Does WP CSS, Javascript and HTML have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP CSS, Javascript and HTML compatible with WordPress 6.0.11?

According to WordPress.org data, WP CSS, Javascript and HTML 2.3.2 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is WP CSS, Javascript and HTML updated?

WP CSS, Javascript and HTML was last updated on Jul 28, 2022. Frequent updates are generally a positive security signal.

What is WP CSS, Javascript and HTML's security score?

WP CSS, Javascript and HTML has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP CSS, Javascript and HTML Security & Risk Analysis

wordpress.org/plugins/wp-css-and-js-code

Custom CSS, Javascript and HTML on specific posts or page or you can do it in global.

10 active installs v2.3.2 PHP + WP 5.1+ Updated Jul 28, 2022

csshtmljavascriptjsminify

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP CSS, Javascript and HTML Safe to Use in 2026?

Generally Safe

Score 85/100

WP CSS, Javascript and HTML has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The wp-css-and-js-code plugin v2.3.2 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs, unpatched vulnerabilities, and critical taint flows is a strong indicator of a well-maintained and secure codebase. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and including a nonce check on its single AJAX handler. The limited attack surface, consisting of only one AJAX handler with no reported vulnerabilities, further enhances its security profile.

However, there are some areas for improvement. The low percentage of properly escaped output (7%) is a significant concern. While the static analysis did not detect specific taint flows or raw SQL queries that could directly exploit this, a large number of unescaped outputs increases the risk of cross-site scripting (XSS) vulnerabilities, especially if the plugin handles user-provided data in ways not fully captured by the static analysis. The lack of capability checks on the AJAX handler, while currently protected by a nonce, means that any future bypass of the nonce check could lead to unauthorized actions if user roles are not considered.

In conclusion, the plugin appears to be largely secure, with no critical or high-severity issues identified in its vulnerability history or static analysis. The primary weakness lies in the insufficient output escaping, which requires attention to mitigate potential XSS risks. The current security measures are robust for the identified entry points, but improving output sanitization practices would further strengthen its defenses.

Key Concerns

Low percentage of properly escaped output
No capability checks on AJAX handler

Vulnerabilities

None known

WP CSS, Javascript and HTML Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP CSS, Javascript and HTML Release Timeline

v2.3.2Current

v2.2.2

v2.2.1

v2.2.0

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

WP CSS, Javascript and HTML Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

7% escaped45 total outputs

Attack Surface

WP CSS, Javascript and HTML Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wp_css_code_postmetaadmin.php:289

WordPress Hooks 6

actionadmin_initadmin.php:111

actionadmin_menuadmin.php:119

actionadd_meta_boxesadmin.php:140

actionwp_headinject.php:86

actionwp_footerinject.php:127

actionwp_body_openinject.php:146

Maintenance & Trust

WP CSS, Javascript and HTML Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJul 28, 2022

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP CSS, Javascript and HTML Alternatives

WP Minify Fix

wp-minify-fix

[Fixed] This plugin uses the Minify engine to combine and compress JS and CSS files to improve page load time.

900 No CVEs

WP Fast Minify

wp-inline-js-converter

Compress HTML Code, And Converting Inline Script and Style To JavaScript and CSS Compressed File.

10 No CVEs

WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

wp-super-minify

100

A lightweight plugin that automatically minifies, compresses, and caches HTML, CSS, and JavaScript on demand to improve your website’s load speed.

9K 1 CVE

Better WordPress Minify

bwp-minify

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs

Insert Code by Angie Makes

wpc-insert-code

Easily insert HTML, Javascript, CSS, into the head and footer areas of your site.

900 No CVEs

Developer Profile

WP CSS, Javascript and HTML Developer Profile

Jundell Agbo

3 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP CSS, Javascript and HTML

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-css-and-js-code/libs/codemirror/lib/codemirror.css/wp-content/plugins/wp-css-and-js-code/libs/codemirror/lib/codemirror.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/theme//wp-content/plugins/wp-css-and-js-code/libs/codemirror/mode/css/css.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/mode/javascript/javascript.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/mode/xml/xml.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/addon/lint/lint.css/wp-content/plugins/wp-css-and-js-code/libs/codemirror/addon/lint/lint.js+9 more

Script Paths

/wp-content/plugins/wp-css-and-js-code/libs/codemirror/lib/codemirror.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/mode/css/css.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/mode/javascript/javascript.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/mode/xml/xml.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/addon/lint/lint.js/wp-content/plugins/wp-css-and-js-code/libs/codemirror/addon/lint/css-lint.js+6 more

Version Parameters

wp-css-js-code/libs/codemirror/lib/codemirror.css?ver=wp-css-js-code/libs/codemirror/lib/codemirror.js?ver=wp-css-js-code/libs/codemirror/theme/wp-css-js-code/libs/codemirror/mode/css/css.js?ver=wp-css-js-code/libs/codemirror/mode/javascript/javascript.js?ver=wp-css-js-code/libs/codemirror/mode/xml/xml.js?ver=wp-css-js-code/libs/codemirror/addon/lint/lint.css?ver=wp-css-js-code/libs/codemirror/addon/lint/lint.js?ver=wp-css-js-code/libs/codemirror/addon/lint/css-lint.js?ver=wp-css-js-code/libs/codemirror/addon/lint/javascript-lint.js?ver=wp-css-js-code/libs/codemirror/addon/hint/show-hint.css?ver=wp-css-js-code/libs/codemirror/addon/hint/show-hint.js?ver=wp-css-js-code/libs/css-js-hint/csshint.js?ver=wp-css-js-code/libs/css-js-hint/jshint.js?ver=wp-css-js-code/libs/codemirror/addon/edit/trailingspace.js?ver=wp-css-js-code/ext/wp_css_js_code.js?ver=wp-css-js-code/ext/wp_css_js_code.css?ver=

HTML / DOM Fingerprints

CSS Classes

wp-css-js-code-codemirror-theme

Data Attributes

wpcssjscode_themeeditor

JS Globals

wpcssjscode_themeeditorwp_css_js_obj

FAQ