Bottom Bar Security & Risk Analysis

wordpress.org/plugins/bottom-bar

Bottom Bar is a WordPress plugin that includes a several features for creating interactive and user-friendly toolbar.

10 active installs v0.1.7 PHP + WP 2.9.2+ Updated Dec 12, 2010
barbottom-bardelicioussharetoolbar
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 19, 2026
Safety Verdict

Is Bottom Bar Safe to Use in 2026?

Use With Caution

Score 63/100

Bottom Bar has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 19, 2026Updated 15yr ago
Risk Assessment

The "bottom-bar" plugin v0.1.7 exhibits a mixed security posture. On one hand, the absence of known vulnerabilities and CVEs in its history suggests a potentially well-maintained or less-targeted plugin. Furthermore, the static analysis reports a limited attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. This is a positive sign for overall security.

However, several significant concerns arise from the code analysis. The fact that 100% of output is not properly escaped is a major red flag, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, 13% of SQL queries not using prepared statements, coupled with a taint analysis indicating a flow with unsanitized paths, suggests potential SQL injection risks. The complete lack of nonce checks and capability checks, especially concerning given the potential for XSS, further weakens its security defenses.

Key Concerns

  • 0% output escaping
  • Raw SQL queries
  • Unsanitized paths in taint flow
  • No nonce checks
  • No capability checks
Vulnerabilities
1 published

Bottom Bar Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-6401medium · 4.3Cross-Site Request Forgery (CSRF)

Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings Update

May 19, 2026Unpatched
Version History

Bottom Bar Release Timeline

v0.1.7Current1 CVE
v0.1.61 CVE
v0.1.51 CVE
v0.1.41 CVE
v0.1.31 CVE
v0.1.21 CVE
Code Analysis
Analyzed Mar 16, 2026

Bottom Bar Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
1 prepared
Unescaped Output
50
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

13% prepared8 total queries

Output Escaping

0% escaped50 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<bottom-bar-admin> (bottom-bar-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Bottom Bar Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
filterwp_footerbottom-bar.php:342
filterwp_headbottom-bar.php:343
actionadmin_menubottom-bar.php:351
actionadmin_headbottom-bar.php:361
Maintenance & Trust

Bottom Bar Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedDec 12, 2010
PHP min version
Downloads12K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Bottom Bar Developer Profile

svil4ok

2 plugins · 20 total installs

76
trust score
Avg Security Score
74/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bottom Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bottom-bar/css/bottom-bar.css/wp-content/plugins/bottom-bar/controllers/jquery.min.js/wp-content/plugins/bottom-bar/controllers/bottom-bar.js
Script Paths
/wp-content/plugins/bottom-bar/controllers/jquery.min.js/wp-content/plugins/bottom-bar/controllers/bottom-bar.js

HTML / DOM Fingerprints

CSS Classes
random-post
JS Globals
bb_lang
FAQ

Frequently Asked Questions about Bottom Bar