Does Banner Alerts have any unpatched vulnerabilities?

No. All known vulnerabilities in Banner Alerts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Banner Alerts compatible with WordPress 6.8.5?

According to WordPress.org data, Banner Alerts 1.4.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Banner Alerts compatible with PHP 5.4+?

Banner Alerts requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Banner Alerts updated?

Banner Alerts was last updated on Apr 29, 2025. Frequent updates are generally a positive security signal.

What is Banner Alerts's security score?

Banner Alerts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Banner Alerts Security & Risk Analysis

wordpress.org/plugins/banner-alerts

Provides an easy interface for creating and displaying alerts or notices as a banner on a website

300 active installs v1.4.2 PHP 5.4+ WP 4.6+ Updated Apr 29, 2025

alertbanner-alertinfomessagenotice

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Banner Alerts Safe to Use in 2026?

Generally Safe

Score 100/100

Banner Alerts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "banner-alerts" plugin v1.4.2 presents a concerning security posture primarily due to its unprotected AJAX handlers, which represent a significant attack surface. The absence of any authentication or capability checks on these two entry points means that any authenticated user could potentially trigger these functions, leading to unintended actions or information disclosure. While the plugin demonstrates good practices in SQL query handling and avoids dangerous functions or file operations, the lack of output escaping on a substantial portion of its outputs is a notable weakness, potentially allowing for cross-site scripting (XSS) vulnerabilities if user-controlled input is involved. The absence of any recorded vulnerability history is a positive indicator, suggesting that the plugin has historically been developed with security in mind or has not been a target for exploitation. However, this history does not mitigate the immediate risks identified in the static analysis. Overall, the plugin has a critical weakness in its handling of AJAX requests, and a secondary concern regarding output escaping, which overshadows its otherwise clean code signals. Prioritization should be given to securing these AJAX endpoints.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output

Vulnerabilities

None known

Banner Alerts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Banner Alerts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

6% escaped32 total outputs

Attack Surface

2 unprotected

Banner Alerts Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_get_banner_alertssrc\BannerAlerts.php:55

noprivwp_ajax_get_banner_alertssrc\BannerAlerts.php:56

WordPress Hooks 4

actionadmin_menusrc\Admin\AdminPages.php:21

actionadmin_initsrc\Admin\AdminPages.php:22

actioninitsrc\BannerAlerts.php:24

actionwp_enqueue_scriptssrc\BannerAlerts.php:26

Maintenance & Trust

Banner Alerts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 29, 2025

PHP min version5.4

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

Banner Alerts Alternatives

Cart Notices for WooCommerce

cart-notices-for-woocommerce

100

Display on cart page notices based on products and product categories in cart, cart cost, current day and time, customer referrer.

2K No CVEs

Advanced Notifications

advanced-notifications

Advanced Notifications allows you to create beautiful custom notifications that appear on pages or posts of your choice.

100 1 CVE

Customize WordPress Emails and Alerts – Better Notifications for WP

bnfw

Supercharge your WordPress email notifications using a WYSIWYG editor and shortcodes. Default and new notifications available. Add-ons available.

30K 2 CVEs

WP Post Disclaimer

wp-post-disclaimer

Add customizable disclaimers, terms, or warnings to the top, bottom, or within post, page, or custom post type content for WordPress

2K 1 CVE

WPC Smart Messages for WooCommerce

wpc-smart-messages

WPC Smart Messages help you display messages throughout your store through smart conditional logic settings.

1K 1 unpatched

Developer Profile

Banner Alerts Developer Profile

Valice

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Banner Alerts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/banner-alerts/ui/js/banner-alerts.js/wp-content/plugins/banner-alerts/ui/js/banner-alerts.min.js

Script Paths