WP-Safety

Skill Bars Security & Risk Analysis

wordpress.org/plugins/skillbars

Easy Animated Shortcode Skill Bars for WordPress.

400 active installs v2.0.3 PHP + WP 4.0+ Updated Dec 21, 2025
animated-skill-barmulti-color-progress-barprogress-barskillbarwordpress-progress-bar
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 7, 2025
Plugin page Download
Safety Verdict

Is Skill Bars Safe to Use in 2026?

Generally Safe

Score 99/100

Skill Bars has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 7, 2025Updated 3mo ago
Risk Assessment

The "skillbars" v2.0.3 plugin exhibits a generally good security posture, with a strong emphasis on secure coding practices. The static analysis reveals no critical vulnerabilities like dangerous functions, raw SQL queries, or unsanitized taint flows. The high percentage of properly escaped output (90%) and the presence of nonce and capability checks are positive indicators. However, a notable concern is the absence of AJAX handlers and REST API routes without any authentication or permission checks, which could theoretically be an attack vector if new endpoints were added without proper security in future versions. The plugin's vulnerability history shows only one past CVE, which is now patched, indicating a good track record. The common vulnerability type being Cross-site Scripting is not uncommon, but its absence in the current version's analysis is reassuring. Overall, "skillbars" v2.0.3 is relatively secure, with its main weakness being potential future introduction of vulnerabilities through unprotected entry points not currently present.

Key Concerns

  • Bundled library Freemius v1.0 may be outdated
  • 90% output escaping is good but not perfect
  • Only 1 nonce check for 2 entry points
  • Only 1 capability check for 2 entry points
Vulnerabilities
1

Skill Bars Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22805medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Skill Bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.3 (8d)
Code Analysis
Analyzed Mar 16, 2026

Skill Bars Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
25
217 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

90% escaped242 total outputs
Attack Surface

Skill Bars Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[skillbars] inc\skill-bar-shortcode.php:81
[skillbar] skillbar-shortcodes.php:176
WordPress Hooks 10
actioninitinc\skillbar-postytpe.php:37
actionadd_meta_boxesinc\skillbar-postytpe.php:53
actionsave_postinc\skillbar-postytpe.php:373
filtermanage_skillbar_posts_columnsinc\skillbar-postytpe.php:385
actionmanage_skillbar_posts_custom_columninc\skillbar-postytpe.php:398
actionedit_form_after_titleinc\skillbar-postytpe.php:452
filterwidget_textskillbar-shortcodes.php:69
actionwp_enqueue_scriptsskillbar-shortcodes.php:90
actionplugins_loadedskillbar-shortcodes.php:98
actionadmin_enqueue_scriptsskillbar-shortcodes.php:126
Maintenance & Trust

Skill Bars Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 21, 2025
PHP min version
Downloads20K

Community Trust

Rating94/100
Number of ratings3
Active installs400
Alternatives

Skill Bars Alternatives

Progress Bar & Skill Bar

Progress Bar & Skill Bar

progress-bar-wp

A
92

An awesome wordpress progress bar plugin helps writer and authors to show beautiful progress bar in percentage at any blog or post page.

2K No CVEs
Free Shipping Label and Progress Bar for WooCommerce

Free Shipping Label and Progress Bar for WooCommerce

free-shipping-label

A
100

Increase order revenue by showing your customers just how close they are to your free shipping threshold.

5K No CVEs
Catch Scroll Progress Bar

Catch Scroll Progress Bar

catch-scroll-progress-bar

A
100

Catch Scroll Progress Bar - Catch Scroll Progress Bar is a simple, super-light WordPress progress bar plugin that has the most essential features to s &hellip;

1K 1 CVE
Progress Bar

Progress Bar

progress-bar

A
98

A simple progress bar shortcode that can be styled with CSS

1K 2 CVEs
Ultimeter

Ultimeter

ultimeter

A
99

Ultimeter - the Ultimate Progress and Goals Meter

1K 1 CVE
Developer Profile

Skill Bars Developer Profile

Themepoints

19 plugins · 10K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
66 days
View full developer profile
Detection Fingerprints

How We Detect Skill Bars

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/skillbars/assets/css/skillbar-css.css/wp-content/plugins/skillbars/assets/js/shortcodes_skillbar.js/wp-content/plugins/skillbars/admin/css/admin-style.css/wp-content/plugins/skillbars/assets/js/color-picker.js/wp-content/plugins/skillbars/admin/js/admin-pro-scripts.js/wp-content/plugins/skillbars/admin/js/admin-scripts.js
Script Paths
/wp-content/plugins/skillbars/assets/js/shortcodes_skillbar.js/wp-content/plugins/skillbars/assets/js/color-picker.js/wp-content/plugins/skillbars/admin/js/admin-pro-scripts.js/wp-content/plugins/skillbars/admin/js/admin-scripts.js
Version Parameters
/wp-content/plugins/skillbars/assets/js/shortcodes_skillbar.js?ver=/wp-content/plugins/skillbars/assets/js/color-picker.js?ver=/wp-content/plugins/skillbars/admin/js/admin-pro-scripts.js?ver=/wp-content/plugins/skillbars/admin/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
skillbarskillbar-titleskillbar-barskillbar-percent
Data Attributes
data-percent
Shortcode Output
<div class="skillbar"<div class="skillbar-title"<div class="skillbar-bar"<div class="skillbar-percent"
FAQ

Frequently Asked Questions about Skill Bars