Does Simple Header and Footer have any unpatched vulnerabilities?

Yes — Simple Header and Footer currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Simple Header and Footer compatible with WordPress 6.4.8?

According to WordPress.org data, Simple Header and Footer 1.0.0 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Simple Header and Footer compatible with PHP 7.4+?

Simple Header and Footer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Header and Footer updated?

Simple Header and Footer was last updated on Feb 11, 2024. Frequent updates are generally a positive security signal.

What is Simple Header and Footer's security score?

Simple Header and Footer has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Header and Footer Security & Risk Analysis

wordpress.org/plugins/simple-header-and-footer

Simple Header and Footer Plugin let you easily insert code in the header (between and tags) and in the footer (before the tag).

20 active installs v1.0.0 PHP 7.4+ WP + Updated Feb 11, 2024

adsanalyticsfacebook-pixelfooterheader

C · Use Caution

CVEs total1

Unpatched1

Last CVENov 28, 2024

Download

Safety Verdict

Is Simple Header and Footer Safe to Use in 2026?

Use With Caution

Score 64/100

Simple Header and Footer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 28, 2024Updated 2yr ago

Risk Assessment

The plugin 'simple-header-and-footer' v1.0.0 exhibits a generally good security posture based on static analysis, with no critical or high severity issues detected in taint analysis and a strong adherence to prepared statements for SQL queries. The plugin also implements nonce and capability checks, which are positive security indicators. However, a significant concern arises from the historical vulnerability data, which shows one unpatched medium severity CVE, a common type being Cross-Site Request Forgery (CSRF). This indicates a past weakness that has not been addressed, suggesting a potential for similar vulnerabilities or a lack of active security maintenance.

The static analysis reports zero AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. This is a very positive finding, suggesting a minimal attack surface. The high percentage of properly escaped output is also commendable. Despite these strengths, the existence of an unpatched medium severity CSRF vulnerability is a substantial risk. While the code itself appears to follow many best practices, this historical issue cannot be ignored and warrants attention for remediation.

Key Concerns

Unpatched medium severity CVE

Vulnerabilities

1 published

Simple Header and Footer Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-53777medium · 6.1Cross-Site Request Forgery (CSRF)

Simple Header and Footer <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 28, 2024Unpatched

Version History

Simple Header and Footer Release Timeline

v1.0.0Current1 CVE

CVE-2024-53777

Code Analysis

Analyzed Apr 16, 2026

Simple Header and Footer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped46 total outputs

Attack Surface

Simple Header and Footer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_initadmin/admin.php:4

actionadmin_menuadmin/admin.php:16

actionadmin_enqueue_scriptsadmin/admin.php:22

actionwp_headsimple-header-and-footer.php:74

actionwp_footersimple-header-and-footer.php:81

Maintenance & Trust

Simple Header and Footer Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedFeb 11, 2024

PHP min version7.4

Downloads999

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Simple Header and Footer Alternatives

Head, Footer and Post Injections

header-footer

Head and Footer plugin lets you to add HTML code to the head and footer sections of your site pages, inside posts... and more!

300K 1 CVE

Insert Headers And Footers

wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE

NinjaTeam Header Footer Custom Code

header-footer-code

Help you easy to insert CSS and JavaScript codes to or before .

200 2 CVEs

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

Track GA4 Analytics, Google Ads, Microsoft Ads, and Conversion with server-side tracking (CAPI), dynamic remarketing, & product feeds for WooCommerce.

10K 10 CVEs

Developer Profile

Simple Header and Footer Developer Profile

Alberto Reineri

2 plugins · 40 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Header and Footer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-header-and-footer/admin/admin.css

HTML / DOM Fingerprints

Shortcode Output

[snippet_1][snippet_2][snippet_3][snippet_4]

FAQ