Does Insert Headers And Footers have any unpatched vulnerabilities?

No. All known vulnerabilities in Insert Headers And Footers have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Insert Headers And Footers compatible with WordPress 6.9.4?

According to WordPress.org data, Insert Headers And Footers 3.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Insert Headers And Footers updated?

Insert Headers And Footers was last updated on Jan 5, 2026. Frequent updates are generally a positive security signal.

What is Insert Headers And Footers's security score?

Insert Headers And Footers has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Insert Headers And Footers Security & Risk Analysis

wordpress.org/plugins/wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K active installs v3.1.3 PHP + WP 5.0+ Updated Jan 5, 2026

custom-cssfacebook-pixelfootergoogle-analyticsheader

A · Safe

CVEs total1

Unpatched0

Last CVEApr 18, 2025

Plugin page Download

Safety Verdict

Is Insert Headers And Footers Safe to Use in 2026?

Generally Safe

Score 98/100

Insert Headers And Footers has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 18, 2025Updated 2mo ago

Risk Assessment

The wp-headers-and-footers plugin v3.1.3 demonstrates a generally strong security posture, with a clean bill of health from taint analysis and a lack of critical or high severity vulnerabilities in its static analysis results. The plugin effectively utilizes nonce and capability checks, and its limited attack surface, consisting of only two AJAX entry points, are all protected by authorization checks. The absence of unsanitized paths in taint analysis and a low percentage of unescaped outputs further contribute to its good security standing. However, the presence of a past high-severity vulnerability, even though currently patched, warrants attention. The single SQL query not utilizing prepared statements is a minor concern, though its impact is mitigated by the lack of other exploitable patterns. Overall, the plugin is well-secured, but historical vulnerabilities and the minor SQL concern suggest a need for continued vigilance and review of coding practices.

Key Concerns

One SQL query not using prepared statements
Historical high severity vulnerability (now patched)

Vulnerabilities

Insert Headers And Footers Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-2111high · 7.5Cross-Site Request Forgery (CSRF)

WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update

Apr 18, 2025 Patched in 3.1.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Insert Headers And Footers Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

147 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

82% escaped180 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

wp_headers_and_footers_review_notice_message (classes\class-notifications.php:119)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Insert Headers And Footers Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_wpheadersandfooters_log_downloadwp-headers-and-footers.php:157

authwp_ajax_wpheadersandfooters_optout_yeswp-headers-and-footers.php:161

WordPress Hooks 20

actionadmin_initclasses\class-notifications.php:35

actionadmin_noticesclasses\class-notifications.php:67

actionadmin_enqueue_scriptsclasses\class-settings-api.php:32

actionadmin_initclasses\class-setup.php:42

actionadmin_menuclasses\class-setup.php:44

filterplugin_row_metaclasses\plugin-meta.php:26

actionplugin_action_linksclasses\plugin-meta.php:27

actioninitwp-headers-and-footers.php:132

actionadmin_enqueue_scriptswp-headers-and-footers.php:133

actionwp_print_scriptswp-headers-and-footers.php:134

actionadmin_initwp-headers-and-footers.php:135

actionwp_headwp-headers-and-footers.php:138

actionwp_headwp-headers-and-footers.php:140

actionwp_body_openwp-headers-and-footers.php:145

actionwp_body_openwp-headers-and-footers.php:147

actionwp_footerwp-headers-and-footers.php:152

actionwp_footerwp-headers-and-footers.php:154

actionwp_wpb_sdk_after_uninstallwp-headers-and-footers.php:158

actionadmin_footerwp-headers-and-footers.php:159

actionadmin_menuwp-headers-and-footers.php:160

Maintenance & Trust

Insert Headers And Footers Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 5, 2026

PHP min version

Downloads2.3M

Community Trust

Rating100/100

Number of ratings127

Active installs300K

Alternatives

Insert Headers And Footers Alternatives

NinjaTeam Header Footer Custom Code

header-footer-code

Help you easy to insert CSS and JavaScript codes to or before .

200 2 CVEs

Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript

add-custom-codes

Add custom codes to your wordpress site. A completely free plugin to add Custom PHP functions, HTML, CSS, Javascript, any other codes to your website.

1K 4 unpatched

CM Header and Footer – Add custom scripts and styles to your header and footer with ease

cm-header-footer-script-loader

Add custom CSS and JavaScript to headers and footers on your site with the header and footer plugin for enhanced control and design.

1K 1 CVE

In Page Script

in-page-script

This plugin helps to add scripts into the header (before close tag </HEAD>) or the footer (before close tag </BODY>).

100 No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Developer Profile

Insert Headers And Footers Developer Profile

Adnan

11 plugins · 660K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

526 days

View full developer profile

Detection Fingerprints

How We Detect Insert Headers And Footers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-admin-notices.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-api.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-assets.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-debug.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-hooks.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-installer.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-license.php/wp-content/plugins/wp-headers-and-footers/lib/wpb-sdk/classes/class-wpb-sdk-logs.php+29 more

HTML / DOM Fingerprints

HTML Comments

JS Globals

wpheadersandfooters_optout_noncewpheadersandfooters_optin_nonce

FAQ