Does WPFront Notification Bar have any unpatched vulnerabilities?

No. All known vulnerabilities in WPFront Notification Bar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPFront Notification Bar compatible with WordPress 6.9.4?

According to WordPress.org data, WPFront Notification Bar 3.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPFront Notification Bar compatible with PHP 7.0+?

WPFront Notification Bar requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPFront Notification Bar updated?

WPFront Notification Bar was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is WPFront Notification Bar's security score?

WPFront Notification Bar has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPFront Notification Bar Security & Risk Analysis

wordpress.org/plugins/wpfront-notification-bar

Easily lets you create a bar on top or bottom to display a notification.

50K active installs v3.5.1 PHP 7.0+ WP 5.0+ Updated Dec 2, 2025

bottom-barnotificationnotification-bartop-barwordpress-notification-bar

A · Safe

CVEs total4

Unpatched0

Last CVEMar 25, 2024

Plugin page Download

Safety Verdict

Is WPFront Notification Bar Safe to Use in 2026?

Generally Safe

Score 99/100

WPFront Notification Bar has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Mar 25, 2024Updated 4mo ago

Risk Assessment

The static analysis of wpfront-notification-bar v3.5.1 reveals a mixed security posture. On the positive side, the plugin presents a zero attack surface through AJAX, REST API, shortcodes, and cron events, with no unprotected entry points. This indicates a strong adherence to secure development practices regarding input vectors. Additionally, the presence of nonces and capability checks is encouraging.

However, the code analysis raises concerns regarding data handling. The single SQL query is not using prepared statements, which is a significant risk for SQL injection, especially if user input is involved. Furthermore, only 11% of output escaping is properly handled, leaving a substantial portion vulnerable to Cross-Site Scripting (XSS) attacks. The lack of taint analysis data in this report is a limitation, but the high percentage of unescaped output strongly suggests potential vulnerabilities.

The plugin has a history of four known medium-severity vulnerabilities, all related to Cross-Site Scripting, with the most recent being March 25, 2024. While there are no currently unpatched CVEs, this pattern of XSS vulnerabilities indicates a recurring weakness in how the plugin handles user-supplied data before rendering it in the frontend. This, combined with the low output escaping percentage, suggests a persistent risk. In conclusion, while the plugin excels in limiting its direct attack surface, significant weaknesses exist in its data sanitization and output escaping, compounded by a history of XSS flaws.

Key Concerns

Raw SQL query without prepared statements
Low percentage of properly escaped output
History of medium severity XSS vulnerabilities

Vulnerabilities

WPFront Notification Bar Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2024-29819medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPFront Notification Bar <= 3.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 3.4 (8d)

CVE-2024-0625medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPFront Notification Bar <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class]

Jan 24, 2024 Patched in 3.4 (188d)

CVE-2021-24601medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPFront Notification Bar <= 2.0.0 - Authenticated Stored Cross-Site Scripting

Aug 9, 2021 Patched in 2.1.0 (897d)

CVE-2021-24518medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPFront Notification Bar <= 1.9.2 - Authenticated Stored Cross-Site Scripting

Jul 11, 2021 Patched in 2.0.0 (926d)

Code Analysis

Analyzed Mar 16, 2026

WPFront Notification Bar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

191

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

11% escaped214 total outputs

Attack Surface

WPFront Notification Bar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

actiontemplate_redirectclasses\class-wpfront-notification-bar-controller.php:82

actionwp_footerclasses\class-wpfront-notification-bar-controller.php:85

actionwp_enqueue_scriptsclasses\class-wpfront-notification-bar-controller.php:87

actionwp_enqueue_scriptsclasses\class-wpfront-notification-bar-controller.php:89

actionwp_footerclasses\class-wpfront-notification-bar-controller.php:153

actionshutdownclasses\class-wpfront-notification-bar-controller.php:155

actionwp_body_openclasses\class-wpfront-notification-bar-controller.php:172

actionwp_footerclasses\class-wpfront-notification-bar-controller.php:173

actionwp_footerclasses\class-wpfront-notification-bar-controller.php:175

actionshutdownclasses\class-wpfront-notification-bar-controller.php:178

filterwp_kses_allowed_htmlclasses\class-wpfront-notification-bar-controller.php:346

actionplugins_loadedclasses\class-wpfront-notification-bar.php:112

actioninitclasses\class-wpfront-notification-bar.php:113

actionadmin_initclasses\class-wpfront-notification-bar.php:122

actionadmin_menuclasses\class-wpfront-notification-bar.php:123

filterplugin_action_linksclasses\class-wpfront-notification-bar.php:124

actionactivated_pluginclasses\class-wpfront-notification-bar.php:158

actionadmin_initclasses\class-wpfront-notification-bar.php:159

filterupload_mimesclasses\class-wpfront-notification-bar.php:234

filteradmin_footer_textclasses\class-wpfront-notification-bar.php:316

Maintenance & Trust

WPFront Notification Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version7.0

Downloads1.0M

Community Trust

Rating90/100

Number of ratings131

Active installs50K

Alternatives

WPFront Notification Bar Alternatives

Dima Take Action

dima-take-action

Easily lets you add a Top/Buttom Banner to display a notification and promotion.

300 1 unpatched

Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme

gp-notification-bar

Easily it allows you to create a bar on top or bottom to display a notification or promotion

40 1 unpatched

ConvBoost Sticky Notification Bar

convboost-sticky-notification-bar

100

Lightweight sticky top/bottom bar for promos & announcements. CTA, scheduling, exclusions, and live admin preview.

0 No CVEs

Top Bar

top-bar

Simply the easiest way to add a topbar to your website. Create a notification bar in no-time and show a message and a button to your visitors.

20K 3 CVEs

Easy Notification Bar

easy-notification-bar

100

A simple plugin for displaying a notice at the top of your website that can be closed by the visitor. Completely free and minimal without any upsells.

9K No CVEs

Developer Profile

WPFront Notification Bar Developer Profile

Syam Mohan

4 plugins · 280K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

458 days

View full developer profile

Detection Fingerprints

How We Detect WPFront Notification Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.css/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar-custom.css/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.js/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar-frontend.js/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar-custom.js/wp-content/plugins/wpfront-notification-bar/css/element-plus.min.css/wp-content/plugins/wpfront-notification-bar/js/vue.global.min.js/wp-content/plugins/wpfront-notification-bar/js/element-plus.min.js+2 more

Script Paths

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.csshttps://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/js/font-awesome.min.js//unpkg.com/element-plus@2.2.6/dist/index.full.js//unpkg.com/element-plus@2.2.6/dist/index.full.css//unpkg.com/vue@3.2.37/dist/vue.global.js

Version Parameters

wpfront-notification-bar/style.css?ver=wpfront-notification-bar/script.js?ver=wpfront-notification-bar/js/wpfront-notification-bar-frontend.js?ver=wpfront-notification-bar/js/wpfront-notification-bar-custom.js?ver=wpfront-notification-bar/css/wpfront-notification-bar-custom.css?ver=wpfront-notification-bar/js/options.js?ver=wpfront-notification-bar/css/options.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpfront-notification-barwpfront-nb-wrapperwpfront-nb-contentwpfront-nb-closewpfront-nb-buttonwpfront-notification-bar-optionsel-rowel-col+9 more

HTML Comments

Data Attributes

data-wpfront-notification-bar-iddata-wpfront-notification-bar-settings

JS Globals

WPFront_Notification_BarwpfrontNotificationBarFrontend

FAQ