Does Env Bar have any unpatched vulnerabilities?

No. All known vulnerabilities in Env Bar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Env Bar compatible with WordPress 5.0.0?

According to WordPress.org data, Env Bar 0.3.0 has been tested up to WordPress 5.0.0. Check the plugin's changelog for the latest compatibility information.

How often is Env Bar updated?

Env Bar was last updated on Dec 11, 2018. Frequent updates are generally a positive security signal.

What is Env Bar's security score?

Env Bar has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Env Bar Security & Risk Analysis

wordpress.org/plugins/env-bar

Display a colored bar to help distinguish between different environments.

10 active installs v0.3.0 PHP + WP 3.7+ Updated Dec 11, 2018

developmentenvironmentservertools

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Env Bar Safe to Use in 2026?

Generally Safe

Score 85/100

Env Bar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

Based on the static analysis and vulnerability history, the "env-bar" plugin version 0.3.0 exhibits a generally strong security posture. The absence of any recorded vulnerabilities in its history is a significant positive indicator. Furthermore, the code analysis reveals no dangerous functions, no SQL queries that are not prepared, no file operations, and no external HTTP requests, all of which are excellent security practices. The presence of a nonce check is also a good sign. However, there are areas for improvement. The low percentage of properly escaped output (43%) indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully. The complete lack of capability checks, coupled with no explicit authentication checks on AJAX handlers or permission callbacks on REST API routes, suggests a broad attack surface that could be exploited if any input vectors were to be introduced or discovered in the future. While the current attack surface is zero, this could change with future development.

Key Concerns

Low percentage of properly escaped output
No capability checks

Vulnerabilities

None known

Env Bar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Env Bar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

43% escaped7 total outputs

Attack Surface

Env Bar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

filternetwork_admin_menuenv-bar.php:31

filteradmin_menuenv-bar.php:33

actionnetwork_admin_edit_env_bar_update_network_optionsenv-bar.php:149

actionadmin_headenv-bar.php:318

actionwp_headenv-bar.php:319

filterbody_classenv-bar.php:320

filteradmin_body_classenv-bar.php:321

actioninitenv-bar.php:324

Maintenance & Trust

Env Bar Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.0

Last updatedDec 11, 2018

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Env Bar Alternatives

Where

where

A WordPress plugin to display your site's environment type in the admin bar.

0 No CVEs

Version Info – Server Health Monitor, PHP & MySQL Version Display, Environment Indicators

version-info

100

The #1 technical dashboard for WordPress professionals. Display PHP, MySQL, WP & server versions anywhere in admin. Monitor CPU, RAM, DB size &amp …

10K No CVEs

Display Environment Type

display-environment-type

100

Displays WordPress 5.5's environment type setting in the admin bar and the "At a Glance" dashboard widget.

1K No CVEs

WP Reroute Email

wp-reroute-email

This plugin reroutes all outgoing emails from a WordPress site (sent using the wp_mail() function) to a predefined configurable email address.

1K 3 CVEs

WP Shield

wp-shield

This plugin will allow you to secure your development, staging and UAT environments with an http authentication block that can be controlled in admin …

300 No CVEs

Developer Profile

Env Bar Developer Profile

Justin Peacock

2 plugins · 910 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Env Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

env-baris-developmentis-stagingis-production

FAQ