Does Highlight Sitewide Notice, Text, Button Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Highlight Sitewide Notice, Text, Button Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Highlight Sitewide Notice, Text, Button Menu compatible with WordPress 6.7.5?

According to WordPress.org data, Highlight Sitewide Notice, Text, Button Menu 2.0.6 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Highlight Sitewide Notice, Text, Button Menu compatible with PHP 5.6.0+?

Highlight Sitewide Notice, Text, Button Menu requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Highlight Sitewide Notice, Text, Button Menu updated?

Highlight Sitewide Notice, Text, Button Menu was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Highlight Sitewide Notice, Text, Button Menu's security score?

Highlight Sitewide Notice, Text, Button Menu has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Highlight Sitewide Notice, Text, Button Menu Security & Risk Analysis

wordpress.org/plugins/highlight

Highlight Sitewide Notice, Highlight text, or Highlight WordPress Menu as Button Menu.

30 active installs v2.0.6 PHP 5.6.0+ WP 4.6+ Updated Dec 17, 2025

menu-shortcodenav-menunotification-barsitewide-noticetext-highlight

A · Safe

CVEs total2

Unpatched0

Last CVEJan 3, 2025

Plugin page Download

Safety Verdict

Is Highlight Sitewide Notice, Text, Button Menu Safe to Use in 2026?

Generally Safe

Score 99/100

Highlight Sitewide Notice, Text, Button Menu has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 3, 2025Updated 3mo ago

Risk Assessment

The "highlight" plugin v2.0.6 demonstrates a generally good security posture due to robust input sanitization and authorization checks. The static analysis reveals no critical or high-severity taint flows, and all identified entry points (AJAX handlers, shortcodes) have appropriate capability checks. SQL queries are exclusively prepared, and a high percentage of output is properly escaped, minimizing the risk of cross-site scripting. The absence of file operations and external HTTP requests further reduces the attack surface. The plugin also correctly implements nonce checks for its AJAX handlers.

However, the plugin's vulnerability history warrants attention. It has two previously identified medium-severity vulnerabilities, both related to Cross-site Scripting. Although currently unpatched vulnerabilities are zero, the pattern of past XSS issues suggests a need for continued vigilance in output escaping, even with the current high rate of proper escaping. The presence of bundled libraries, while not inherently a risk, can become one if not maintained and updated.

In conclusion, "highlight" v2.0.6 is a relatively secure plugin, with strong defensive coding practices evident in the static analysis. The primary area of concern stems from its past vulnerability history, specifically repeated XSS findings. While no current critical threats are identified, ongoing monitoring and a proactive approach to security updates are recommended to maintain its integrity.

Key Concerns

Past medium severity XSS vulnerabilities
Bundled library (jQuery)

Vulnerabilities

Highlight Sitewide Notice, Text, Button Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-56297medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Highlight <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jan 3, 2025 Patched in 2.0.6 (6d)

CVE-2021-24591medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Highlight < 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 6, 2021 Patched in 0.9.3 (900d)

Code Analysis

Analyzed Mar 16, 2026

Highlight Sitewide Notice, Text, Button Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

144 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

Output Escaping

92% escaped156 total outputs

Attack Surface

Highlight Sitewide Notice, Text, Button Menu Attack Surface

Entry Points11

Unprotected0

AJAX Handlers 2

authwp_ajax_qcld_highlight_process_qc_promo_formqc-support-promo-page\class-qc-support-promo-page.php:116

authwp_ajax_qcld_recommend_support_function_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:8

Shortcodes 9

[qc-button-menu] inc\button-menu\qcld-button-menu.php:102

[h-s] qc-project-highlight-shortcode.php:6

[highlight-scroll] qc-project-highlight-shortcode.php:7

[h-h] qc-project-highlight-shortcode.php:27

[highlight-hover] qc-project-highlight-shortcode.php:28

[h-u-v] qc-project-highlight-shortcode.php:53

[highlight-underline-v] qc-project-highlight-shortcode.php:54

[h-u-h] qc-project-highlight-shortcode.php:76

[highlight-underline-h] qc-project-highlight-shortcode.php:77

WordPress Hooks 18

actionadmin_initinc\button-menu\qcld-button-menu.php:99

actionnav_menu_link_attributesinc\button-menu\qcld-button-menu.php:169

actionadmin_initinc\notice\qcld-project-notification.php:317

actionwp_footerinc\notice\qcld-project-notification.php:339

actionwp_headinc\notice\qcld-project-notification.php:342

actioninitinc\notice\qcld-project-notification.php:350

actionwp_enqueue_scriptsinc\notice\qcld-project-notification.php:386

actionadmin_headqc-free-plugin-upgrade-notice.php:33

actionplugin_row_metaqc-free-plugin-upgrade-notice.php:124

actionadmin_menuqc-free-plugin-upgrade-notice.php:166

actionadmin_enqueue_scriptsqc-project-highlight-asset.php:85

actionwp_enqueue_scriptsqc-project-highlight-asset.php:205

actionadmin_initqc-project-highlight-frameworks.php:48

actionadmin_menuqc-project-highlight-frameworks.php:53

actioninitqc-project-highlight-main.php:44

actionactivated_pluginqc-project-highlight-main.php:99

actionadmin_menuqc-support-promo-page\class-qc-support-promo-page.php:32

actionadmin_enqueue_scriptsqc-support-promo-page\class-qc-support-promo-page.php:62

Maintenance & Trust

Highlight Sitewide Notice, Text, Button Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 17, 2025

PHP min version5.6.0

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Highlight Sitewide Notice, Text, Button Menu Alternatives

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily

advance-menu-manager

Create and manage menus of any size of your content-heavy wordpress blogs and websites. Simplified search and new comprehensive layout.

500 5 CVEs

Menu Icons by ThemeIsle

menu-icons

Spice up your navigation menus with pretty icons, easily.

100K 2 CVEs

Menu Image, Icons made easy

menu-image

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs

My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)

mystickymenu

Create a welcome notification bar for your website. Also, My Sticky Bar plugin can make your menu or header sticky to the top when scrolled 📌

100K 6 CVEs

User Menus – Nav Menu Visibility

user-menus

Show/hide menu items to logged in users, logged out users or specific user roles. Display logged in user details in menu. Add a logout link to menu.

80K No CVEs

Developer Profile

Highlight Sitewide Notice, Text, Button Menu Developer Profile

QuantumCloud

29 plugins · 26K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

255 days

View full developer profile

Detection Fingerprints

How We Detect Highlight Sitewide Notice, Text, Button Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/highlight/assets/css/highlight.css/wp-content/plugins/highlight/assets/js/highlight.js/wp-content/plugins/highlight/assets/css/highlight.min.css/wp-content/plugins/highlight/assets/js/highlight.min.js/wp-content/plugins/highlight/assets/css/codemirror.css/wp-content/plugins/highlight/assets/js/codemirror.js/wp-content/plugins/highlight/assets/css/tomorrow.css/wp-content/plugins/highlight/assets/js/modes/javascript.js+5 more

Script Paths

/wp-content/plugins/highlight/assets/js/highlight.js/wp-content/plugins/highlight/assets/js/highlight.min.js/wp-content/plugins/highlight/assets/js/codemirror.js/wp-content/plugins/highlight/assets/js/modes/javascript.js/wp-content/plugins/highlight/assets/js/modes/css.js/wp-content/plugins/highlight/assets/js/modes/htmlmixed.js+3 more

Version Parameters

highlight/style.css?ver=highlight/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

highlight-mainhighlight-btnbtnmenu-helpbtnmenu-help .ans

Data Attributes

data-dismiss-type="qcbot-feedback-notice"

JS Globals

window.QCLD_Highlight_URL1window.QCLD_Highlight_IMG_URL1window.QCLD_Highlight_ASSETS_URL1window.QCLD_Highlight_DIR1window.QCLD_Highlight_INC_DIR1

FAQ