Easy Announcements Security & Risk Analysis

wordpress.org/plugins/easy-announcements

Easily add announcements in the form of banners and popups to your WordPress site.

30 active installs v1.0.2 PHP 7.4+ WP 4.7+ Updated Mar 25, 2026
announceannouncementsbannerheadingpopups
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Easy Announcements Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Announcements has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "easy-announcements" v1.0.2 plugin demonstrates strong adherence to many WordPress security best practices, including 100% proper output escaping and 100% of SQL queries using prepared statements. The absence of dangerous functions, file operations, external HTTP requests, and any recorded vulnerabilities further contributes to a positive security posture. The presence of nonce and capability checks also indicates an awareness of common security mechanisms.

However, a significant concern arises from the plugin's attack surface. It exposes one REST API route without proper permission callbacks. This means that any user, potentially even unauthenticated ones, could interact with this REST API endpoint, creating an uncontrolled entry point. While the static analysis and taint analysis did not reveal specific vulnerabilities in the code itself, this unprotected REST API route represents a clear risk that could be exploited if the endpoint's functionality is sensitive or can be manipulated.

Overall, the plugin shows good internal code quality and a clean vulnerability history. The primary weakness lies in an unprotected entry point within the REST API. While the absence of recorded CVEs is reassuring, the unprotected REST API route warrants attention to prevent potential future exploits. Addressing this single unprotected entry point would significantly strengthen the plugin's security.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

Easy Announcements Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Easy Announcements Release Timeline

v1.0.2Current
v1.0.1
v0.2.2.1
v0.2.2
v0.2.1
v0.2
v0.1.9.1
v0.1.9
v0.1.8
v0.1.7
v0.1.6.1
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
Code Analysis
Analyzed Apr 16, 2026

Easy Announcements Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
167 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped167 total outputs
Attack Surface
1 unprotected

Easy Announcements Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

GET/wp-json/easy-announcements/v1/announcementsincludes/functions.php:482
WordPress Hooks 21
actionadmin_enqueue_scriptsadmin/admin-functions.php:9
actionadmin_enqueue_scriptsadmin/admin-functions.php:10
actionwp_enqueue_scriptsadmin/admin-functions.php:11
actionadmin_noticesadmin/admin-functions.php:75
filterallowed_block_types_alladmin/admin-functions.php:104
actionadmin_menuadmin/admin-settings.php:9
actionadmin_initadmin/admin-settings.php:10
actionadd_meta_boxesadmin/meta-box.php:9
actionsave_post_announcementadmin/meta-box.php:269
actioninitincludes/functions.php:9
actioninitincludes/functions.php:50
actionwp_enqueue_scriptsincludes/functions.php:51
actioninitincludes/functions.php:101
actionrest_insert_announcementincludes/functions.php:102
actionadd_meta_boxesincludes/functions.php:211
actionadmin_head-post-new.phpincludes/functions.php:212
actionadmin_head-post.phpincludes/functions.php:213
actiontransition_post_statusincludes/functions.php:374
actioneasy_announcements_expire_checkincludes/functions.php:375
actionrest_api_initincludes/functions.php:478
actionwp_footerincludes/functions.php:593

Scheduled Events 1

easy_announcements_expire_check
Maintenance & Trust

Easy Announcements Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 25, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Developer Profile

Easy Announcements Developer Profile

Philly Web Team

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Announcements

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-announcements/admin/assets/js/easy-announcements-admin.min.js/wp-content/plugins/easy-announcements/admin/assets/css/easy-announcements-admin.css/wp-content/plugins/easy-announcements/admin/assets/js/gutenberg-sidebar.js/wp-content/plugins/easy-announcements/admin/assets/js/easy-announcements-live-select.min.js
Script Paths
/wp-content/plugins/easy-announcements/admin/assets/js/easy-announcements-admin.min.js/wp-content/plugins/easy-announcements/admin/assets/js/gutenberg-sidebar.js/wp-content/plugins/easy-announcements/admin/assets/js/easy-announcements-live-select.min.js
Version Parameters
easy-announcements/admin/assets/js/easy-announcements-admin.min.js?ver=easy-announcements/admin/assets/css/easy-announcements-admin.css?ver=easy-announcements/admin/assets/js/gutenberg-sidebar.js?ver=easy-announcements/admin/assets/js/easy-announcements-live-select.min.js?ver=

HTML / DOM Fingerprints

JS Globals
ea_live_select_theme
REST Endpoints
/wp-json/easy-announcements
FAQ

Frequently Asked Questions about Easy Announcements