WP-Safety

Header Promo – Show Top Bar Message or Call to Action Security & Risk Analysis

wordpress.org/plugins/header-promo

Best Black Friday, Cyber Monday, or any other promo bar is here

400 active installs v1.1.1 PHP 7.1+ WP 5.2+ Updated Mar 30, 2026
announcementfooter-promotionheader-promotionpromo-headerpromotion-bar
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Header Promo – Show Top Bar Message or Call to Action Safe to Use in 2026?

Generally Safe

Score 100/100

Header Promo – Show Top Bar Message or Call to Action has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "header-promo" plugin v1.1.1 exhibits a generally strong security posture based on the provided static analysis. The complete absence of direct SQL injection vulnerabilities due to prepared statements and a high percentage of properly escaped output are positive indicators. Furthermore, the presence of a significant number of nonce and capability checks on its entry points suggests an effort to secure against common WordPress attack vectors. The plugin also has no known CVEs, indicating a history of good security practices or a lack of targeted exploitation.

However, a potential area for improvement lies in the capability checks. While there is one capability check identified, the low count (1 out of 5 AJAX handlers) raises a slight concern. A more granular capability check across all AJAX actions would further strengthen its defense. The absence of any reported vulnerabilities in its history is a significant strength, but it's important to note that this doesn't guarantee future immunity. It's possible the plugin hasn't been extensively analyzed or targeted in the past.

In conclusion, the "header-promo" plugin appears to be relatively secure, with good foundational security practices in place. The primary area for minor concern is the limited scope of capability checks, which could be expanded for a more robust security profile. Its clean vulnerability history is a strong positive point, but ongoing vigilance and updates will be crucial for maintaining this status.

Key Concerns

  • Limited capability checks on AJAX
Vulnerabilities
None known

Header Promo – Show Top Bar Message or Call to Action Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Header Promo – Show Top Bar Message or Call to Action Release Timeline

v1.1.1Current
v1.1.0
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Header Promo – Show Top Bar Message or Call to Action Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
212
504 escaped
Nonce Checks
12
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

70% escaped716 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
csf_export (inc\csf\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Header Promo – Show Top Bar Message or Call to Action Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_csf-get-iconsinc\csf\functions\actions.php:50
authwp_ajax_csf-exportinc\csf\functions\actions.php:87
authwp_ajax_csf-importinc\csf\functions\actions.php:123
authwp_ajax_csf-resetinc\csf\functions\actions.php:150
authwp_ajax_csf-choseninc\csf\functions\actions.php:189
WordPress Hooks 49
actionadmin_initheader-promo.php:28
actionwp_enqueue_scriptsheader-promo.php:29
actioninitheader-promo.php:30
actionadmin_enqueue_scriptsinc\AdminMenu.php:7
actionadmin_menuinc\AdminMenu.php:8
filtercustom_menu_orderinc\AdminMenu.php:9
actionwp_enqueue_scriptsinc\csf\classes\abstract.class.php:20
actionadmin_menuinc\csf\classes\admin-options.class.php:106
actionadmin_bar_menuinc\csf\classes\admin-options.class.php:107
actionnetwork_admin_menuinc\csf\classes\admin-options.class.php:111
filteradmin_footer_textinc\csf\classes\admin-options.class.php:487
actionadd_meta_boxes_commentinc\csf\classes\comment-options.class.php:38
actionedit_commentinc\csf\classes\comment-options.class.php:39
actioncustomize_registerinc\csf\classes\customize-options.class.php:43
actioncustomize_save_afterinc\csf\classes\customize-options.class.php:44
actionwp_enqueue_scriptsinc\csf\classes\customize-options.class.php:48
actionadd_meta_boxesinc\csf\classes\metabox-options.class.php:50
actionsave_postinc\csf\classes\metabox-options.class.php:51
actionedit_attachmentinc\csf\classes\metabox-options.class.php:52
actionwp_nav_menu_item_custom_fieldsinc\csf\classes\nav-menu-options.class.php:30
actionwp_update_nav_menu_iteminc\csf\classes\nav-menu-options.class.php:31
filterwp_edit_nav_menu_walkerinc\csf\classes\nav-menu-options.class.php:33
actionadmin_initinc\csf\classes\profile-options.class.php:30
actionshow_user_profileinc\csf\classes\profile-options.class.php:42
actionedit_user_profileinc\csf\classes\profile-options.class.php:43
actionpersonal_options_updateinc\csf\classes\profile-options.class.php:45
actionedit_user_profile_updateinc\csf\classes\profile-options.class.php:46
actionafter_setup_themeinc\csf\classes\setup.class.php:53
actioninitinc\csf\classes\setup.class.php:54
actionswitch_themeinc\csf\classes\setup.class.php:55
actionadmin_enqueue_scriptsinc\csf\classes\setup.class.php:56
actionwp_enqueue_scriptsinc\csf\classes\setup.class.php:57
actionwp_headinc\csf\classes\setup.class.php:58
filteradmin_body_classinc\csf\classes\setup.class.php:59
actionadmin_footerinc\csf\classes\shortcode-options.class.php:47
actioncustomize_controls_print_footer_scriptsinc\csf\classes\shortcode-options.class.php:48
actionelementor/editor/before_enqueue_scriptsinc\csf\classes\shortcode-options.class.php:57
actionelementor/editor/footerinc\csf\classes\shortcode-options.class.php:58
actionelementor/editor/footerinc\csf\classes\shortcode-options.class.php:59
actionenqueue_block_editor_assetsinc\csf\classes\shortcode-options.class.php:299
actionmedia_buttonsinc\csf\classes\shortcode-options.class.php:303
actionadmin_initinc\csf\classes\taxonomy-options.class.php:41
actionadmin_footerinc\csf\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsinc\csf\fields\icon\icon.php:42
actionadmin_print_footer_scriptsinc\csf\fields\link\link.php:65
actionprint_default_editor_scriptsinc\csf\fields\wp_editor\wp_editor.php:62
actionadmin_menuinc\csf\views\welcome.php:19
filterplugin_action_linksinc\csf\views\welcome.php:20
filterplugin_row_metainc\csf\views\welcome.php:21
Maintenance & Trust

Header Promo – Show Top Bar Message or Call to Action Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.1
Downloads7K

Community Trust

Rating80/100
Number of ratings2
Active installs400
Alternatives

Header Promo – Show Top Bar Message or Call to Action Alternatives

Ajax Free Shipping Bar for WooCommerce

Ajax Free Shipping Bar for WooCommerce

muca-free-shipping-bar-for-woo

A
85

Ajax Free Shipping Bar for WooCommerce / Announcement Bar is a free WordPress plugin that gives you ability to add a free shipping bar / announcement …

10 No CVEs
Barilo Light – Top Bar Message

Barilo Light – Top Bar Message

barilo-light-top-bar-message

A
100

A free plugin to display a customizable top bar message on your WordPress site. Great for announcements, greetings, notifications or promotions.

0 No CVEs
Lightweight High Performance Sticky Bar

Lightweight High Performance Sticky Bar

lightweight-high-performance-sticky-bar

A
100

Add a customizable sticky notification bar with countdown functionality to your website with minimal performance impact.

0 No CVEs
Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

simple-banner

A
96

Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.

50K 6 CVEs
Blog Floating Button

Blog Floating Button

blog-floating-button

A
100

Blog Floating Button(BFB)は、ブログにフロートボタンを簡単に実装できるプラグインです。フロートボタンでキラーページに簡単に誘導することができるため、商品購入数や問い合わせ数の向上が期待できます。

9K 1 CVE
Developer Profile

Header Promo – Show Top Bar Message or Call to Action Developer Profile

colorlibplugins

121 plugins · 740K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
130 days
View full developer profile
Detection Fingerprints

How We Detect Header Promo – Show Top Bar Message or Call to Action

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/header-promo/dist/style.css/wp-content/plugins/header-promo/dist/script.js/wp-content/plugins/header-promo/dist/admin.css/wp-content/plugins/header-promo/dist/admin.js
Script Paths
/wp-content/plugins/header-promo/dist/script.js/wp-content/plugins/header-promo/dist/admin.js
Version Parameters
header-promo/dist/style.css?ver=header-promo/dist/script.js?ver=header-promo/dist/admin.css?ver=header-promo/dist/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
bphpPromobphpPromoInnerpromoClosedpromoOpenedcountdowndaysdays_refhours+5 more
Data Attributes
data-options
FAQ

Frequently Asked Questions about Header Promo – Show Top Bar Message or Call to Action