Does Rollbar have any unpatched vulnerabilities?

No. All known vulnerabilities in Rollbar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rollbar compatible with WordPress 6.9.4?

According to WordPress.org data, Rollbar 3.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Rollbar compatible with PHP 8.1+?

Rollbar requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rollbar updated?

Rollbar was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is Rollbar's security score?

Rollbar has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rollbar Security & Risk Analysis

wordpress.org/plugins/rollbar

Official Rollbar full-stack error tracking for WordPress supported by Rollbar, Inc.

500 active installs v3.1.1 PHP 8.1+ WP 6.5+ Updated Mar 6, 2026

errorerror-trackingfull-stackrollbartracking

A · Safe

CVEs total1

Unpatched0

Last CVEApr 4, 2025

Plugin page Download

Safety Verdict

Is Rollbar Safe to Use in 2026?

Generally Safe

Score 99/100

Rollbar has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 4, 2025Updated 28d ago

Risk Assessment

The Rollbar plugin v3.1.1 exhibits a generally strong security posture based on the static analysis. The absence of an attack surface, dangerous functions, direct SQL queries, file operations, and external HTTP requests is commendable. The presence of nonce and capability checks, even with a limited attack surface, indicates an awareness of security best practices. However, a significant concern arises from the complete lack of output escaping. This means that any data rendered to the user interface could potentially be manipulated, leading to various cross-site scripting (XSS) vulnerabilities, even if other entry points are secured.

The vulnerability history shows one known CVE in the past, which is now patched. While this is positive, the type of past vulnerability (CSRF) suggests that the plugin has historically had issues with authorization or state-changing actions. The lack of any active unpatched vulnerabilities is reassuring, but the past incident combined with the current lack of output escaping warrants caution. The plugin's strengths lie in its minimal attack surface and careful handling of database queries and file operations. Its primary weakness is the critical lack of output escaping, which presents a significant risk of XSS vulnerabilities.

Key Concerns

63 outputs, 0% properly escaped

Vulnerabilities

Rollbar Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32250medium · 4.3Cross-Site Request Forgery (CSRF)

Rollbar <= 2.7.1 - Cross-Site Request Forgery

Apr 4, 2025 Patched in 3.0.0 (201d)

Code Analysis

Analyzed Mar 16, 2026

Rollbar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped63 total outputs

Attack Surface

Rollbar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menusrc\Admin\SettingsPage.php:58

actionadmin_initsrc\Admin\SettingsPage.php:60

actionadmin_enqueue_scriptssrc\Admin\SettingsPage.php:61

actionadmin_post_rollbar_wp_restore_defaultssrc\Admin\SettingsPage.php:62

Maintenance & Trust

Rollbar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version8.1

Downloads86K

Community Trust

Rating80/100

Number of ratings3

Active installs500

Alternatives

Rollbar Alternatives

Rollbar Logging

rollbar-logging

Enables JavaScript and PHP Error logging for Rollbar.

10 No CVEs

Issues Tracker

issues-tracker

Issues Tracker allows you view and search WordPress logs, receive security advice, track 404 errors, and view your server settings.

50 No CVEs

Health Monitor

health-monitor

100

Health Monitor is designed to help you keep your website running smoothly. It continuously checks your site’s performance, security, and overall healt …

20 No CVEs

Error Notifier for Slack

error-notifier

100

Get real-time Slack notifications for WordPress critical errors to fix site issues instantly!

10 No CVEs

VisitorLAB

visitorlab

An analytics solution for websites to visualize how visitor act on it.

10 No CVEs

Developer Profile

Rollbar Developer Profile

rollbar

1 plugin · 500 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

201 days

View full developer profile

Detection Fingerprints

How We Detect Rollbar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rollbar/public/admin/rollbar.css/wp-content/plugins/rollbar/public/admin/rollbar.js

Script Paths

/wp-content/plugins/rollbar/public/admin/rollbar.js

Version Parameters

rollbar-admin-css?ver=rollbar-admin-js?ver=

HTML / DOM Fingerprints

Data Attributes

data-rollbar-id

JS Globals

rollbarSettings

REST Endpoints

/wp-json/rollbar/v1/test-logging

FAQ

Rollbar Security & Risk Analysis

Is Rollbar Safe to Use in 2026?

Generally Safe

Key Concerns

Rollbar Security Vulnerabilities

CVEs by Year

Severity Breakdown

Rollbar Code Analysis

Output Escaping

Rollbar Attack Surface

Rollbar Maintenance & Trust

Maintenance Signals

Community Trust

Rollbar Alternatives

Rollbar Logging

Issues Tracker

Health Monitor

Error Notifier for Slack

VisitorLAB

Rollbar Developer Profile

How We Detect Rollbar

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Rollbar