Does SKT Skill Bar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SKT Skill Bar compatible with WordPress 6.8.5?

According to WordPress.org data, SKT Skill Bar 2.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SKT Skill Bar compatible with PHP 7.4+?

SKT Skill Bar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SKT Skill Bar updated?

SKT Skill Bar was last updated on Nov 12, 2025. Frequent updates are generally a positive security signal.

What is SKT Skill Bar's security score?

SKT Skill Bar has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SKT Skill Bar Security & Risk Analysis

wordpress.org/plugins/skt-skill-bar

Showcase skillsets that you are good at anywhere on your website using this plugin.

1K active installs v2.6 PHP 7.4+ WP 5.0+ Updated Nov 12, 2025

circular-skill-barhalf-circle-skill-barskill-barsvertical-graph-barvertical-skill-bar

A · Safe

CVEs total4

Unpatched0

Last CVENov 14, 2025

Plugin page Download

Safety Verdict

Is SKT Skill Bar Safe to Use in 2026?

Generally Safe

Score 96/100

SKT Skill Bar has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Nov 14, 2025Updated 6mo ago

Risk Assessment

The skt-skill-bar plugin v2.6 exhibits a mixed security posture. On the positive side, static analysis reveals good coding practices with 100% of SQL queries using prepared statements and all output being properly escaped. There are no identified dangerous functions, file operations, or external HTTP requests, and the identified entry points (shortcodes) are not directly exposed to unauthenticated access. The absence of critical or high-severity taint flows is also encouraging. However, the vulnerability history is a significant concern. The plugin has a record of four known medium-severity vulnerabilities, all of which were Cross-Site Scripting (XSS) related. While the historical data indicates that these have been patched, the recurring nature of XSS issues suggests a potential weakness in input validation or output sanitization that might not have been entirely addressed by previous fixes, or could re-emerge in future versions. The lack of nonce checks and capability checks in the static analysis, while not directly leading to exploitable issues in this specific analysis due to a small attack surface, represents a missed opportunity for robust security and could be a contributing factor to past XSS vulnerabilities.

Key Concerns

Vulnerability history (4 medium CVEs)
Missing nonce checks
Missing capability checks

Vulnerabilities

4 published

SKT Skill Bar Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-66090medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SKT Skill Bar <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 14, 2025 Patched in 2.6 (11d)

CVE-2025-47482medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SKT Skill Bar <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025 Patched in 2.5 (7d)

CVE-2025-26880medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SKT Skill Bar <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 11, 2025 Patched in 2.4 (6d)

CVE-2024-38698medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SKT Skill Bar <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 11, 2024 Patched in 2.1 (7d)

Version History

SKT Skill Bar Release Timeline

v1.44 CVEs

CVE-2025-47482 CVE-2025-66090 CVE-2025-26880 +1 more

v1.34 CVEs

CVE-2025-47482 CVE-2025-66090 CVE-2025-26880 +1 more

v1.24 CVEs

CVE-2025-47482 CVE-2025-66090 CVE-2025-26880 +1 more

v1.14 CVEs

CVE-2025-47482 CVE-2025-66090 CVE-2025-26880 +1 more

v1.04 CVEs

CVE-2025-47482 CVE-2025-66090 CVE-2025-26880 +1 more

Code Analysis

Analyzed Mar 16, 2026

SKT Skill Bar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

89 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped89 total outputs

Attack Surface

SKT Skill Bar Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[skillwrapper] sktskillbar.php:541

[skill] sktskillbar.php:580

WordPress Hooks 4

actionwp_print_scriptssktskillbar.php:14

actionwp_print_stylessktskillbar.php:15

actionadmin_menusktskillbar.php:590

filterplugin_action_linkssktskillbar.php:603

Maintenance & Trust

SKT Skill Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 12, 2025

PHP min version7.4

Downloads72K

Community Trust

Rating82/100

Number of ratings14

Active installs1K

Alternatives

SKT Skill Bar Alternatives

Skill Bar WP

skill-bar-wp

This plugin awesome wordpress progress bar to show skills in percentage at any page or post.

10 No CVEs

Developer Profile

SKT Skill Bar Developer Profile

sonalsinha21

153 plugins · 54K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

60 days

View full developer profile

Detection Fingerprints

How We Detect SKT Skill Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/skt-skill-bar/skill_bar/bar/jquery.appear.js/wp-content/plugins/skt-skill-bar/skill_bar/circle/jquery.easy-pie-chart.js/wp-content/plugins/skt-skill-bar/skill_bar/circle/custom.js/wp-content/plugins/skt-skill-bar/skill_bar/gage/justgage.js/wp-content/plugins/skt-skill-bar/skill_bar/gage/raphael-2.1.4.min.js/wp-content/plugins/skt-skill-bar/skill_bar/js/Chart.js/wp-content/plugins/skt-skill-bar/skill_bar/js/chart.min.js/wp-content/plugins/skt-skill-bar/skill_bar/bar/sbar.css+2 more

Script Paths

Version Parameters

skt-skill-bar/skill_bar/bar/jquery.appear.js?ver=skt-skill-bar/skill_bar/circle/jquery.easy-pie-chart.js?ver=skt-skill-bar/skill_bar/circle/custom.js?ver=skt-skill-bar/skill_bar/gage/justgage.js?ver=skt-skill-bar/skill_bar/gage/raphael-2.1.4.min.js?ver=skt-skill-bar/skill_bar/js/Chart.js?ver=skt-skill-bar/skill_bar/js/chart.min.js?ver=skt-skill-bar/skill_bar/bar/sbar.css?ver=skt-skill-bar/skill_bar/circle/jquery.easy-pie-chart.css?ver=skt-skill-bar/skill_bar/css/custom.css?ver=

HTML / DOM Fingerprints

CSS Classes

skillbar-titleskill-bar-percentskillbar-bar

Data Attributes

data-percent

JS Globals

SB_VERsbargagerJustGagejQuery

Shortcode Output

<div id="skillbar_straight"<div style="clear:both;"><style type="text/css">.skillbar-title{font-size:<script>function sbar(){

FAQ

SKT Skill Bar Security & Risk Analysis

Is SKT Skill Bar Safe to Use in 2026?

Generally Safe

Key Concerns

SKT Skill Bar Security Vulnerabilities

CVEs by Year

Severity Breakdown

SKT Skill Bar Release Timeline

SKT Skill Bar Code Analysis

Output Escaping

SKT Skill Bar Attack Surface

Shortcodes 2

SKT Skill Bar Maintenance & Trust

Maintenance Signals

Community Trust

SKT Skill Bar Alternatives

Skill Bar WP

SKT Skill Bar Developer Profile

How We Detect SKT Skill Bar

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about SKT Skill Bar