WP-Safety

Unique Headers Security & Risk Analysis

wordpress.org/plugins/unique-headers

Adds the ability to use unique custom header images on individual pages, posts or categories or tags.

20K active installs v1.9.3 PHP + WP 4.3+ Updated Oct 26, 2023
custom-headerheaderheadersimagespage
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Unique Headers Safe to Use in 2026?

Generally Safe

Score 85/100

Unique Headers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "unique-headers" plugin v1.9.3 demonstrates a generally strong security posture with excellent adherence to secure coding practices. The absence of any recorded vulnerabilities in its history is a significant positive indicator. Furthermore, the static analysis reveals a minimal attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed. Crucially, all SQL queries utilize prepared statements, and output escaping is nearly perfect, mitigating common web vulnerabilities like SQL injection and cross-site scripting (XSS). Nonce and capability checks are also present, indicating an effort to control access to plugin functionalities.

However, the taint analysis reveals two flows with unsanitized paths, categorized as high severity. While these are not exposed as direct entry points due to the plugin's limited attack surface, the presence of such flows warrants attention. It suggests a potential weakness if a future update were to inadvertently expose these paths or if an indirect path exists that was not detected. The lack of explicit external HTTP requests is also a good sign, reducing the risk of SSRF vulnerabilities. The plugin's vulnerability history is clean, which is reassuring. Overall, the plugin is well-secured, but the identified taint flows present a specific, albeit contained, area for improvement.

Key Concerns

  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

Unique Headers Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Unique Headers Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
1
78 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

99% escaped79 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
<class-custom-image-meta-box> (inc\class-custom-image-meta-box.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Unique Headers Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 18
actionadmin_enqueue_scriptsinc\class-custom-image-meta-box.php:115
actionadmin_enqueue_scriptsinc\class-custom-image-meta-box.php:116
actionadd_meta_boxesinc\class-custom-image-meta-box.php:117
actionsave_postinc\class-custom-image-meta-box.php:118
actionadmin_initinc\class-dotorg-plugin-review.php:79
actionadmin_initinc\class-dotorg-plugin-review.php:80
actionadmin_noticesinc\class-dotorg-plugin-review.php:162
filtertheme_mod_header_imageinc\class-unique-headers-display.php:58
filterwp_calculate_image_srcsetinc\class-unique-headers-display.php:59
filtertheme_mod_header_image_datainc\class-unique-headers-display.php:60
actionplugins_loadedinc\class-unique-headers-instantiate.php:52
actioninitinc\class-unique-headers-instantiate.php:53
actionadmin_initinc\class-unique-headers-taxonomy-header-images.php:109
filtertheme_mod_header_imageinc\class-unique-headers-taxonomy-header-images.php:110
filterwp_calculate_image_srcsetinc\class-unique-headers-taxonomy-header-images.php:111
filtertheme_mod_header_image_datainc\class-unique-headers-taxonomy-header-images.php:112
filterunique_header_fallback_imagesinc\legacy.php:78
actioninitinc\legacy.php:97
Maintenance & Trust

Unique Headers Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedOct 26, 2023
PHP min version
Downloads414K

Community Trust

Rating98/100
Number of ratings160
Active installs20K
Alternatives

Unique Headers Alternatives

HTTP Headers

HTTP Headers

http-headers

A
91

HTTP Headers adds CORS & security HTTP headers to your website.

50K 4 CVEs
WP Header Images

WP Header Images

wp-header-images

A
100

A great WordPress plugin which helps you to choose a unique image for each menu page.

6K 1 CVE
Add Custom Header Images

Add Custom Header Images

add-custom-header-images

A
100

Remove default header images and load custom header images from 'The Headers' page. Allows for easy selection of random header images in your theme.

500 No CVEs
Dynamic Page Header Images

Dynamic Page Header Images

dynamic-page-header-images

A
92

A very simple and lightweight Plugin for managing custom header images for pages.Dynamically Add & Change Your page Header Images.

50 No CVEs
WP Super Secure and Fast htaccess

WP Super Secure and Fast htaccess

wp-super-secure-and-fast-htaccess

A
85

This essential .htaccess rules plugin allow you to improve security and speed of your wordpress blog.

40 No CVEs
Developer Profile

Unique Headers Developer Profile

Ryan Hellyer

14 plugins · 97K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Unique Headers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/unique-headers/admin.css/wp-content/plugins/unique-headers/admin.js
Script Paths
/wp-content/plugins/unique-headers/admin.js
Version Parameters
unique-headers/admin.css?ver=unique-headers/admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
custom_meta_image_name
JS Globals
custom_meta_image_name
FAQ

Frequently Asked Questions about Unique Headers