Sitewide Notice WP Security & Risk Analysis
wordpress.org/plugins/sitewide-notice-wpSimply add a small message bar to the bottom of each page of your website to display notice messages such as sales, notices and any text messages.
Is Sitewide Notice WP Safe to Use in 2026?
Generally Safe
Score 98/100Sitewide Notice WP has a strong security track record. Known vulnerabilities have been patched promptly.
The plugin 'sitewide-notice-wp' v2.4.2 exhibits a mixed security posture. While the static analysis indicates a generally good foundation with no identified dangerous functions, file operations, or external HTTP requests, and all SQL queries utilizing prepared statements, there are significant concerns. The lack of capability checks for any code paths, coupled with a high percentage of output not being properly escaped, presents a potential cross-site scripting (XSS) risk. The vulnerability history is particularly concerning, with two known medium severity CVEs, both related to missing authorization and cross-site scripting. The fact that these vulnerabilities are no longer unpatched is positive, but their recurrence suggests potential systemic weaknesses in how user input is handled and access is controlled. The absence of any taint analysis results is unusual and might indicate limitations in the analysis tool rather than a complete absence of taintable flows. Overall, while the plugin has strengths in its foundational secure coding practices, the past vulnerabilities and current lack of capability checks and adequate output escaping are significant weaknesses that require attention.
Key Concerns
- 2 known medium severity CVEs
- No capability checks
- 25% of outputs not properly escaped
Sitewide Notice WP Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Sitewide Notice WP <= 2.4.1 - Missing Authorization
Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting
Sitewide Notice WP Code Analysis
Output Escaping
Sitewide Notice WP Attack Surface
WordPress Hooks 4
Maintenance & Trust
Sitewide Notice WP Maintenance & Trust
Maintenance Signals
Community Trust
Sitewide Notice WP Alternatives
CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)
cookie-law-info
Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).
CookieAdmin – Cookie Consent Banner
cookieadmin
CookieAdmin provides easy to configure cookie consent banner with GDPR and CCPA law support.
Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode
cookiebot
Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.
Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
simple-banner
Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.
Announcer – Sticky Message Banner & Notification Bar
announcer
Add customizable WordPress notification bar to display announcements, promotions, coupons, or news at the top or bottom of your website.
Sitewide Notice WP Developer Profile
7 plugins · 66K total installs
How We Detect Sitewide Notice WP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sitewide-notice-wp/css/swnza.css/wp-content/plugins/sitewide-notice-wp/js/jquery_cookie.js/wp-content/plugins/sitewide-notice-wp/images/close-button.svg/wp-content/plugins/sitewide-notice-wp/js/jquery_cookie.jssitewide-notice-wp/css/swnza.css?ver=sitewide-notice-wp/js/jquery_cookie.js?ver=HTML / DOM Fingerprints
swnza_bannerswnza_close_button<!-- SiteWide Notice WP Cookies --><!-- SiteWide Notice WP Custom CSS -->id="swnza_banner_id"id="swnza_banner_text"id="swnza_close_button_link"class="swnza_banner"class="swnza_close_button"Cookies.get('swnza_hide_banner_cookie')Cookies.set('swnza_hide_banner_cookie', 1, { expires: 1, path: '/' })