Simple Header Footer HTML Security & Risk Analysis
wordpress.org/plugins/simple-header-footer-htmlA simple plugin for injecting HTML into various places in your WordPress theme output.
Is Simple Header Footer HTML Safe to Use in 2026?
Generally Safe
Score 85/100Simple Header Footer HTML has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "simple-header-footer-html" v1.3.0 plugin exhibits a strong static security posture with zero identified entry points that are unprotected. The absence of dangerous functions, raw SQL queries, file operations, external HTTP requests, nonce checks, and capability checks in the provided static analysis is commendable and suggests adherence to secure coding practices.
The primary concern arises from the complete lack of output escaping. With 8 total outputs and 0% properly escaped, this indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied input that is rendered directly to the browser without proper sanitization could be exploited by attackers to inject malicious scripts, potentially leading to session hijacking, defacement, or other harmful actions.
Furthermore, the plugin has no recorded vulnerability history, including CVEs. While this is a positive indicator of past security diligence, it does not negate the identified risk of unescaped output. The absence of past vulnerabilities may also be attributed to a limited attack surface or insufficient historical analysis. In conclusion, while the plugin scores well on many security metrics, the critical flaw of unescaped output poses a substantial risk that needs immediate attention.
Key Concerns
- Output escaping is not implemented
Simple Header Footer HTML Security Vulnerabilities
Simple Header Footer HTML Code Analysis
Output Escaping
Simple Header Footer HTML Attack Surface
WordPress Hooks 7
Maintenance & Trust
Simple Header Footer HTML Maintenance & Trust
Maintenance Signals
Community Trust
Simple Header Footer HTML Alternatives
Insert Headers And Footers
wp-headers-and-footers
Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.
SOGO Add Script to Individual Pages Header Footer
oh-add-script-header-footer
Simple plugin to add script to header and footer for individual pages & posts
Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript
add-custom-codes
Add custom codes to your wordpress site. A completely free plugin to add Custom PHP functions, HTML, CSS, Javascript, any other codes to your website.
CM Header and Footer – Add custom scripts and styles to your header and footer with ease
cm-header-footer-script-loader
Add custom CSS and JavaScript to headers and footers on your site with the header and footer plugin for enhanced control and design.
Header Footer Custom Html
header-footer-custom-html
All in one light-weight plugin to add custom html, sticky html, custom css, or custom javascript in header and footer in any page/post or all pages/po …
Simple Header Footer HTML Developer Profile
4 plugins · 6K total installs
How We Detect Simple Header Footer HTML
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
wrapform-tablesettings-header<!-- start of <head> tag --><!-- bottom of <head> tag --><!-- before footer scripts --><!-- after footer scripts -->name="injection_head_start"name="injection_head_end"name="injection_footer_start"name="injection_footer_end"