Does Custom top bar have any unpatched vulnerabilities?

Yes — Custom top bar currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Custom top bar compatible with WordPress 6.9.4?

According to WordPress.org data, Custom top bar 2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Custom top bar updated?

Custom top bar was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is Custom top bar's security score?

Custom top bar has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom top bar Security & Risk Analysis

wordpress.org/plugins/custom-top-bar

You can easily customize page top bar with background color,contact number social links and a custom buttom

50 active installs v2.1 PHP + WP 3.0.1+ Updated Jan 30, 2026

colorfull-topbarcustomize-header-barhide-admin-barsocial-linkstop-bar

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 11, 2025

Plugin page Download

Safety Verdict

Is Custom top bar Safe to Use in 2026?

Mostly Safe

Score 79/100

Custom top bar is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Mar 11, 2025Updated 2mo ago

Risk Assessment

The "custom-top-bar" plugin v2.1 exhibits a generally strong security posture based on the static analysis. It demonstrates excellent adherence to best practices, with 100% of SQL queries using prepared statements and all output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface. The presence of nonce and capability checks, even with a limited entry point analysis, is a positive sign.

However, the plugin is not without risk, primarily due to its vulnerability history. A known medium severity CVE exists and is currently unpatched, indicating a potential for exploitation. The previous vulnerability also being a CSRF suggests a pattern that could be exploited by attackers to trick authenticated users into performing unintended actions. While the static analysis reveals no immediate critical or high-severity code-level issues, the unpatched CVE represents a significant and known risk that needs immediate attention.

In conclusion, while the code quality and adherence to secure coding practices in v2.1 are commendable, the presence of an unpatched medium severity CVE drastically lowers the overall security score. This unaddressed vulnerability is the most pressing concern, overshadowing the positive aspects of the static analysis. Users should prioritize updating to a patched version of this plugin or disabling it if no fix is available.

Key Concerns

Unpatched Medium Severity CVE

Vulnerabilities

Custom top bar Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-28895medium · 5.4Cross-Site Request Forgery (CSRF)

Custom top bar <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Mar 11, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Custom top bar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped59 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<setting> (setting.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom top bar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionwp_headtop-bar.php:30

actionwp_headtop-bar.php:31

actioninittop-bar.php:32

actionadd_meta_boxestop-bar.php:33

actionsave_posttop-bar.php:34

actionadmin_head-post-new.phptop-bar.php:35

actionadmin_head-post.phptop-bar.php:36

actionadmin_menutop-bar.php:37

actionadmin_enqueue_scriptstop-bar.php:38

filteradmin_post_thumbnail_htmltop-bar.php:119

Maintenance & Trust

Custom top bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 30, 2026

PHP min version

Downloads8K

Community Trust

Rating60/100

Number of ratings2

Active installs50

Alternatives

Custom top bar Alternatives

Admin Bar Manager

admin-bar-manager

The Plugin Provides An Option To Users To Hide the Admin Bar From All Users Or Only From Non-Admin Users.

10 No CVEs

WPFront Notification Bar

wpfront-notification-bar

Easily lets you create a bar on top or bottom to display a notification.

50K 4 CVEs

Hide Admin Bar

hide-admin-bar

100

Hide the Admin Bar in WordPress 3.1+.

20K No CVEs

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi …

20K 1 CVE

Powerkit – Supercharge your WordPress Site

powerkit

Essential components for every WordPress site: share buttons, social links, social media integrations, galleries, lazyload, custom widgets, and more.

20K 2 CVEs

Developer Profile

Custom top bar Developer Profile

Suman Biswas

3 plugins · 60 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom top bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-top-bar/css/bar.css

Version Parameters

custom-top-bar/css/bar.css?ver=2.1

HTML / DOM Fingerprints

Data Attributes

id="top_bar_color"id="text_color"

JS Globals

jQuery

FAQ