Does Yoo Bar – Floating Notification & Promo Bar for Website have any unpatched vulnerabilities?

No. All known vulnerabilities in Yoo Bar – Floating Notification & Promo Bar for Website have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Yoo Bar – Floating Notification & Promo Bar for Website compatible with WordPress 6.8.5?

According to WordPress.org data, Yoo Bar – Floating Notification & Promo Bar for Website 2.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Yoo Bar – Floating Notification & Promo Bar for Website compatible with PHP 5.2+?

Yoo Bar – Floating Notification & Promo Bar for Website requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Yoo Bar – Floating Notification & Promo Bar for Website's security score?

Yoo Bar – Floating Notification & Promo Bar for Website has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Yoo Bar – Floating Notification & Promo Bar for Website Security & Risk Analysis

wordpress.org/plugins/yoo-bar

adds a clean notification bar at the top or bottom of your website.

100 active installs v2.0.10 PHP 5.2+ WP 5.0+ Updated Apr 29, 2025

bottom-barfooterheadernotificationtop-bar

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is Yoo Bar – Floating Notification & Promo Bar for Website Safe to Use in 2026?

Generally Safe

Score 99/100

Yoo Bar – Floating Notification & Promo Bar for Website has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2024Updated 11mo ago

Risk Assessment

The "yoo-bar" plugin version 2.0.10 exhibits a generally good security posture, with several positive indicators. The absence of dangerous functions, file operations, and external HTTP requests suggests a contained and well-developed codebase. All SQL queries are properly prepared, and a significant portion of output is correctly escaped, which are crucial for preventing common web vulnerabilities. The presence of nonce and capability checks, although not covering every single entry point, demonstrates an awareness of WordPress security best practices.

However, there are areas for concern. The static analysis indicates 18% of output is not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data reaches these outputs. While taint analysis found no specific unsanitized flows, this doesn't entirely negate the risk from unescaped output. The plugin's vulnerability history shows one medium-severity XSS vulnerability reported recently, even though it is currently unpatched. This historical trend, combined with the unescaped output, suggests a potential ongoing risk of XSS if the unescaped outputs are reachable by malicious input.

In conclusion, the "yoo-bar" plugin has strong foundational security practices like prepared SQL statements and a commitment to some authentication checks. However, the unaddressed medium-severity XSS vulnerability and the percentage of unescaped output represent the most significant weaknesses. Users should be aware of the potential for XSS, and developers should prioritize fixing the remaining output escaping issues to further harden the plugin.

Key Concerns

Medium severity vulnerability history (1 medium)
Unescaped output (18% of 191 outputs)

Vulnerabilities

Yoo Bar – Floating Notification & Promo Bar for Website Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11410medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 11, 2024 Patched in 2.0.7 (329d)

Code Analysis

Analyzed Mar 16, 2026

Yoo Bar – Floating Notification & Promo Bar for Website Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

156 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

82% escaped191 total outputs

Attack Surface

Yoo Bar – Floating Notification & Promo Bar for Website Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[yoobar_scode] class\class-yoobar-shortcode.php:29

WordPress Hooks 55

filterplugin_row_metaclass\admin\class-yoo-bar-admin.php:25

actionadmin_menuclass\admin\class-yoo-howto-use.php:20

actionadmin_headclass\admin\class-yoo-howto-use.php:25

actionadmin_menuclass\admin\class-yoo-tutorial.php:20

actionadmin_enqueue_scriptsclass\admin\class-yoo-tutorial.php:24

filteradmin_footer_textclass\admin\class-yoobar-preview.php:11

actionwp_footerclass\class-yoobar-footre-bar.php:17

actioninitclass\class-yoobar-shortcode.php:17

actionwp_body_openclass\class-yoobar-topper-bar.php:17

actionadmin_enqueue_scriptsincludes\class-yoo-bar.php:82

actionadmin_enqueue_scriptsincludes\class-yoo-bar.php:84

actionwp_enqueue_scriptsincludes\class-yoo-bar.php:96

actionwp_enqueue_scriptsincludes\class-yoo-bar.php:99

actionmanage_yoo_bar_posts_custom_columnincludes\class-yoo-settings.php:22

actionmanage_yoo_bar_posts_custom_columnincludes\class-yoo-settings.php:26

actioninitincludes\class-yoo-settings.php:31

filterdefault_titleincludes\class-yoo-settings.php:37

filtertiny_mce_before_initincludes\class-yoo-settings.php:40

filtermce_buttons_2includes\class-yoo-settings.php:45

filtermce_buttons_2includes\class-yoo-settings.php:50

actionadmin_headincludes\class-yoo-settings.php:54

filtermanage_yoo_bar_posts_columnsincludes\class-yoo-settings.php:57

filtermanage_yoo_bar_posts_columnsincludes\class-yoo-settings.php:61

filterpost_updated_messagesincludes\class-yoo-settings.php:67

filtermce_external_pluginsincludes\class-yoo-settings.php:314

filtermce_buttonsincludes\class-yoo-settings.php:316

filterpost_row_actionsincludes\class-yoobar-rows.php:21

actionadmin_action_rudr_duplicate_post_as_draftincludes\class-yoobar-rows.php:25

actionadmin_noticesincludes\class-yoobar-rows.php:27

actionadmin_initincludes\metaData\fieldData\class-custom-save-data.php:23

actionadd_meta_boxesincludes\metaData\fieldData\class-news-ticker.php:186

actionadd_meta_boxesincludes\metaData\fieldData\class-two-colum.php:90

actionsave_postincludes\metaData\fieldData\class-two-colum.php:94

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-address-field.php:86

actionsave_postincludes\metaData\fieldData\class-yoo-address-field.php:90

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-color-data.php:136

actionsave_postincludes\metaData\fieldData\class-yoo-color-data.php:140

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-contact-form.php:89

actionadmin_menuincludes\metaData\fieldData\class-yoo-countdownwrap.php:21

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-filed-data.php:68

actionsave_postincludes\metaData\fieldData\class-yoo-filed-data.php:72

actionadmin_menuincludes\metaData\fieldData\class-yoo-gallery-data.php:21

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-navbar-items.php:107

actionadmin_menuincludes\metaData\fieldData\class-yoo-specific-field.php:22

actionsave_postincludes\metaData\fieldData\class-yoo-specific-field.php:26

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-text-carousel.php:142

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-titile-data.php:42

actionsave_postincludes\metaData\fieldData\class-yoo-titile-data.php:46

actionadd_meta_boxesincludes\metaData\fieldData\class-yoo-typed-animation.php:118

actionadd_meta_boxesincludes\metaData\fieldData\class-yoobar-searchbox.php:84

actionsave_postincludes\metaData\fieldData\class-yoobar-searchbox.php:85

actionadd_meta_boxesincludes\metaData\fieldData\class-yoobar-shortcode-meta.php:34

actionadd_meta_boxesincludes\metaData\fieldData\class-yoobar-social-link.php:149

actionsave_postincludes\metaData\fieldData\class-yoobar-social-link.php:153

actionupdate_option_active_pluginsyoo-bar.php:68

Maintenance & Trust

Yoo Bar – Floating Notification & Promo Bar for Website Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 29, 2025

PHP min version5.2

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Yoo Bar – Floating Notification & Promo Bar for Website Alternatives

WPFront Notification Bar

wpfront-notification-bar

Easily lets you create a bar on top or bottom to display a notification.

50K 4 CVEs

Dima Take Action

dima-take-action

Easily lets you add a Top/Buttom Banner to display a notification and promotion.

300 1 unpatched

Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme

gp-notification-bar

Easily it allows you to create a bar on top or bottom to display a notification or promotion

40 1 unpatched

Barilo Light – Top Bar Message

barilo-light-top-bar-message

100

A free plugin to display a customizable top bar message on your WordPress site. Great for announcements, greetings, notifications or promotions.

0 No CVEs

ConvBoost Sticky Notification Bar

convboost-sticky-notification-bar

100

Lightweight sticky top/bottom bar for promos & announcements. CTA, scheduling, exclusions, and live admin preview.

0 No CVEs

Developer Profile

Yoo Bar – Floating Notification & Promo Bar for Website Developer Profile

Sharabindu

7 plugins · 5K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

176 days

View full developer profile

Detection Fingerprints

How We Detect Yoo Bar – Floating Notification & Promo Bar for Website

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yoo-bar/assets/admin/css/yoo-bar-admin.css/wp-content/plugins/yoo-bar/assets/admin/css/select2.min.css/wp-content/plugins/yoo-bar/assets/admin/css/jquery.minicolors.css/wp-content/plugins/yoo-bar/assets/admin/css/jquery.datetimepicker.css/wp-content/plugins/yoo-bar/assets/public/css/yoobar.min.css/wp-content/plugins/yoo-bar/assets/admin/js/yoo-bar-admin.js/wp-content/plugins/yoo-bar/assets/admin/js/select2.min.js/wp-content/plugins/yoo-bar/assets/admin/js/jquery.datetimepicker.js+2 more

Script Paths

/wp-content/plugins/yoo-bar/assets/admin/js/yoo-bar-admin.js/wp-content/plugins/yoo-bar/assets/admin/js/select2.min.js/wp-content/plugins/yoo-bar/assets/admin/js/jquery.datetimepicker.js/wp-content/plugins/yoo-bar/assets/admin/js/jquery.minicolors.min.js/wp-content/plugins/yoo-bar/assets/admin/js/video.popup.js

Version Parameters

yoo-bar.php?ver=2.0.10yoo-bar-admin.css?ver=2.0.10select2.min.css?ver=2.0.10jquery.minicolors.css?ver=2.0.10jquery.datetimepicker.css?ver=2.0.10yoobar.min.css?ver=2.0.10yoo-bar-admin.js?ver=2.0.10select2.min.js?ver=2.0.10jquery.datetimepicker.js?ver=2.0.10jquery.minicolors.min.js?ver=2.0.10video.popup.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes

yhow_yse

FAQ