Does WP Theme Scripts have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Theme Scripts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Theme Scripts compatible with WordPress 5.2.24?

According to WordPress.org data, WP Theme Scripts 0.0.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is WP Theme Scripts updated?

WP Theme Scripts was last updated on Aug 4, 2019. Frequent updates are generally a positive security signal.

What is WP Theme Scripts's security score?

WP Theme Scripts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Theme Scripts Security & Risk Analysis

wordpress.org/plugins/wp-theme-scripts

A plugin to handle adding CSS and JS to the header, footer and from 5.2.1 after the body tag.

0 active installs v0.0.1 PHP + WP 5.2.1+ Updated Aug 4, 2019

cssjavascripttheme-scripts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Theme Scripts Safe to Use in 2026?

Generally Safe

Score 85/100

WP Theme Scripts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The wp-theme-scripts plugin, in version 0.0.1, presents a seemingly strong security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the attack surface. Furthermore, the code shows an absence of dangerous functions, file operations, and external HTTP requests, which are common vectors for exploitation. All SQL queries are properly prepared, and there's a single capability check, indicating some level of authorization is considered.

However, a critical concern arises from the output escaping, with only 21% of the 14 identified outputs being properly escaped. This indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities, where untrusted data could be injected and executed in users' browsers. The lack of taint analysis data is unusual for a plugin of this nature and might suggest limited testing or an inability of the analysis tool to identify such flows, rather than their complete absence.

The plugin's vulnerability history is clean, with no known CVEs. This is a positive sign, but it's also important to remember that this is a very early version (0.0.1), and a lack of historical vulnerabilities doesn't guarantee future safety, especially given the identified output escaping issues.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

WP Theme Scripts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Theme Scripts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

21% escaped14 total outputs

Attack Surface

WP Theme Scripts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwp_headinc\actions.php:15

actionwp_footerinc\actions.php:31

actionwp_body_openinc\actions.php:48

actionadmin_menuinc\menu.php:3

actionadmin_initinc\register.php:10

Maintenance & Trust

WP Theme Scripts Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 4, 2019

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WP Theme Scripts Alternatives

Asset CleanUp: Page Speed Booster

wp-asset-clean-up

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K 6 CVEs

Scripts n Styles

scripts-n-styles

This plugin allows Admin users to individually add HTML, custom CSS, Classes and JavaScript directly to Post, Pages or any other custom post types.

30K 1 CVE

Custom CSS and JavaScript

custom-css-and-javascript

Easily add custom CSS and JavaScript code to your WordPress site, with draft previewing, revisions, and minification!

10K No CVEs

Raw HTML

raw-html

Lets you use raw HTML or any other code in your posts. You can also disable smart quotes and other automatic formatting on a per-post basis.

10K No CVEs

Code Embed

simple-embed-code

Code Embed provides a very easy and efficient way to embed code (JavaScript, CSS and HTML) in your posts and pages.

10K 3 CVEs

Developer Profile

WP Theme Scripts Developer Profile

sindustries

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Theme Scripts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-theme-scripts/inc//wp-content/plugins/wp-theme-scripts/languages/

HTML / DOM Fingerprints

FAQ