002Fp>\n\u003Cp>Async JavaScript gives you full control of which scripts to add an ‘async’ or ‘defer’ attribute to or to exclude to help increase the performance of your WordPress website.\u003C\u002Fp>\n","Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres &hellip;",80000,2047749,102,"2023-06-22T08:00:00.000Z","6.2.9","4.6",[74,22,75,23,76],"async","pagespeed","render-blocking","https:\u002F\u002Fautoptimize.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasync-javascript.2.21.08.31.zip",84,"2021-06-13 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":53,"tags":96,"homepage":100,"download_link":101,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"oh-add-script-header-footer","SOGO Add Script to Individual Pages Header Footer","3.9","SOGO","https:\u002F\u002Fprofiles.wordpress.org\u002Forenhav\u002F","\u003Cp>Tested with Gutenberg\u003C\u002Fp>\n\u003Cp>Create a simple way to add javascript code to individual page post or custom post type header and footer,\u003Cbr \u002F>\nfor example: add conversion code to thank you pages\u003Cbr \u002F>\nadd google re-marketing code to individual pages\u003Cbr \u002F>\nand much more…\u003Cbr \u002F>\nadded in version 1.3 the option to add script  \\ style to all pages not only individual pages,\u003Cbr \u002F>\n this will allow you to add Google re-marketing code to the entire site or Google Analytics\u003Cbr \u002F>\n to use it goto “settings” – “Header Footer Settings”\u003C\u002Fp>\n\u003Cp>New Features (version 3.0):\u003Cbr \u002F>\nAdded option for terms  \u002F category pages\u003C\u002Fp>\n\u003Cp>New Features (version 2.3):\u003Cbr \u002F>\n Added support for WooCommerce shop page.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>we support now exclude individual pages form printing the header and footer scripts, this is supported by 2 checkboxes in each page\\post\u003Cbr \u002F>\nbuy check it the script will not be display on this page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>we added support to limit the script only for certain post type \\ page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>if you like it \\ use it – please rate us.\u003C\u002Fp>\n\u003Cp>usage:\u003Cbr \u002F>\nYou need to paste the code with the script tag, for example:\u003Cbr \u002F>\n   you js code \u003C\u002Fp>\n","Simple plugin to add script to header and footer for individual pages & posts",20000,382562,86,31,"2020-01-20T09:20:00.000Z","5.3.21","3.5",[20,97,22,98,99],"header","js","re-marketing-code","http:\u002F\u002Fsogo.co.il","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foh-add-script-header-footer.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":27,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":52,"requires_php":115,"tags":116,"homepage":53,"download_link":121,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"embed-code","Embed Code – Headers & Footers by DesignBombs","2.0.4","designbombs","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignbombs\u002F","\u003Cp>Easily insert or embed header and footer code in WordPress. Embed Code makes embedding global or page\u002Fpost-specific header and footer code super easy. It can be used to add almost anything, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics tracking code\u003C\u002Fli>\n\u003Cli>Site verification snippets\u003C\u002Fli>\n\u003Cli>Typekit font scripts\u003C\u002Fli>\n\u003Cli>Custom CSS\u003C\u002Fli>\n\u003Cli>Custom JavaScript\u003C\u002Fli>\n\u003Cli>Optimizely embed code\u003C\u002Fli>\n\u003Cli>Facebook tracking pixel\u003C\u002Fli>\n\u003Cli>Live chat integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It even supports embedding code on custom post types!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is maintained by folks over at \u003Ca href=\"http:\u002F\u002Fdesignbombs.com\" rel=\"nofollow ugc\">DesignBombs.com\u003C\u002Fa>. If you are looking to start a new website, checkout their guide on \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">how to create a website\u003C\u002Fa>. They also have in-depth guides on other topics like how to \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fbest-wordpress-hosting\" rel=\"nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fhow-to-start-a-blog\u002F\" rel=\"nofollow ugc\">how to start a blog\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.designbombs.com\u002Fwordpress-security\u002F\" rel=\"nofollow ugc\">WordPress security\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to embed code in the head or footer of your site, globally or on a per-page\u002Fpost basis.",5000,59115,6,"2021-08-04T08:03:00.000Z","5.8.13","5.4",[103,117,118,119,120],"embed-javascript","footer-code","header-code","tracking-code","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-code.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":27,"num_ratings":49,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":53,"tags":135,"homepage":141,"download_link":142,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"custom-script-for-customizer","Custom Header Footer Scripts for Customizer","1.1.1","Rupok","https:\u002F\u002Fprofiles.wordpress.org\u002Fre_enter_rupok\u002F","\u003Cp>Add custom script to header and footer through WordPress Customizer. Edit your scripts with CodeMirror editor within Customizer. You can place any custom JavaScript, Google Analytics or embed script. Extremely helpful if you need to place any custom javascript or jQuery code to header or footer. This plugin gives you the ability to place different scripts to header or footer separately. Uses Customizer so you can edit the code live and see the changes on the fly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CodeMirror Editor\u003C\u002Fli>\n\u003Cli>Ability to add custom scripts to wp header.\u003C\u002Fli>\n\u003Cli>Ability to add custom scripts to wp footer.\u003C\u002Fli>\n\u003Cli>Ability to add multiple scripts.\u003C\u002Fli>\n\u003Cli>Ability to add Google Alalytics code.\u003C\u002Fli>\n\u003Cli>Ability to add any embed code.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check my free WordPress Theme \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fflexia\u002F\" rel=\"ugc\">Flexia\u003C\u002Fa>, one theme to rule them all.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check my other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fessential-addons-for-elementor-lite\u002F\" rel=\"ugc\">Essential Addons For Elementor\u003C\u002Fa>\u003C\u002Fstrong> – Most popular Elementor extensions with 1 Million+ active users in the WordPress repository.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterdocs\u002F\" rel=\"ugc\">BetterDocs\u003C\u002Fa>\u003C\u002Fstrong> – Best documentation & knowledge base plugin for WordPress to help you reduce support tickets\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterlinks\u002F\" rel=\"ugc\">BetterLinks\u003C\u002Fa>\u003C\u002Fstrong> – Latest best WordPress link management plugin for link shortening, tracking & analyzing.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotificationx\u002F\" rel=\"ugc\">NotificationX\u003C\u002Fa>\u003C\u002Fstrong> – Best Social Proof & FOMO Marketing Solution\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scheduled-posts\u002F\" rel=\"ugc\">SchedulePress\u003C\u002Fa>\u003C\u002Fstrong> – Complete solution for WordPress Post Scheduling to manage schedules through an editorial calendar.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembedpress\u002F\" rel=\"ugc\">EmbedPress\u003C\u002Fa>\u003C\u002Fstrong>– Embed videos, images, posts, audio, maps and upload PDF, DOC, PPT & all other types of content into your WordPress site with one-click and showcase it beautifully for the visitors.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemplately\u002F\" rel=\"ugc\">Templately\u003C\u002Fa>\u003C\u002Fstrong> Ultimate Template clouds with 1800+ ready templates for Elementor & Gutenberg along with FREE cloud collaboration with your team.\u003C\u002Fp>\n","Add custom script to header and footer through WordPress Customizer. Edit your scripts with CodeMirror editor within Customizer.",2000,25816,"2023-08-20T06:54:00.000Z","6.3.8","4.0",[136,137,138,139,140],"codemirror","custom-javascript","custom-script","customizer-script","header-footer-script","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-script-for-customizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-script-for-customizer.1.1.1.zip",{"attackSurface":144,"codeSignals":192,"taintFlows":231,"riskAssessment":232,"analyzedAt":241},{"hooks":145,"ajaxHandlers":188,"restRoutes":189,"shortcodes":190,"cronEvents":191,"entryPointCount":28,"unprotectedCount":28},[146,152,156,159,162,165,168,171,174,177,179,184],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","plugins_loaded","anonymous","includes\\class-scripts-to-footer.php",212,{"type":153,"name":154,"callback":149,"file":150,"line":155},"filter","plugin_row_meta",228,{"type":147,"name":157,"callback":149,"file":150,"line":158},"add_meta_boxes",234,{"type":147,"name":160,"callback":149,"file":150,"line":161},"save_post",235,{"type":147,"name":163,"callback":149,"file":150,"line":164},"admin_menu",238,{"type":147,"name":166,"callback":149,"file":150,"line":167},"admin_init",241,{"type":147,"name":169,"callback":149,"file":150,"line":170},"wp_enqueue_scripts",256,{"type":153,"name":172,"callback":149,"file":150,"line":173},"stf_include",257,{"type":147,"name":175,"callback":149,"file":150,"line":176},"wp_head",260,{"type":147,"name":175,"callback":149,"file":150,"line":178},263,{"type":147,"name":180,"callback":181,"file":182,"line":183},"admin_notices","disabled_notice","includes\\class-stf-activator.php",62,{"type":147,"name":148,"callback":185,"priority":47,"file":186,"line":187},"run_scripts_to_footer","scripts-to-footer.php",89,[],[],[],[],{"dangerousFunctions":193,"sqlUsage":194,"outputEscaping":201,"fileOperations":28,"externalRequests":28,"nonceChecks":195,"capabilityChecks":34,"bundledLibraries":230},[],{"prepared":28,"raw":195,"locations":196},1,[197],{"file":198,"line":199,"context":200},"uninstall.php",82,"$wpdb->get_results() with variable interpolation",{"escaped":202,"rawEcho":203,"locations":204},14,11,[205,208,211,213,215,217,219,221,223,225,227],{"file":182,"line":206,"context":207},80,"raw output",{"file":209,"line":210,"context":207},"includes\\class-stf-admin-settings.php",333,{"file":209,"line":212,"context":207},347,{"file":209,"line":214,"context":207},361,{"file":209,"line":216,"context":207},384,{"file":209,"line":218,"context":207},410,{"file":209,"line":220,"context":207},429,{"file":209,"line":222,"context":207},445,{"file":209,"line":224,"context":207},458,{"file":209,"line":226,"context":207},474,{"file":228,"line":229,"context":207},"includes\\class-stf-admin.php",161,[],[],{"summary":233,"deductions":234},"The \"scripts-to-footer.php\" plugin, version 0.7.3, exhibits a generally good security posture based on the static analysis.  The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface.  Furthermore, the lack of dangerous functions, file operations, and external HTTP requests are positive indicators of secure coding practices. The presence of nonce and capability checks also suggests an awareness of authentication and authorization best practices.\n\nHowever, a key concern arises from the single SQL query identified, which is not using prepared statements. This presents a potential risk of SQL injection vulnerabilities, especially if the data used in this query originates from user input. While no critical or high-severity taint flows were detected, and the vulnerability history is clean, this single unmitigated SQL query is a notable weakness. The moderate percentage of properly escaped output (56%) also suggests that while most outputs are handled, there's a lingering risk of cross-site scripting (XSS) vulnerabilities if the unescaped outputs process untrusted data.\n\nIn conclusion, the plugin has a strong foundation with a minimal attack surface and several security checks in place. The vulnerability history is a significant strength, indicating a lack of past exploitable issues. The primary area for improvement and a source of potential risk is the unparameterized SQL query. Addressing this and potentially improving output escaping would further solidify its security.",[235,238],{"reason":236,"points":237},"SQL query not using prepared statements",7,{"reason":239,"points":240},"Moderate percentage of unescaped output",4,"2026-03-16T17:56:52.210Z",{"wat":243,"direct":252},{"assetPaths":244,"generatorPatterns":247,"scriptPaths":248,"versionParams":249},[245,246],"\u002Fwp-content\u002Fplugins\u002Fscripts-to-footerphp\u002Fassets\u002Fcss\u002Fstf-style.css","\u002Fwp-content\u002Fplugins\u002Fscripts-to-footerphp\u002Fassets\u002Fjs\u002Fscripts-to-footer.js",[],[246],[250,251],"scripts-to-footerphp\u002Fassets\u002Fcss\u002Fstf-style.css?ver=","scripts-to-footerphp\u002Fassets\u002Fjs\u002Fscripts-to-footer.js?ver=",{"cssClasses":253,"htmlComments":254,"htmlAttributes":255,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":258},[],[],[],[],[],[]]