WP-Safety

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Security & Risk Analysis

wordpress.org/plugins/admin-bar

Take full control of your WordPress admin bar: hide items, reorder menus, and design a cleaner toolbar for every user.

3K active installs v1.1.5 PHP 7.0+ WP 4.0+ Updated Feb 10, 2026
admin-baradmin-bar-positioncustomizationhide-admin-bartoolbar
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 26, 2024
Plugin page Download
Safety Verdict

Is Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Safe to Use in 2026?

Generally Safe

Score 99/100

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 26, 2024Updated 1mo ago
Risk Assessment

The "admin-bar" plugin version 1.1.5 exhibits a generally positive security posture due to its adherence to several WordPress security best practices. The absence of any unprotected AJAX handlers, REST API routes, shortcodes, or cron events, coupled with robust use of prepared statements for SQL queries, nonces, and capability checks, indicates a conscious effort towards secure development.

However, there are areas for concern. The taint analysis reveals two flows with unsanitized paths, although these are not currently flagged as critical or high severity. This suggests a potential for subtle vulnerabilities if input validation or sanitization were to be less stringent in other parts of the code. Furthermore, the plugin makes four external HTTP requests, which, while not inherently insecure, represent an external dependency that could be a vector for attack if the remote service is compromised or misconfigured. The presence of one known CVE, even if currently patched, warrants attention as it indicates a history of past vulnerabilities.

Overall, "admin-bar" v1.1.5 is a reasonably secure plugin, with strong foundational security practices. The limited number of entry points and the use of security checks are commendable. The primary areas for improvement lie in ensuring all code paths are thoroughly sanitized and reviewed for potential path traversal issues, and maintaining vigilance regarding external dependencies and historical vulnerability patterns.

Key Concerns

  • Taint analysis shows unsanitized paths
  • External HTTP requests made by the plugin
  • Known CVE exists for the plugin
  • Output escaping not fully implemented (75% proper)
Vulnerabilities
1

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-1716medium · 4.3Missing Authorization

Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Apr 26, 2024 Patched in 1.0.23 (7d)
Code Analysis
Analyzed Mar 16, 2026

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
54
159 escaped
Nonce Checks
6
Capability Checks
11
File Operations
0
External Requests
4
Bundled Libraries
0

Output Escaping

75% escaped213 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
notification_action (Inc\Classes\Notifications\Notifications.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_jlt_admin_bar_editor_deactivation_surveyInc\Classes\Feedback.php:29
authwp_ajax_jlt_admin_bar_editor_notification_actionInc\Classes\Notifications\Notifications.php:42
authwp_ajax_jlt_admin_bar_editor_subscribeInc\Classes\Notifications\Subscribe.php:27
authwp_ajax_jlt_admin_bar_editor_allow_collectInc\Classes\Notifications\What_We_Collect.php:27
authwp_ajax_jlt_admin_bar_editor_recommended_upgrade_pluginLibs\Recommended.php:43
authwp_ajax_jlt_admin_bar_editor_recommended_activate_pluginLibs\Recommended.php:44
WordPress Hooks 34
actionplugins_loadedclass-admin-bar.php:47
filteradmin_body_classclass-admin-bar.php:50
filterbody_classclass-admin-bar.php:51
actionplugins_loadedclass-admin-bar.php:54
actionadmin_menuclass-admin-bar.php:57
actionrest_api_initInc\Classes\AdminBarEditorApiEndPoints.php:20
filterrest_pre_dispatchInc\Classes\AdminBarEditorApiEndPoints.php:21
filterupload_dirInc\Classes\AdminBarEditorApiEndPoints.php:296
actionadmin_enqueue_scriptsInc\Classes\AdminBarEditorAssets.php:24
actionadmin_footerInc\Classes\AdminBarEditorAssets.php:25
actionwp_footerInc\Classes\AdminBarEditorAssets.php:26
actionadmin_enqueue_scriptsInc\Classes\AdminBarEditorAssets.php:29
actionwp_enqueue_scriptsInc\Classes\AdminBarEditorAssets.php:30
actionwp_enqueue_scriptsInc\Classes\AdminBarEditorAssets.php:33
actioninitInc\Classes\Core.php:39
actionadmin_initInc\Classes\Core.php:40
actionwp_before_admin_bar_renderInc\Classes\Core.php:44
actionwp_before_admin_bar_renderInc\Classes\Core.php:45
filtershow_admin_barInc\Classes\Core.php:112
actionadmin_enqueue_scriptsInc\Classes\Feedback.php:27
actionadmin_footerInc\Classes\Feedback.php:28
actionadmin_noticesInc\Classes\Notifications\Notifications.php:37
actionjlt_admin_bar_editor_display_noticeInc\Classes\Notifications\Notifications.php:39
actionjlt_admin_bar_editor_display_popupInc\Classes\Notifications\Notifications.php:40
actionjlt_admin_bar_editor_sheet_promo_data_resetInc\Classes\Notifications\Upgrade_Notice.php:26
actionadmin_footerInc\Classes\Pro_Upgrade.php:46
actionadmin_footerInc\functions.php:108
actionwp_footerInc\functions.php:109
actionwp_footerInc\functions.php:130
actionadmin_footerInc\functions.php:214
actionadmin_enqueue_scriptsLibs\Assets.php:25
filterinstall_plugins_table_api_args_featuredLibs\Featured.php:23
filterplugins_api_resultLibs\Featured.php:33
actionadmin_menuLibs\Recommended.php:42
Maintenance & Trust

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 10, 2026
PHP min version7.0
Downloads72K

Community Trust

Rating86/100
Number of ratings20
Active installs3K
Alternatives

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Alternatives

Hide Admin Bar Based on User Roles

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

A
100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi &hellip;

20K 1 CVE
Hide Admin Toolbar

Hide Admin Toolbar

hide-admin-toolbar

A
85

This plugin is used to hide admin toolbar from website. It will hide that bar when you are logged in and viewing the site.

8K No CVEs
Disable Toolbar

Disable Toolbar

disable-toolbar

A
85

Control who sees the WP Toolbar when viewing your site.

2K No CVEs
Daisy Admin Bar – Hide Admin Toolbar Based on User Roles, Disable Admin Bar from Non-Admins

Daisy Admin Bar – Hide Admin Toolbar Based on User Roles, Disable Admin Bar from Non-Admins

daisy-admin-bar

A
100

Control visibility of the admin bar based on user roles.

100 No CVEs
MM Admin Bar

MM Admin Bar

hide-admin-navbar

A
100

Hide the admin bar from the frontend.

100 No CVEs
Developer Profile

Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Developer Profile

Liton Arefin

45 plugins · 43K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
65 days
View full developer profile
Detection Fingerprints

How We Detect Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-bar-editor/Inc/AdminBarEditorAssets.php/wp-content/plugins/admin-bar-editor/Inc/Classes/AdminBarEditorAssets.php/wp-content/plugins/admin-bar-editor/vendor/autoload.php/wp-content/plugins/admin-bar-editor/class-admin-bar.php

HTML / DOM Fingerprints

CSS Classes
jlt-admin-bar
FAQ

Frequently Asked Questions about Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus