Does GoodBarber have any unpatched vulnerabilities?

No. All known vulnerabilities in GoodBarber have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GoodBarber compatible with WordPress 6.9.4?

According to WordPress.org data, GoodBarber 1.0.28 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is GoodBarber updated?

GoodBarber was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is GoodBarber's security score?

GoodBarber has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GoodBarber Security & Risk Analysis

wordpress.org/plugins/goodbarber

GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and/or Android

1K active installs v1.0.28 PHP + WP 2.8+ Updated Mar 9, 2026

androidgoodbarberiosjsonnative-apps

A · Safe

CVEs total2

Unpatched0

Last CVEApr 16, 2025

Plugin page Download

Safety Verdict

Is GoodBarber Safe to Use in 2026?

Generally Safe

Score 98/100

GoodBarber has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 16, 2025Updated 25d ago

Risk Assessment

The "goodbarber" plugin v1.0.28 exhibits a mixed security posture. While the static analysis reveals a very small attack surface with no apparent direct entry points like AJAX handlers, REST API routes, or shortcodes, and a good percentage of SQL queries using prepared statements, there are significant concerns regarding output sanitization. The fact that 0% of the 4 total outputs are properly escaped indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. This lack of proper escaping for all identified output points is a critical oversight.

The plugin's vulnerability history, showing 2 medium-severity CVEs for "Open Redirect" and "CSRF", despite being unpatched at the time of this analysis (last vulnerability in 2025), suggests a pattern of security weaknesses. While the current version may not have unpatched vulnerabilities, the historical context is important. The absence of taint analysis results could be due to the limited number of flows analyzed or the specific nature of the code, but the lack of output escaping is a more concrete and actionable concern.

In conclusion, "goodbarber" v1.0.28 has strengths in its limited attack surface and SQL query sanitization. However, the complete lack of output escaping for all identified outputs is a severe weakness that significantly increases the risk of XSS attacks. Coupled with a history of medium-severity vulnerabilities, this plugin requires careful consideration and immediate remediation of its output sanitization issues.

Key Concerns

No output escaping on any outputs
2 medium severity vulnerabilities in history

Vulnerabilities

GoodBarber Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-39523medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

GoodBarber <= 1.0.26 - Open Redirect

Apr 16, 2025 Patched in 1.0.27 (8d)

CVE-2023-45107medium · 4.3Cross-Site Request Forgery (CSRF)

GoodBarber <= 1.0.23 - Cross-Site Request Forgery via admin_options

Oct 6, 2023 Patched in 1.0.24 (109d)

Code Analysis

Analyzed Mar 16, 2026

GoodBarber Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

88% prepared8 total queries

Output Escaping

0% escaped4 total outputs

Attack Surface

GoodBarber Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionadmin_noticesgb-json-api.php:40

actionadmin_noticesgb-json-api.php:44

filterrewrite_rules_arraygb-json-api.php:47

filterrewrite_rules_arraygb-json-api.php:63

actioninitgb-json-api.php:95

actioncomment_id_not_foundmodels\comment.php:47

actioncomment_closedmodels\comment.php:48

actioncomment_on_draftmodels\comment.php:49

filtercomment_post_redirectmodels\comment.php:50

actiontemplate_redirectsingletons\api.php:13

actionadmin_menusingletons\api.php:14

actionupdate_option_gb_json_api_basesingletons\api.php:15

actionpre_update_option_gb_json_api_controllerssingletons\api.php:16

filterquery_varssingletons\query.php:32

Maintenance & Trust

GoodBarber Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version

Downloads80K

Community Trust

Rating100/100

Number of ratings3

Active installs1K

Alternatives

GoodBarber Alternatives

MenuThroughJSON

menuthroughjson

100

Plugin che permette di creare un menu attraverso JSON

0 No CVEs

WPMobile.App

wpappninja

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs

Pushover Integration for WooCommerce

pushover-for-woocommerce

Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.

800 No CVEs

Push notification for Mobile and Web app

push-notification-mobile-and-web-app

Push notification for Android, iOS and the Web

500 1 CVE

Device-Based Redirect

device-based-redirect

100

Redirect users to your app pages in app store or play store based on their device type with custom URLs and page-specific redirects.

300 No CVEs

Developer Profile

GoodBarber Developer Profile

GoodBarber

1 plugin · 1K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

59 days

View full developer profile

Detection Fingerprints

How We Detect GoodBarber

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/goodbarber/gb-json-api.php

HTML / DOM Fingerprints

REST Endpoints

/wp-json/gbapi//wp-json/gbapi/(.+)

FAQ