Does Admin Bar Tools have any unpatched vulnerabilities?

No. All known vulnerabilities in Admin Bar Tools have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Admin Bar Tools compatible with WordPress 5.6.0?

According to WordPress.org data, Admin Bar Tools 4.0 has been tested up to WordPress 5.6.0. Check the plugin's changelog for the latest compatibility information.

Is Admin Bar Tools compatible with PHP 5.6+?

Admin Bar Tools requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Admin Bar Tools updated?

Admin Bar Tools was last updated on Jan 18, 2021. Frequent updates are generally a positive security signal.

What is Admin Bar Tools's security score?

Admin Bar Tools has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Admin Bar Tools Security & Risk Analysis

wordpress.org/plugins/sf-adminbar-tools

Adds some small development tools to the admin bar.

400 active installs v4.0 PHP 5.6+ WP 4.7+ Updated Jan 18, 2021

debugdevelopmentquerytestingtests

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Admin Bar Tools Safe to Use in 2026?

Generally Safe

Score 85/100

Admin Bar Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The sf-adminbar-tools v4.0 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, coupled with a clean vulnerability history, is a significant positive indicator. The code heavily relies on prepared statements for SQL queries and demonstrates a high percentage of properly escaped output, which are crucial best practices for preventing common web vulnerabilities.

However, there are a few areas that warrant attention. The presence of two 'dangerous functions' (preg_replace(/e)) indicates a potential for remote code execution if these functions are used with user-supplied input that is not properly sanitized. While the taint analysis shows no flows with unsanitized paths, the potential for misuse of these functions remains a concern. The limited attack surface and the presence of nonce and capability checks on the few entry points are good, but the absence of any taint analysis data (0 flows analyzed) means we cannot definitively rule out subtle issues that might not be flagged by static checks alone.

Overall, sf-adminbar-tools v4.0 appears to be a well-maintained plugin with a strong foundation in secure coding practices. The lack of past vulnerabilities is a testament to this. The primary area for improvement lies in carefully reviewing the implementation of the `preg_replace(/e)` functions to ensure robust sanitization of any input processed by them. Until this is confirmed, a minor level of caution is advised.

Key Concerns

Dangerous function detected (preg_replace(/e))

Vulnerabilities

None known

Admin Bar Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Admin Bar Tools Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/esrc\classes\Dependencies\Composer\Installers\MicroweberInstaller.php:113

preg_replace(/e)preg_replace('/esrc\classes\Dependencies\Composer\Installers\MicroweberInstaller.php:115

SQL Query Safety

100% prepared15 total queries

Output Escaping

88% escaped26 total outputs

Attack Surface

Admin Bar Tools Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionplugins_loadedsf-adminbar-tools.php:23

actionadmin_noticessrc\class-sfabt-requirements-check.php:142

actionadmin_menusrc\classes\AdminUI.php:76

actionadmin_menusrc\classes\AdminUI.php:77

actionadmin_enqueue_scriptssrc\classes\Assets.php:50

actionwp_print_stylessrc\classes\Assets.php:51

actionload-post.phpsrc\classes\DisableWPFeatures.php:45

actionload-post-new.phpsrc\classes\DisableWPFeatures.php:46

filterupdate_post_metadatasrc\classes\DisableWPFeatures.php:48

filtershow_post_locked_dialogsrc\classes\DisableWPFeatures.php:49

actionadmin_noticessrc\classes\DisableWPFeatures.php:94

actionsfabt_add_nodes_insidesrc\classes\DisplayData\AdminHooks\NodesUI.php:41

actionadmin_bar_menusrc\classes\DisplayData\BaseItems\NodesUI.php:32

actionsfabt_add_nodes_insidesrc\classes\DisplayData\CurrentScreen\NodesUI.php:32

actionsfabt_add_nodes_insidesrc\classes\DisplayData\Debug\NodesUI.php:34

actionsfabt_add_nodes_insidesrc\classes\DisplayData\Pagenow\NodesUI.php:32

actionsfabt_add_nodes_insidesrc\classes\DisplayData\PhpMemory\NodesUI.php:32

filtersfabt_displayable_varssrc\classes\DisplayData\SomeVar\Data.php:33

filtersfabt_displayable_varssrc\classes\DisplayData\SomeVar\Data.php:34

filtersfabt_displayable_varssrc\classes\DisplayData\SomeVar\Data.php:35

filtersfabt_localize_scriptsrc\classes\DisplayData\SomeVar\NodesUI.php:50

actionadmin_print_footer_scriptssrc\classes\DisplayData\SomeVar\NodesUI.php:53

actionwp_print_footer_scriptssrc\classes\DisplayData\SomeVar\NodesUI.php:55

actionsfabt_add_nodes_insidesrc\classes\DisplayData\SomeVar\NodesUI.php:58

actioninitsrc\classes\DisplayData\SomeVar\NodesUI.php:59

actionadmin_initsrc\classes\DisplayData\SomeVar\NodesUI.php:148

actionwpsrc\classes\DisplayData\SomeVar\NodesUI.php:150

actionallsrc\classes\DisplayData\Templates\Data.php:70

filtercomments_templatesrc\classes\DisplayData\Templates\Data.php:71

actionsfabt_add_nodes_insidesrc\classes\DisplayData\Templates\NodesUI.php:55

actionsfabt_add_nodes_insidesrc\classes\DisplayData\Templates\NodesUI.php:56

actioninitsrc\classes\Plugin.php:109

filtersfabt_containersrc\classes\Plugin.php:203

actionload-profile.phpsrc\classes\ProfileUI.php:66

actionshow_user_profilesrc\classes\ProfileUI.php:67

actionpersonal_options_updatesrc\classes\ProfileUI.php:68

Maintenance & Trust

Admin Bar Tools Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.0

Last updatedJan 18, 2021

PHP min version5.6

Downloads15K

Community Trust

Rating96/100

Number of ratings8

Active installs400

Alternatives

Admin Bar Tools Alternatives

Query Monitor – The developer tools panel for WordPress

query-monitor

100

Query Monitor is the developer tools panel for WordPress and WooCommerce.

200K No CVEs

DebugPress: Debugger in Popup

debugpress

100

Easy-to-use plugin for debugging and profiling website loading, SQL queries analysis, help with development, bug fixing, all in configurable popup.

100 No CVEs

Back To The Theme

back-to-the-theme

See a page with different themes all at once, just like that!

10 No CVEs

Development Assistant

development-assistant

100

Toolkit for debugging and customer support.

10 No CVEs

Debug This

debug-this

100

Peek under the hood with sixty debugging reports just one click away.

2K No CVEs

Developer Profile

Admin Bar Tools Developer Profile

Grégory Viguier

5 plugins · 7K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Admin Bar Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sf-adminbar-tools/assets/css/sfabt.css/wp-content/plugins/sf-adminbar-tools/assets/css/sfabt.min.css/wp-content/plugins/sf-adminbar-tools/assets/js/sfabt.js/wp-content/plugins/sf-adminbar-tools/assets/js/sfabt.min.js

Script Paths

assets/css/sfabt.cssassets/css/sfabt.min.cssassets/js/sfabt.jsassets/js/sfabt.min.js

Version Parameters

sf-adminbar-tools/assets/css/sfabt.css?ver=sf-adminbar-tools/assets/js/sfabt.js?ver=

HTML / DOM Fingerprints

JS Globals

sfabtContext

FAQ