Does Notice Bar have any unpatched vulnerabilities?

No. All known vulnerabilities in Notice Bar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Notice Bar compatible with WordPress 6.8.5?

According to WordPress.org data, Notice Bar 3.1.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Notice Bar compatible with PHP 5.6+?

Notice Bar requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Notice Bar updated?

Notice Bar was last updated on Aug 15, 2025. Frequent updates are generally a positive security signal.

What is Notice Bar's security score?

Notice Bar has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Notice Bar Security & Risk Analysis

wordpress.org/plugins/notice-bar

A easy plugin to show multiple notice bar in WordPress sites.

800 active installs v3.1.4 PHP 5.6+ WP 4.1+ Updated Aug 15, 2025

barfloating-barmessagenoticationnotice

A · Safe

CVEs total2

Unpatched0

Last CVEAug 20, 2025

Plugin page Download

Safety Verdict

Is Notice Bar Safe to Use in 2026?

Generally Safe

Score 98/100

Notice Bar has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 20, 2025Updated 7mo ago

Risk Assessment

The notice-bar plugin, version 3.1.4, exhibits a mixed security posture. While it demonstrates strong practices in SQL query handling and a relatively high rate of output escaping, there are significant concerns regarding its attack surface. The presence of two AJAX handlers without authentication checks is a notable weakness, creating potential entry points for unauthorized actions. The taint analysis, though limited in scope, did identify one flow with an unsanitized path, indicating a potential for vulnerabilities if not properly handled, even if not classified as critical in this analysis.

The plugin's vulnerability history shows two known medium-severity CVEs, both related to Cross-site Scripting (XSS). While currently unpatched CVEs are zero, the recurring nature of XSS vulnerabilities suggests a potential recurring weakness in input sanitization or output encoding in certain contexts within the plugin's code. The last vulnerability being in the future (2025-08-20) is an anomaly and likely a data error, but the historical pattern of medium XSS vulnerabilities is still a concern.

In conclusion, the notice-bar plugin has some commendable security features, particularly its use of prepared statements for SQL. However, the unprotected AJAX handlers represent a clear and present risk that needs immediate attention. The past XSS vulnerabilities, even if resolved in this version, warrant vigilance and thorough testing of any input handling mechanisms. Addressing the unprotected AJAX endpoints should be the top priority to improve its overall security.

Key Concerns

2 AJAX handlers without auth checks
1 unsanitized path in taint analysis
2 medium severity CVEs in history

Vulnerabilities

Notice Bar Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-49389medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Notice Bar <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 20, 2025 Patched in 3.1.4 (7d)

CVE-2023-41847medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2023 Patched in 3.1.1 (140d)

Code Analysis

Analyzed Mar 16, 2026

Notice Bar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

201

892 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped1093 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<class-notice-bar-subscribers> (inc\class-notice-bar-subscribers.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Notice Bar Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_nb_send_subscriber_mailinc\class-notice-bar-subscribers.php:10

noprivwp_ajax_nb_send_subscriber_mailinc\class-notice-bar-subscribers.php:11

Shortcodes 1

[nb_subscribe] inc\class-notice-bar-subscribers.php:9

WordPress Hooks 39

actionadd_meta_boxesinc\backend\class-notice-bar-admin-sidebar-banners.php:5

actioninitinc\backend\class-notice-bar-post-type.php:5

actionadmin_menuinc\backend\class-notice-bar-post-type.php:6

actionadd_meta_boxesinc\backend\class-notice-bar-post-type.php:7

actionsave_postinc\backend\class-notice-bar-post-type.php:8

filternotice_bar_admin_sections_tabinc\backend\class-notice-bar-post-type.php:9

filternotice_bar_admin_notice_types_tabinc\backend\class-notice-bar-post-type.php:10

filternotice_bar_admin_notice_display_tabinc\backend\class-notice-bar-post-type.php:11

filternotice_bar_admin_visibility_tabinc\backend\class-notice-bar-post-type.php:12

actionadmin_enqueue_scriptsinc\class-notice-bar-admin-scripts.php:14

actionadmin_menuinc\class-notice-bar-admin-scripts.php:15

actionwp_headinc\class-notice-bar-frontend-scripts.php:55

actionwp_enqueue_scriptsinc\class-notice-bar-frontend-scripts.php:56

actionwp_footerinc\class-notice-bar-frontend-scripts.php:60

actionadmin_post_nb_settings_saveinc\class-notice-bar-settings.php:10

actionadmin_post_nb_restore_default_actioninc\class-notice-bar-settings.php:11

actioninitinc\class-notice-bar-subscribers.php:6

actionadd_meta_boxesinc\class-notice-bar-subscribers.php:7

actionsave_postinc\class-notice-bar-subscribers.php:8

filternotice_bar_types_listinc\notice-types\class-notice-bar-cta.php:4

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-cta.php:5

actionnotice_bar_nb_cta_stylesinc\notice-types\class-notice-bar-cta.php:6

filternotice_bar_types_listinc\notice-types\class-notice-bar-nb-subscribe.php:4

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-nb-subscribe.php:5

actionnotice_bar_nb_subscribe_stylesinc\notice-types\class-notice-bar-nb-subscribe.php:6

filternotice_bar_types_listinc\notice-types\class-notice-bar-news-ticker.php:4

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-news-ticker.php:5

filternotice_bar_types_listinc\notice-types\class-notice-bar-plain-text.php:4

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-plain-text.php:5

filternotice_bar_types_listinc\notice-types\class-notice-bar-shortcodes.php:5

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-shortcodes.php:6

filternotice_bar_types_listinc\notice-types\class-notice-bar-slider.php:4

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-slider.php:5

filternotice_bar_types_listinc\notice-types\class-notice-bar-social-icons.php:4

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-social-icons.php:5

actionnotice_bar_social_stylesinc\notice-types\class-notice-bar-social-icons.php:6

filternotice_bar_types_listinc\notice-types\class-notice-bar-tweets.php:5

actionnotice_bar_frontend_sectioninc\notice-types\class-notice-bar-tweets.php:6

actionplugins_loadednotice-bar.php:179

Maintenance & Trust

Notice Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 15, 2025

PHP min version5.6

Downloads35K

Community Trust

Rating72/100

Number of ratings9

Active installs800

Alternatives

Notice Bar Alternatives

Rouergue Creation Top Notice Bar

rouergue-creation-top-notice-bar

100

Display a clean and customizable notice bar at the top of your WordPress site using a modern React-based settings page.

0 No CVEs

My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)

mystickymenu

Create a welcome notification bar for your website. Also, My Sticky Bar plugin can make your menu or header sticky to the top when scrolled 📌

100K 6 CVEs

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

simple-banner

Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.

50K 6 CVEs

Announcer – Sticky Message Banner & Notification Bar

announcer

Add customizable WordPress notification bar to display announcements, promotions, coupons, or news at the top or bottom of your website.

10K 1 CVE

Easy Notification Bar

easy-notification-bar

100

A simple plugin for displaying a notice at the top of your website that can be closed by the visitor. Completely free and minimal without any upsells.

9K No CVEs

Developer Profile

Notice Bar Developer Profile

WEN Solutions

47 plugins · 26K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

112 days

View full developer profile

Detection Fingerprints

How We Detect Notice Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/notice-bar/css/backend.css/wp-content/plugins/notice-bar/css/bootstrap-datetimepicker.css/wp-content/plugins/notice-bar/js/moment-with-locales.js/wp-content/plugins/notice-bar/js/bootstrap-datetimepicker.js/wp-content/plugins/notice-bar/js/backend.js

Script Paths

//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Version Parameters

notice-bar/css/backend.css?ver=notice-bar/css/bootstrap-datetimepicker.css?ver=notice-bar/js/moment-with-locales.js?ver=notice-bar/js/bootstrap-datetimepicker.js?ver=notice-bar/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

nb-new-admin-stylenb-new-dt-picker-cssnb-new-dt-pickernb-new-dt-custom-pickernb-new-admin-script

JS Globals

NOTICE_BAR_FILE_URLNOTICE_BAR_VERSION

FAQ