Does WPeBanOver have any unpatched vulnerabilities?

No. All known vulnerabilities in WPeBanOver have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPeBanOver compatible with WordPress 3.6.1?

According to WordPress.org data, WPeBanOver 1.1 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is WPeBanOver updated?

WPeBanOver was last updated on Unknown. Frequent updates are generally a positive security signal.

What is WPeBanOver's security score?

WPeBanOver has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPeBanOver Security & Risk Analysis

wordpress.org/plugins/wpebanover

Show a small banner and on mouse event (over, out, click, dblclick) show another big or 2nd banner anywhere in your template, post, page or widget.

10 active installs v1.1 PHP + WP 2.9+ Updated Unknown

adsads-overbanner-overhovermouseover

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WPeBanOver Safe to Use in 2026?

Generally Safe

Score 100/100

WPeBanOver has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "wpebanover" v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding database interactions, with all SQL queries utilizing prepared statements, and no external HTTP requests or file operations are present. The limited attack surface, with only one shortcode and no AJAX handlers or REST API routes, also contributes to a seemingly reduced risk profile. However, significant concerns arise from the complete lack of output escaping. This means that any data processed and displayed by the plugin is vulnerable to cross-site scripting (XSS) attacks, as user-supplied input could be injected and executed within a user's browser. Furthermore, the absence of nonce and capability checks, while the static analysis shows no unprotected entry points from AJAX/REST, suggests that any potential future additions or interactions with these components might be introduced without these crucial security measures. The plugin's vulnerability history is clean, which is a positive indicator, but this cannot compensate for the present critical security flaw in output escaping.

Key Concerns

100% of outputs are not properly escaped
0 Nonce checks present
0 Capability checks present

Vulnerabilities

None known

WPeBanOver Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WPeBanOver Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped3 total outputs

Attack Surface

WPeBanOver Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[WPeBanOver] wpebanover.php:91

WordPress Hooks 6

actioninitwpebanover.php:16

actionwp_enqueue_scriptswpebanover.php:30

filterwidget_textwpebanover.php:89

filterwidget_textwpebanover.php:90

actionadmin_initwpebanover.php:194

actionadmin_menuwpebanover.php:195

Maintenance & Trust

WPeBanOver Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedUnknown

PHP min version

Downloads3K

Community Trust

Rating40/100

Number of ratings1

Active installs10

Alternatives

WPeBanOver Alternatives

Pushover Notifications for WordPress

pushover-notifications

Pushover Notifications allows your WordPress site to send push notifications straight to your iOS/Android device.

300 No CVEs

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

TablePress – Tables in WordPress made easy

tablepress

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs

Developer Profile

WPeBanOver Developer Profile

etruel

11 plugins · 13K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

116 days

View full developer profile

Detection Fingerprints

How We Detect WPeBanOver

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpebanover/banover.js/wp-content/plugins/wpebanover/oplugins.css/wp-content/plugins/wpebanover/oplugins.js

Script Paths

banover.jsoplugins.js

Version Parameters

wpebanover/banover.js?ver=wpebanover/oplugins.css?ver=wpebanover/oplugins.js?ver=

HTML / DOM Fingerprints

CSS Classes

WPeBanOverwpeplugnamewpelinkstsmall

Data Attributes

onclickonmouseoverondblclickonmouseOutnada

JS Globals

HideDIVDisplayDIVjQuery

Shortcode Output

<div class="WPeBanOver"><div id="littlebanner"><div id="bigbanner" style="display:none">

FAQ