WP-Safety

WP Smart Content Security & Risk Analysis

wordpress.org/plugins/wp-smart-content

Easily inject HTML, CSS, JS, styles, scripts & tracking code via hooks / shortcodes with safe mode, scheduling, revisioning & geotargeting.

10 active installs v1.3.4 PHP 7.0+ WP 5.0+ Updated Dec 20, 2025
ad-managementadd-stylecustomize-themeheader-and-footer-scriptschedule
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WP Smart Content Safe to Use in 2026?

Generally Safe

Score 100/100

WP Smart Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The wp-smart-content v1.3.4 plugin exhibits a generally good security posture with several strengths, including a complete absence of known vulnerabilities and a robust implementation of nonce and capability checks across its entry points. The static analysis reveals no critical or high severity taint flows, indicating a diligent effort to prevent data injection. The plugin also avoids bundling external libraries, which can often introduce outdated or vulnerable components. However, there are areas that warrant concern and require improvement. The most significant risk stems from the SQL query; with 100% of queries not utilizing prepared statements, there is a substantial risk of SQL injection vulnerabilities, particularly if user-supplied data is directly incorporated into these queries. Additionally, the substantial proportion of improperly escaped output (43%) presents a risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. The presence of file operations without specific context on their sanitization also raises a mild flag.

Key Concerns

  • SQL queries not using prepared statements
  • Significant portion of output not escaped
Vulnerabilities
None known

WP Smart Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Smart Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
96
126 escaped
Nonce Checks
9
Capability Checks
11
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

57% escaped222 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
wpsc_should_render_for_geo (includes\class-wpsc-frontend.php:249)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Smart Content Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_wpsc_get_revisionincludes\class-wpsc-revisions.php:23
authwp_ajax_wpsc_delete_revisionincludes\class-wpsc-revisions.php:26
authwp_ajax_wpsc_trim_revisionsincludes\class-wpsc-revisions.php:29

Shortcodes 1

[wp_smart_content] includes\class-wpsc-shortcodes.php:26
WordPress Hooks 23
actioninitincludes\class-wpsc-admin.php:27
actionadmin_menuincludes\class-wpsc-admin.php:28
actionadmin_enqueue_scriptsincludes\class-wpsc-admin.php:29
actionadmin_initincludes\class-wpsc-admin.php:30
filterset-screen-optionincludes\class-wpsc-admin.php:81
filterwp_kses_allowed_htmlincludes\class-wpsc-admin.php:370
filterwp_kses_allowed_htmlincludes\class-wpsc-admin.php:389
actioninitincludes\class-wpsc-block.php:19
actionadmin_initincludes\class-wpsc-duplicator.php:14
actioninitincludes\class-wpsc-geo-country-selector.php:270
actionadd_meta_boxesincludes\class-wpsc-geo-country-selector.php:271
actionsave_postincludes\class-wpsc-geo-country-selector.php:272
actionadmin_enqueue_scriptsincludes\class-wpsc-geo-country-selector.php:273
actionadmin_footerincludes\class-wpsc-list-table.php:41
actioninitincludes\class-wpsc-loader.php:41
actionplugins_loadedincludes\class-wpsc-loader.php:42
actionadmin_noticesincludes\class-wpsc-migration-manager.php:59
actionadmin_noticesincludes\class-wpsc-migration-manager.php:65
actionpost_updatedincludes\class-wpsc-revisions.php:32
actionadmin_initwp-smart-content.php:57
actionadmin_noticeswp-smart-content.php:101
actionadmin_noticeswp-smart-content.php:119
actionplugins_loadedwp-smart-content.php:134
Maintenance & Trust

WP Smart Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 20, 2025
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Smart Content Alternatives

Simple Custom CSS and JS

Simple Custom CSS and JS

custom-css-js

A
100

Easily add Custom CSS or JS to your website with an awesome editor.

700K 1 CVE
The Events Calendar

The Events Calendar

the-events-calendar

B
82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

A
95

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 5 CVEs
OttoKit: All-in-One Automation Platform

OttoKit: All-in-One Automation Platform

suretriggers

A
91

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 4 CVEs
Missed Scheduled Posts Publisher by WPBeginner

Missed Scheduled Posts Publisher by WPBeginner

missed-scheduled-posts-publisher

A
92

Are your scheduled posts missing their publication times? Missed Scheduled Posts Publisher effectively resolves the 'missed scheduled post' …

60K No CVEs
Developer Profile

WP Smart Content Developer Profile

Vinod Sebastian

2 plugins · 10 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Smart Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-smart-content/assets/css/admin.css/wp-content/plugins/wp-smart-content/assets/css/frontend.css/wp-content/plugins/wp-smart-content/assets/js/admin.js/wp-content/plugins/wp-smart-content/assets/js/frontend.js/wp-content/plugins/wp-smart-content/assets/js/tagify.min.js/wp-content/plugins/wp-smart-content/assets/js/tagify.polyfills.min.js
Script Paths
/wp-content/plugins/wp-smart-content/assets/js/admin.js/wp-content/plugins/wp-smart-content/assets/js/frontend.js/wp-content/plugins/wp-smart-content/assets/js/tagify.min.js/wp-content/plugins/wp-smart-content/assets/js/tagify.polyfills.min.js
Version Parameters
wp-smart-content/assets/css/admin.css?ver=wp-smart-content/assets/css/frontend.css?ver=wp-smart-content/assets/js/admin.js?ver=wp-smart-content/assets/js/frontend.js?ver=wp-smart-content/assets/js/tagify.min.js?ver=wp-smart-content/assets/js/tagify.polyfills.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpsc-admin-pagewpsc-list-table-wrapwpsc-form-wrapwpsc-block-formwpsc-geo-country-selectorwpsc-schedule-optionswpsc-conditions-optionswpsc-content-area
HTML Comments
<!-- WP Smart Content Admin Page --><!-- WP Smart Content Form --><!-- WP Smart Content List Table --><!-- WP Smart Content Shortcode Output -->
Data Attributes
data-wpsc-actiondata-wpsc-iddata-wpsc-fielddata-wpsc-geo-countrydata-wpsc-schedule-date-startdata-wpsc-schedule-date-end
JS Globals
WPSC_Admin_List_TableWPSC_Admin_FormWPSC_Geo_Country_SelectorWPSC_Shortcodes
REST Endpoints
/wp-json/wp-smart-content/v1/blocks/wp-json/wp-smart-content/v1/blocks/(?P<id>\d+)/wp-json/wp-smart-content/v1/countries
Shortcode Output
[wpsc_content][wpsc_content id="123"][wpsc_content type="html"][wpsc_content type="css"]
FAQ

Frequently Asked Questions about WP Smart Content