Does OSToolbar have any unpatched vulnerabilities?

No. All known vulnerabilities in OSToolbar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OSToolbar compatible with WordPress 4.4.34?

According to WordPress.org data, OSToolbar 3.0.3 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is OSToolbar updated?

OSToolbar was last updated on Jan 27, 2016. Frequent updates are generally a positive security signal.

What is OSToolbar's security score?

OSToolbar has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OSToolbar Security & Risk Analysis

wordpress.org/plugins/ostoolbar

OSToolbar is a plugin that shows training videos inside your WordPress admin panel.

10 active installs v3.0.3 PHP + WP 4.0+ Updated Jan 27, 2016

documentationhelpsupporttutorialsvideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OSToolbar Safe to Use in 2026?

Generally Safe

Score 85/100

OSToolbar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The ostoolbar v3.0.3 plugin exhibits a mixed security posture. On the positive side, the plugin has no recorded CVEs, and its static analysis shows no dangerous functions, no raw SQL queries, and no known vulnerabilities. This suggests a diligent approach to addressing security vulnerabilities historically.

However, significant concerns arise from the code analysis. The complete lack of output escaping for 19 total outputs is a major red flag, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis identified one flow with an unsanitized path, classified as high severity. The absence of nonce checks and capability checks on its entry points, while the attack surface appears small, leaves it susceptible to various attacks if any of these entry points were to process untrusted input or perform actions requiring authorization.

In conclusion, while the plugin's vulnerability history is clean, the static analysis reveals critical weaknesses in output handling and taint flow sanitation. The lack of authorization checks on its entry points further exacerbates these risks. The strengths lie in its SQL practices and lack of historical vulnerabilities, but these are overshadowed by the immediate and severe risks posed by unescaped output and unsanitized data flows.

Key Concerns

0% of outputs properly escaped
High severity unsanitized path taint flow
0 nonce checks on entry points
0 capability checks on entry points

Vulnerabilities

None known

OSToolbar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

OSToolbar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped19 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<Sanitize> (library\ostoolbar\Sanitize.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

OSToolbar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_initlibrary\ostoolbar\Application.php:22

actionadmin_menulibrary\ostoolbar\Application.php:23

actionadmin_enqueue_scriptslibrary\ostoolbar\Configuration.php:27

Maintenance & Trust

OSToolbar Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedJan 27, 2016

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

OSToolbar Alternatives

WP101 Video Tutorial Plugin

wp101

Professional video tutorials for WordPress, WooCommerce, Elementor, and more, right in the dashboard of your WordPress site. Perfect for beginners.

10K No CVEs

Help Scout

help-scout

Release 6.5.7 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Add a contact form to your website, or embed Help Scout Be …

400 1 CVE

ChipBot – Video, Live Chat, & AI Help Desk

chipbot

100

ChipBot turns your website into a face-to-face story experience powered by AI, video, and chat.

100 No CVEs

Dashboard Beacon

wp-dashboard-beacon

Easily integrate a Help Scout beacon in your site's dashboard.

10 1 unpatched

Admin Notes WP

admin-notes-wp

100

Add 'how to' instructional videos, slide shows, and more directly in individual WordPress admin pages.

0 No CVEs

Developer Profile

OSToolbar Developer Profile

OSTraining

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OSToolbar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ostoolbar/assets/css/ui-lightness/jquery-ui.css/wp-content/plugins/ostoolbar/assets/js/jquery-ui.js/wp-content/plugins/ostoolbar/assets/css/configuration.css/wp-content/plugins/ostoolbar/assets/js/configuration.js

Script Paths

/wp-content/plugins/ostoolbar/assets/js/jquery-ui.js/wp-content/plugins/ostoolbar/assets/js/configuration.js

HTML / DOM Fingerprints

FAQ