Does Simple SCSS Compiler have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple SCSS Compiler have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple SCSS Compiler compatible with WordPress 5.9.13?

According to WordPress.org data, Simple SCSS Compiler 1.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Simple SCSS Compiler compatible with PHP 5.6+?

Simple SCSS Compiler requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple SCSS Compiler updated?

Simple SCSS Compiler was last updated on Feb 10, 2022. Frequent updates are generally a positive security signal.

What is Simple SCSS Compiler's security score?

Simple SCSS Compiler has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple SCSS Compiler Security & Risk Analysis

wordpress.org/plugins/simple-scss-compiler

Simple SCSS Compiler makes it easy for you to automatically compile your SCSS files to CSS, thus providing you with a hassle-free development experien …

20 active installs v1.0 PHP 5.6+ WP 5.0+ Updated Feb 10, 2022

compilercssdevelopmentscsssimple

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple SCSS Compiler Safe to Use in 2026?

Generally Safe

Score 85/100

Simple SCSS Compiler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "simple-scss-compiler" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by exclusively using prepared statements for SQL queries and avoids external HTTP requests. The absence of known CVEs and a clean vulnerability history are also positive indicators, suggesting a well-maintained and likely secure plugin.

However, several significant concerns arise from the static analysis. The presence of dangerous functions like `unserialize` and `assert` is a major red flag. While the attack surface appears small (0 entry points), the lack of nonce checks and a single instance of capability checks for its entry points is worrying. Furthermore, only 33% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is ever processed or displayed.

In conclusion, while the plugin benefits from a lack of past vulnerabilities and secure database interactions, the identified dangerous functions, limited output escaping, and potential for missing authentication/authorization checks on its limited entry points present tangible risks that should be addressed.

Key Concerns

Dangerous functions like unserialize/assert present
Low percentage of properly escaped output
Missing nonce checks on entry points
Limited capability checks on entry points

Vulnerabilities

None known

Simple SCSS Compiler Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple SCSS Compiler Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$c = unserialize($c);vendors\scssphp-1.10.0\src\Cache.php:136

unserialize$value = unserialize($value);vendors\scssphp-1.10.0\src\Compiler.php:800

assertassert($media instanceof MediaBlock);vendors\scssphp-1.10.0\src\Compiler.php:1284

assertassert($block instanceof AtRootBlock);vendors\scssphp-1.10.0\src\Compiler.php:1428

assertassert($selfParent !== null, 'at-root blocks must have a selfParent set.');vendors\scssphp-1.10.0\src\Compiler.php:1451

assertassert($block instanceof DirectiveBlock || $block instanceof OutputBlock);vendors\scssphp-1.10.0\src\Compiler.php:1700

assertassert($block instanceof NestedPropertyBlock);vendors\scssphp-1.10.0\src\Compiler.php:1791

assertassert($child[1] instanceof NestedPropertyBlock);vendors\scssphp-1.10.0\src\Compiler.php:1810

assertassert($block instanceof CallableBlock);vendors\scssphp-1.10.0\src\Compiler.php:3068

assertassert($if instanceof IfBlock);vendors\scssphp-1.10.0\src\Compiler.php:3119

assertassert($each instanceof EachBlock);vendors\scssphp-1.10.0\src\Compiler.php:3137

assertassert($while instanceof WhileBlock);vendors\scssphp-1.10.0\src\Compiler.php:3172

assertassert($for instanceof ForBlock);vendors\scssphp-1.10.0\src\Compiler.php:3185

assertassert($mixin instanceof CallableBlock);vendors\scssphp-1.10.0\src\Compiler.php:3246

assertassert($kebabCaseName !== null);vendors\scssphp-1.10.0\src\Compiler.php:3891

assertassert($env->block instanceof MediaBlock);vendors\scssphp-1.10.0\src\Compiler.php:4992

assertassert(!empty($parsedPrototypes));vendors\scssphp-1.10.0\src\Compiler.php:6378

assertassert(\is_string($arg[0][1]));vendors\scssphp-1.10.0\src\Compiler.php:6676

assertassert(\is_string($name));vendors\scssphp-1.10.0\src\Compiler.php:6701

assertassert($originalRestArgumentName !== null);vendors\scssphp-1.10.0\src\Compiler.php:6832

assertassert($default !== null);vendors\scssphp-1.10.0\src\Compiler.php:6853

assertassert(! empty($block->selectors));vendors\scssphp-1.10.0\src\Formatter\Compressed.php:70

assertassert(! empty($block->selectors));vendors\scssphp-1.10.0\src\Formatter\Crunched.php:74

assertassert(! empty($block->selectors));vendors\scssphp-1.10.0\src\Formatter.php:168

assertassert($if instanceof IfBlock);vendors\scssphp-1.10.0\src\Parser.php:800

assertassert(\is_array($include));vendors\scssphp-1.10.0\src\Parser.php:1084

Output Escaping

33% escaped15 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

sscssc_settings_page (classes\admin.php:39)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple SCSS Compiler Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menuclasses\admin.php:14

actionadmin_enqueue_scriptsclasses\admin.php:17

filterplugin_action_linksclasses\admin.php:20

actioninitclasses\compiler.php:20

Maintenance & Trust

Simple SCSS Compiler Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedFeb 10, 2022

PHP min version5.6

Downloads838

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Simple SCSS Compiler Alternatives

Lenix scss compiler

lenix-scss-compiler

An excellent way to write Scss in wordpress

800 2 unpatched

Layout Engine

layout-engine

100

Drag and drop wordpress visual theme designer framework, featuring integrated LessCSS support.simplified widget and dynamic sidebar administration.

10 No CVEs

Sass To CSS Compiler

sass-to-css-compiler

100

Compile Your Theme-Plugin Sass (.scss) files to .css on the fly.

10 No CVEs

Simple CSS

simple-css

100

Add CSS to your website through an admin editor, the Customizer or a metabox for page/post specific CSS.

80K No CVEs

WP-SCSS

wp-scss

100

Compiles .scss files to .css and enqueues them.

40K No CVEs

Developer Profile

Simple SCSS Compiler Developer Profile

kidadavid

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple SCSS Compiler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-scss-compiler/assets/sscssc-styles.css/wp-content/plugins/simple-scss-compiler/assets/sscssc-scripts.js

Script Paths

/wp-content/plugins/simple-scss-compiler/assets/sscssc-scripts.js

Version Parameters

simple-scss-compiler/assets/sscssc-styles.css?ver=simple-scss-compiler/assets/sscssc-scripts.js?ver=

HTML / DOM Fingerprints

Data Attributes

sscssc-files-to-compile

JS Globals

SscssCSettingsObject

FAQ