Does HA Banners have any unpatched vulnerabilities?

No. All known vulnerabilities in HA Banners have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HA Banners compatible with WordPress 4.5.33?

According to WordPress.org data, HA Banners 1.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is HA Banners updated?

HA Banners was last updated on Aug 4, 2016. Frequent updates are generally a positive security signal.

What is HA Banners's security score?

HA Banners has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HA Banners Security & Risk Analysis

wordpress.org/plugins/ha-banners

Widget Banners manager.

10 active installs v1.1 PHP + WP 1.0+ Updated Aug 4, 2016

bannersmanager-bannerswidget-banners

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is HA Banners Safe to Use in 2026?

Generally Safe

Score 85/100

HA Banners has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "ha-banners" v1.1 plugin exhibits a generally good security posture, characterized by a lack of known CVEs and a relatively low number of detected code signals that might indicate vulnerabilities. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without authentication checks significantly limits the plugin's attack surface. Furthermore, the presence of capability checks and a high percentage of SQL queries using prepared statements are positive indicators of secure coding practices.

However, the static analysis does reveal some areas of concern. One flow with an unsanitized path identified by taint analysis is a critical finding that could potentially lead to a high-severity vulnerability if exploited. While the total number of such flows is low, the existence of an unsanitized path is a significant risk that requires immediate attention. Additionally, the output escaping is only properly handled in 69% of cases, meaning there's a non-trivial chance of cross-site scripting (XSS) vulnerabilities in the remaining outputs.

The vulnerability history being completely clean is a strong positive point, suggesting that the developers have either been very diligent in the past or the plugin has not been a significant target for attackers. However, this absence of history does not negate the risks identified in the current static analysis. The plugin's strengths lie in its limited attack surface and secure handling of database operations. Its weaknesses are primarily in the potential for path traversal due to unsanitized paths and the moderate risk of XSS due to insufficient output escaping.

Key Concerns

Flow with unsanitized path
Moderate output escaping issues

Vulnerabilities

None known

HA Banners Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

HA Banners Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

86 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared17 total queries

Output Escaping

69% escaped124 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

haa_banners_options_page (admin\admin-settings.php:2)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

HA Banners Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_print_scriptshaa-banners.php:24

actionplugins_loadedhaa-banners.php:26

actionadmin_menuhaa-banners.php:85

actionwidgets_initwidget\habnners-widget.php:8

Maintenance & Trust

HA Banners Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedAug 4, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

HA Banners Alternatives

Announcement & Notification Banner – Bulletin

bulletin-announcements

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs

AdPlugg WordPress Ad Plugin

adplugg

100

Advertising is easy with AdPlugg. The AdPlugg WordPress Ad Plugin and ad server allow you to easily manage, schedule, rotate and track your ads.

500 1 CVE

MobiLoud – Smart App Banners

mobiloud-smart-app-banner

We created this plugin so that you can use Smart App Banners on your WordPress site to boost downloads for your iOS and Android app.

200 No CVEs

Ad Commander – Ad Manager for Banners, AdSense, Ad Networks

ad-commander

100

Insert image banner ads, Google AdSense, Amazon, affiliate ad networks. Rotate and randomize ad groups. Track impressions and clicks. Create ads.txt.

100 No CVEs

Page Peel

page-peel

Adds page peel to your web site.

90 No CVEs

Developer Profile

HA Banners Developer Profile

sashamx

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HA Banners

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ha-banners/css/haa_banner-style.css/wp-content/plugins/ha-banners/js/script.js/wp-content/plugins/ha-banners/widget/style.css

Script Paths

/wp-content/plugins/ha-banners/js/ha-banner-script.js/wp-content/plugins/ha-banners/js/script.js

HTML / DOM Fingerprints

CSS Classes

haa_banners_widgetshaa_banners_block_viewsha_banner

Data Attributes

data-clicks

JS Globals

the_ajax_script

FAQ