Does Skysa Announcements App have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Skysa Announcements App compatible with WordPress 4.0.38?

According to WordPress.org data, Skysa Announcements App 1.10 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Skysa Announcements App updated?

Skysa Announcements App was last updated on Sep 8, 2014. Frequent updates are generally a positive security signal.

What is Skysa Announcements App's security score?

Skysa Announcements App has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Skysa Announcements App Security & Risk Analysis

wordpress.org/plugins/skysa-announcements-app

Post pop-up ajax announcements for your site visitors. Rich content, announcement experation date and many other announcement options.

10 active installs v1.10 PHP + WP 2.7+ Updated Sep 8, 2014

announcementannouncementsnoticeskysaskysa-apps

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Skysa Announcements App Safe to Use in 2026?

Generally Safe

Score 85/100

Skysa Announcements App has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The skysa-announcements-app plugin v1.10 exhibits a concerning security posture, primarily due to its unprotected AJAX endpoints. While the plugin avoids dangerous functions and utilizes prepared statements for its SQL queries, which are positive signs, the presence of two AJAX handlers without any authentication or capability checks represents a significant attack vector. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.

The taint analysis, while not revealing critical or high severity issues in terms of direct code execution or data leakage through the analyzed flows, does indicate that all analyzed flows involved unsanitized paths. This, combined with the low percentage of properly escaped output (4%), suggests a general lack of input validation and output sanitization, which can indirectly lead to vulnerabilities if these unsanitized paths are exploited through the unprotected AJAX endpoints.

The plugin's vulnerability history is clean, with no recorded CVEs. This could indicate either a lack of past security scrutiny or that its current design, despite the identified weaknesses, has not yet been successfully exploited. However, the absence of historical vulnerabilities should not be interpreted as a guarantee of future security, especially given the evident design flaws in handling entry points. In conclusion, while the plugin demonstrates good practices in areas like SQL query handling, the critical oversight of unprotected AJAX endpoints and weak output escaping creates substantial security risks that need immediate attention.

Key Concerns

AJAX handlers without auth checks
Unsanitized paths in taint flows
Low percentage of properly escaped output
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

Skysa Announcements App Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Skysa Announcements App Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Skysa Announcements App Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

4% escaped23 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

SkysaApps_Admin_DrawTabs (skysa-required/admin.php:168)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Skysa Announcements App Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_skysa_apploadskysa-required/index.php:111

noprivwp_ajax_skysa_apploadskysa-required/index.php:112

WordPress Hooks 3

actionwp_print_footer_scriptsskysa-required/index.php:103

actionwp_footerskysa-required/index.php:105

actionadmin_menuskysa-required/index.php:109

Maintenance & Trust

Skysa Announcements App Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedSep 8, 2014

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Skysa Announcements App Alternatives

Announcement & Notification Banner – Bulletin

bulletin-announcements

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

simple-banner

Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.

50K 6 CVEs

Horizontal scrolling announcements

horizontal-scrolling-announcements

This horizontal scrolling announcement wordpress plugin lets scroll the content from one end to another end like reel. This plugin is using JQuery Mar …

8K 1 CVE

Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar

foobar-notifications-lite

100

Create unlimited notifications, announcements, or notices for your visitors

3K No CVEs

Post Timeline

post-timeline

Create stunning and interactive timelines for your WordPress posts with ease. Post Timeline is the ultimate plugin for displaying your WordPress conte …

800 3 CVEs

Developer Profile

Skysa Announcements App Developer Profile

Skysa

11 plugins · 110 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

4439 days

View full developer profile

Detection Fingerprints

How We Detect Skysa Announcements App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/skysa-announcements-app/icons/announcements-icon-wp.png

HTML / DOM Fingerprints

CSS Classes

SKYUI-announcementSKYUI-time

HTML Comments

*************************************************************
*                 This app was made using the:              *
*                       Skysa App SDK                       *
*    http://wordpress.org/extend/plugins/skysa-app-sdk/     *
*************************************************************

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA  02110-1301, USA.

Data Attributes

idtimeapptitlewhbar

JS Globals

S

FAQ