Does Astrolabe have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Astrolabe compatible with WordPress 6.6.5?

According to WordPress.org data, Astrolabe 1.0.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Astrolabe updated?

Astrolabe was last updated on Oct 19, 2024. Frequent updates are generally a positive security signal.

What is Astrolabe's security score?

Astrolabe has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Astrolabe Security & Risk Analysis

wordpress.org/plugins/astrolabe

Astrolabe adds a bottom fixed menu that follows the user as they scroll, in the bottom area of the screen.

0 active installs v1.0.0 PHP + WP 6.0+ Updated Oct 19, 2024

bottomdockfixedmenusticky

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Astrolabe Safe to Use in 2026?

Generally Safe

Score 92/100

Astrolabe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "astrolabe" v1.0.0 plugin exhibits a strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the potential attack surface. Furthermore, the code does not utilize dangerous functions, performs all SQL queries using prepared statements, and has no file operations or external HTTP requests. This suggests a well-crafted and secure codebase from a development perspective.

However, a significant concern arises from the complete lack of nonce checks and capability checks. While the current attack surface is minimal, any future expansion or introduction of new features could inadvertently introduce vulnerabilities if these fundamental security mechanisms are not implemented. The taint analysis, while showing zero flows, is based on a zero attack surface, so its findings are not conclusive for potential future risks. The absence of any recorded vulnerability history is a positive sign, indicating a history of secure development or limited exposure.

In conclusion, "astrolabe" v1.0.0 appears to be a secure plugin in its current state due to its very limited attack surface and the absence of common risky coding practices. The main weakness lies in the fundamental absence of nonce and capability checks, which leaves it vulnerable to potential issues if the plugin evolves without addressing these omissions. The lack of historical vulnerabilities is a strength, but the lack of built-in authorization checks is a significant omission that could lead to future risks.

Key Concerns

Missing nonce checks
Missing capability checks
Output escaping not 100% (18% unescaped)

Vulnerabilities

None known

Astrolabe Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Astrolabe Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Astrolabe Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped11 total outputs

Attack Surface

Astrolabe Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_menuadmin/class-plugin-settings.php:38

actionadmin_initadmin/class-plugin-settings.php:41

actionadmin_enqueue_scriptsadmin/class-plugin-settings.php:44

actionwp_enqueue_scriptsincludes/class-astrolabe-core.php:58

actioninitincludes/class-menu.php:38

actionwp_body_openincludes/class-menu.php:41

actionwp_body_openincludes/class-menu.php:44

actionwp_enqueue_scriptsincludes/class-menu.php:46

Maintenance & Trust

Astrolabe Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 19, 2024

PHP min version

Downloads489

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Astrolabe Alternatives

WP Mobile Bottom Menu

mobile-bottom-menu-for-wp

Smooth Navigation for Mobile. Create an Eye-Catching Sticky Bottom Menu with Limitless Customization Options.

10K 1 CVE

Simple Floating Menu

simple-floating-menu

100

Simple Floating Menu add a simple floating button with various layouts and settings.

10K No CVEs

Catch Sticky Menu

catch-sticky-menu

100

Catch Sticky Menu is a lightweight, simple yet feature-rich free WordPress plugin for sticky menu that allows you to lock the menu on your website.

2K No CVEs

All-in-One Sticky Anything – Click to Call, Fixed Widget, Sticky Header, Menu, Sidebar, Social Icons & Cookie Consent

all-in-one-wp-sticky-anything

100

All-in-One Sticky Anything easily creates click to call, fixed widgets, sticky elements, sticky header, menu, sidebar, social icons & cookie consent.

1K No CVEs

Fixed And Sticky Header

fixed-and-sticky-header

This plugin will made your header or menu fixed and sticky.

1K No CVEs

Developer Profile

Astrolabe Developer Profile

Matt Bonacini

1 plugin · 0 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Astrolabe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/astrolabe/admin/admin.css

Version Parameters

astrolabe/admin/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

wa-astro-admin-noticewa-astro-dark-themewa-astro-light-themewa-astro-dark-ice-theme

Data Attributes

data-astr-dock

JS Globals

astrolabe_settings

FAQ