Does Announcements have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Announcements compatible with WordPress 6.4.8?

According to WordPress.org data, Announcements 1.9.3 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Announcements updated?

Announcements was last updated on Feb 8, 2024. Frequent updates are generally a positive security signal.

What is Announcements's security score?

Announcements has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Announcements Security & Risk Analysis

wordpress.org/plugins/announcements

When users logged in admin area, they will see announcements first, if users did not accept announcements, they can not open any menu in back end.

10 active installs v1.9.3 PHP + WP 3.2+ Updated Feb 8, 2024

announcementannouncementsdashboardmemonote

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Announcements Safe to Use in 2026?

Generally Safe

Score 85/100

Announcements has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "announcements" plugin v1.9.3 demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history suggest a commitment to security by the developers. Furthermore, the code analysis shows positive signs such as 100% of SQL queries using prepared statements and the presence of nonce and capability checks, which are crucial for protecting against common WordPress attacks.

However, there are areas for improvement. A significant portion of output (45%) is not properly escaped, which presents a potential risk for Cross-Site Scripting (XSS) vulnerabilities. While the attack surface appears minimal with no direct entry points detected, this unescaped output could be leveraged if an attacker finds a way to inject malicious code through other means or by manipulating plugin settings in a way not immediately apparent from the static analysis. The limited scope of taint analysis (4 flows) also means that deeper, more complex vulnerabilities might not have been uncovered.

In conclusion, the plugin is built on solid security foundations with good practices in place for database interactions and user authorization. The primary concern lies with the insufficient output escaping, which warrants attention to prevent potential XSS exploits. Addressing this would further solidify the plugin's security and bring it closer to a best-in-class security profile.

Key Concerns

Insufficient output escaping

Vulnerabilities

None known

Announcements Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Announcements Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Announcements Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared31 total queries

Output Escaping

55% escaped40 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

<frontend> (frontend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Announcements Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_enqueue_scriptsannouncement.php:35

actionadmin_menuannouncement.php:150

actionadmin_menuannouncement.php:151

actionwp_headfrontendannouncementload.php:21

Maintenance & Trust

Announcements Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedFeb 8, 2024

PHP min version

Downloads6K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

Announcements Alternatives

JAMP Notes (Just Another Memo Plugin)

jamp-notes

100

This plugin allows you to attach notes to some WordPress elements like posts, pages, dashboard sections and more.

400 No CVEs

Blocdash – Backend Dashboard Toolkit

blocdash-backend-dashboard-toolkit

100

Blocdash provides a modular frontend dashboard with announcements, login/register/profile forms, and optional Google login for block themes.

0 No CVEs

WP Dashboard Notes

wp-dashboard-notes

Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user …

20K 3 CVEs

Dashboard Notepad

dashboard-notepad

The very simplest of notepads for your Dashboard.

10K 1 unpatched

Plugin Notes Plus

plugin-notes-plus

Adds a column to the Plugins page where you can add, edit, or delete notes about a plugin.

9K 2 CVEs

Developer Profile

Announcements Developer Profile

Tomas

12 plugins · 7K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

526 days

View full developer profile

Detection Fingerprints

How We Detect Announcements

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/announcements/asset/js/scroll-up-bar.js

Script Paths