WP-Safety

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Security & Risk Analysis

wordpress.org/plugins/foobar-notifications-lite

Create unlimited notifications, announcements, or notices for your visitors

3K active installs v2.2.1 PHP 5.6+ WP 5.0+ Updated Feb 17, 2026
announcementbarnotice-barnotification-bartop-bar
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Safe to Use in 2026?

Generally Safe

Score 100/100

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "foobar-notifications-lite" plugin v2.2.1 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests are positive indicators. Furthermore, the presence of nonce and capability checks on entry points, combined with a relatively high percentage of properly escaped output, suggests a developer conscious of common security pitfalls. The zero recorded CVEs and the lack of any taint analysis findings further contribute to this positive assessment, indicating no known historical or immediately apparent severe vulnerabilities.

However, a notable concern arises from the 73% output escaping rate. While this means the majority of outputs are handled securely, the remaining 27% that are not properly escaped represent a potential cross-site scripting (XSS) vector. This is the primary weakness identified in the static analysis. The plugin's attack surface consists of 4 AJAX handlers, and while the report states 0 are unprotected, the escaping issue could still allow for XSS if user-supplied data is present in those unescaped outputs. The bundled Freemius library, if not kept updated independently, could also pose a risk if it contains known vulnerabilities, though no specific version issues are indicated here.

In conclusion, the plugin is designed with several security best practices in mind, leading to a low overall risk profile. The developer has taken steps to mitigate common threats like SQL injection and code execution. The main area requiring attention is ensuring 100% output escaping to eliminate XSS vulnerabilities. Given the lack of critical issues and historical vulnerabilities, the plugin appears relatively safe for use, provided the identified output escaping deficiency is addressed.

Key Concerns

  • Unescaped output found
  • Bundled library (Freemius v1.0) potentially outdated
Vulnerabilities
None known

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
48
129 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

73% escaped177 total outputs
Attack Surface

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_foobar_admin_import_demosincludes\admin\class-help.php:17
authwp_ajax_foobar_admin_help_demoincludes\admin\class-help.php:20
authwp_ajax_foobar_admin_cloneincludes\admin\notification\class-duplicate.php:16
authwp_ajax_foobar_admin_previewincludes\admin\notification\class-preview.php:19
WordPress Hooks 58
actionadmin_menuincludes\admin\class-help.php:13
filterfs_show_trial_foobar-notifications-liteincludes\admin\class-promotions.php:17
actionadmin_initincludes\admin\class-promotions.php:18
actioninitincludes\admin\class-promotions.php:20
filterfoobar_registered_bar_typesincludes\admin\class-promotions.php:84
actionfoobar_admin_notification_types_custom_cssincludes\admin\class-promotions.php:85
actionplugins_loadedincludes\admin\class-updates.php:17
actionsave_postincludes\admin\foofields\class-metabox.php:20
actionadmin_enqueue_scriptsincludes\admin\foofields\class-metabox.php:23
actionadmin_initincludes\admin\foofields\class-metabox.php:30
actionsave_postincludes\admin\foofields\class-metabox.php:181
actionadmin_menuincludes\admin\foofields\class-settings-page.php:27
actionadmin_initincludes\admin\foofields\class-settings-page.php:30
actionadmin_enqueue_scriptsincludes\admin\foofields\class-settings-page.php:33
filterfield_type_mappingsincludes\admin\foofields\custom\class-foobar-metabox.php:14
actionadmin_enqueue_scriptsincludes\admin\notification\class-columns.php:23
filterpost_row_actionsincludes\admin\notification\class-duplicate.php:13
actionadmin_enqueue_scriptsincludes\admin\notification\class-preview.php:13
filterpost_row_actionsincludes\admin\notification\class-preview.php:16
filtermust_add_meta_boxesincludes\admin\notification\metabox\class-debug.php:23
filtermust_add_meta_boxesincludes\admin\notification\metabox\class-inline-preview.php:23
filtermust_add_meta_boxesincludes\admin\notification\metabox\class-preview.php:24
filtercan_saveincludes\admin\notification\metabox\class-settings.php:42
filterafter_save_post_metaincludes\admin\notification\metabox\class-settings.php:43
filtermust_add_meta_boxesincludes\admin\notification\metabox\class-shortcode.php:24
actionadmin_footerincludes\admin\notification\metabox\class-types.php:23
actionadmin_headincludes\admin\notification\metabox\class-types.php:24
filterhidden_meta_boxesincludes\admin\notification\metabox\class-types.php:25
filtermust_add_meta_boxesincludes\admin\notification\metabox\class-types.php:27
actionenqueue_assetsincludes\admin\notification\metabox\class-types.php:28
filterget_posted_dataincludes\admin\notification\metabox\class-types.php:29
filterfoobar_admin_notification_settings_fieldsincludes\admin\notification\metabox\settings\class-advanced.php:10
filterfoobar_admin_notification_settings_fieldsincludes\admin\notification\metabox\settings\class-appearance.php:10
filterfoobar_render_get_metaincludes\admin\notification\metabox\settings\class-appearance.php:11
filterfoobar_admin_notification_settings_fields-messageincludes\admin\notification\metabox\settings\class-content-announcement.php:10
filterfoobar_admin_notification_settings_fields_config-messageincludes\admin\notification\metabox\settings\class-content-announcement.php:14
filterfoobar_admin_notification_settings_fields-ctaincludes\admin\notification\metabox\settings\class-content-call-to-action.php:10
filterfoobar_admin_notification_settings_fields_config-ctaincludes\admin\notification\metabox\settings\class-content-call-to-action.php:11
filterfoobar_admin_notification_settings_fields-cookieincludes\admin\notification\metabox\settings\class-content-cookie.php:10
filterfoobar_admin_notification_settings_fields_config-cookieincludes\admin\notification\metabox\settings\class-content-cookie.php:11
filterfoobar_admin_notification_settings_fieldsincludes\admin\notification\metabox\settings\class-content.php:10
filterfoobar_admin_notification_settings_fieldsincludes\admin\notification\metabox\settings\class-general.php:10
filterfoobar_admin_notification_settings_fieldsincludes\admin\notification\metabox\settings\class-visibility.php:10
filterfoobar_registered_bar_typesincludes\class-bar-type.php:13
filterfoobar_registered_renderersincludes\class-bar-type.php:14
filterfoobar_enqueue_get_bars_to_enqueue_from_cache-allincludes\class-enqueue.php:47
filterfoobar_enqueue_handle_cache_rebuild-allincludes\class-enqueue.php:90
actioninitincludes\class-init.php:26
filterplugin_iconincludes\freemius.php:55
filterpricing/show_annual_in_monthlyincludes\freemius.php:63
actionwp_footerincludes\front\class-includer.php:18
actionwp_footerincludes\front\class-includer.php:19
actionshutdownincludes\front\class-includer.php:20
actiontemplate_redirectincludes\front\class-preview.php:16
actionplugins_loadedincludes\front\class-shortcode.php:18
actioninitincludes\posttypes\class-notification.php:14
actionadmin_noticesincludes\startup-checks.php:39
actionadmin_noticesincludes\startup-checks.php:46
Maintenance & Trust

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version5.6
Downloads68K

Community Trust

Rating96/100
Number of ratings10
Active installs3K
Alternatives

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Alternatives

Notibar – Notification Bar for WordPress

Notibar – Notification Bar for WordPress

notibar

A
98

Customizer for sticky header, notification bar, alert, promo code, marketing campaign, top banner

8K 3 CVEs
Barilo Light – Top Bar Message

Barilo Light – Top Bar Message

barilo-light-top-bar-message

A
100

A free plugin to display a customizable top bar message on your WordPress site. Great for announcements, greetings, notifications or promotions.

0 No CVEs
ConvBoost Sticky Notification Bar

ConvBoost Sticky Notification Bar

convboost-sticky-notification-bar

A
100

Lightweight sticky top/bottom bar for promos & announcements. CTA, scheduling, exclusions, and live admin preview.

0 No CVEs
MAU Top Bar

MAU Top Bar

mau-top-bar

A
100

Short Description

0 No CVEs
WPFront Notification Bar

WPFront Notification Bar

wpfront-notification-bar

A
99

Easily lets you create a bar on top or bottom to display a notification.

50K 4 CVEs
Developer Profile

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Developer Profile

FooPlugins

4 plugins · 204K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
328 days
View full developer profile
Detection Fingerprints

How We Detect Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/foobar-notifications-lite/assets/css/foobar-style.css/wp-content/plugins/foobar-notifications-lite/assets/js/foobar-scripts.js
Script Paths
/wp-content/plugins/foobar-notifications-lite/assets/js/foobar-scripts.js
Version Parameters
foobar-notifications-lite/assets/css/foobar-style.css?ver=foobar-notifications-lite/assets/js/foobar-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
foobar-notification-bar
HTML Comments
<!-- FooBar Notification Bar -->
Data Attributes
data-foobar-id
JS Globals
FooBar
REST Endpoints
/wp-json/foobar/v1/settings
Shortcode Output
[foobar_notification]
FAQ

Frequently Asked Questions about Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar