Does WP Sticky Header have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Sticky Header have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Sticky Header compatible with WordPress 5.2.24?

According to WordPress.org data, WP Sticky Header 1.5 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is WP Sticky Header updated?

WP Sticky Header was last updated on Aug 16, 2019. Frequent updates are generally a positive security signal.

What is WP Sticky Header's security score?

WP Sticky Header has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Sticky Header Security & Risk Analysis

wordpress.org/plugins/wp-sticky-header

Plugin to display some content/notification on top/bottom of the webpage.

20 active installs v1.5 PHP + WP 3.0.1+ Updated Aug 16, 2019

bottomcloseheadernotificationtop

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Sticky Header Safe to Use in 2026?

Generally Safe

Score 85/100

WP Sticky Header has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The wp-sticky-header plugin version 1.5 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, cron events, dangerous functions, raw SQL queries, and external HTTP requests significantly reduces its attack surface. The high percentage of properly escaped output and the lack of file operations further contribute to a secure codebase. The plugin's vulnerability history is also clean, with no known CVEs, suggesting a history of responsible development and maintenance.

However, there are a few areas that warrant attention. The complete lack of nonce checks and capability checks across all entry points, though currently not an issue due to the absence of exposed entry points, represents a potential future risk. If new entry points are added without proper authorization mechanisms, the plugin would become vulnerable. Similarly, the lack of taint analysis results, while positive, could be an indication that the analysis was limited or that the plugin's functionality simply doesn't present complex data flows that would trigger such analysis.

Overall, wp-sticky-header v1.5 appears to be a secure plugin. Its strengths lie in its minimal attack surface and well-sanitized code. The primary weakness is the absence of explicit authorization checks, which, while not a current vulnerability, is a practice that could introduce risks if the plugin's functionality evolves without addressing this.

Key Concerns

No nonce checks present
No capability checks present

Vulnerabilities

None known

WP Sticky Header Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Sticky Header Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

85% escaped39 total outputs

Attack Surface

WP Sticky Header Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menuwp-sticky-header.php:12

actionadmin_initwp-sticky-header.php:20

actionwp_footerwp-sticky-header.php:120

actionadmin_enqueue_scriptswp-sticky-header.php:174

actionwp_headwp-sticky-header.php:180

actionadmin_initwp-sticky-header.php:217

actionupgrader_process_completewp-sticky-header.php:218

Maintenance & Trust

WP Sticky Header Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 16, 2019

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WP Sticky Header Alternatives

Yoo Bar – Floating Notification & Promo Bar for Website

yoo-bar

adds a clean notification bar at the top or bottom of your website.

100 1 CVE

WPFront Notification Bar

wpfront-notification-bar

Easily lets you create a bar on top or bottom to display a notification.

50K 4 CVEs

Dima Take Action

dima-take-action

Easily lets you add a Top/Buttom Banner to display a notification and promotion.

300 1 unpatched

Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme

gp-notification-bar

Easily it allows you to create a bar on top or bottom to display a notification or promotion

40 1 unpatched

Barilo Light – Top Bar Message

barilo-light-top-bar-message

100

A free plugin to display a customizable top bar message on your WordPress site. Great for announcements, greetings, notifications or promotions.

0 No CVEs

Developer Profile

WP Sticky Header Developer Profile

wpnaga

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Sticky Header

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-sticky-header/js/wpsh_header.js/wp-content/plugins/wp-sticky-header/js/wpsh_autoclose.js/wp-content/plugins/wp-sticky-header/js/wpsh_pickcolor.js

Script Paths

/wp-content/plugins/wp-sticky-header/js/wpsh_header.js/wp-content/plugins/wp-sticky-header/js/wpsh_autoclose.js/wp-content/plugins/wp-sticky-header/js/wpsh_pickcolor.js

Version Parameters

wp-sticky-header/js/wpsh_header.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

wpsh_fixedwpsh_close

Data Attributes

data-close_seconds

JS Globals

php_vars

FAQ