WP-Safety

Blog Floating Button Security & Risk Analysis

wordpress.org/plugins/blog-floating-button

Blog Floating Button(BFB)は、ブログにフロートボタンを簡単に実装できるプラグインです。フロートボタンでキラーページに簡単に誘導することができるため、商品購入数や問い合わせ数の向上が期待できます。

9K active installs v1.4.20 PHP 8.2+ WP 6.0+ Updated Sep 18, 2025
announcementbannerfixed-bannerfloating-bannerfooter-banner
100
A · Safe
CVEs total1
Unpatched0
Last CVEMar 3, 2023
Plugin page Download
Safety Verdict

Is Blog Floating Button Safe to Use in 2026?

Generally Safe

Score 100/100

Blog Floating Button has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 3, 2023Updated 8mo ago
Risk Assessment

The blog-floating-button plugin, version 1.4.20, exhibits a mixed security posture. While it demonstrates some good practices like implementing nonce checks and capability checks, a significant concern arises from its attack surface. A substantial portion of its entry points, specifically 6 out of 10, lack proper authentication checks, making them potentially vulnerable to unauthorized access and manipulation. The presence of the `unserialize` function is another red flag, as it can be a vector for remote code execution if not handled with extreme care and validation of the serialized data. Furthermore, the plugin's vulnerability history, while currently showing no unpatched CVEs, includes a past medium severity vulnerability, specifically Cross-Site Request Forgery (CSRF). This pattern suggests a recurring need for diligent security practices and potentially highlights areas where past vulnerabilities may not have been fully addressed at a fundamental level. The taint analysis results are positive, showing no critical or high severity flows with unsanitized paths, which is a strength, but this is overshadowed by the exposed attack surface and the dangerous function usage.

Key Concerns

  • REST API routes without permission callbacks
  • Dangerous function: unserialize
  • SQL queries with low prepared statement usage
  • Output escaping below threshold
  • Bundled library: DataTables
  • Past medium severity CVE (CSRF)
Vulnerabilities
1 published

Blog Floating Button Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-27445medium · 4.3Cross-Site Request Forgery (CSRF)

Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery

Mar 3, 2023 Patched in 1.4.13 (326d)
Version History

Blog Floating Button Release Timeline

v1.4.20Current
v1.4.19
v1.4.18
v1.4.17
v1.4.16
v1.4.15
v1.4.14
v1.4.13
v1.4.121 CVE
CVE-2023-27445
v1.4.111 CVE
CVE-2023-27445
v1.4.101 CVE
CVE-2023-27445
v1.4.91 CVE
CVE-2023-27445
v1.4.81 CVE
CVE-2023-27445
v1.4.71 CVE
CVE-2023-27445
Code Analysis
Analyzed Mar 16, 2026

Blog Floating Button Code Analysis

Dangerous Functions
2
Raw SQL Queries
10
8 prepared
Unescaped Output
470
590 escaped
Nonce Checks
8
Capability Checks
6
File Operations
16
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$imports = unserialize(file_get_contents($icache));scssphp\scss.inc.php:4268
unserialize$imports = unserialize(file_get_contents($icache));trunk\scssphp\scss.inc.php:4268

Bundled Libraries

DataTables

SQL Query Safety

44% prepared18 total queries

Output Escaping

56% escaped1060 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
<setting-info> (inc\setting-info.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Blog Floating Button Attack Surface

Entry Points10
Unprotected6

REST API Routes 6

POST/wp-json/bfb/api/bfb_write_logfunction.php:366
POST/wp-json/bfb/api/live_previewfunction.php:433
POST/wp-json/bfb/api/echo_bfb_optimizefunction.php:500
POST/wp-json/bfb/api/bfb_write_logtrunk\function.php:366
POST/wp-json/bfb/api/live_previewtrunk\function.php:433
POST/wp-json/bfb/api/echo_bfb_optimizetrunk\function.php:500

Shortcodes 4

[bfb_show] blog-floating-button.php:168
[bfb_hide] blog-floating-button.php:169
[bfb_show] trunk\blog-floating-button.php:168
[bfb_hide] trunk\blog-floating-button.php:169
WordPress Hooks 32
actionadmin_menublog-floating-button.php:146
actionwp_footerblog-floating-button.php:157
actioninitblog-floating-button.php:163
actionadmin_noticesblog-floating-button.php:1009
actionadmin_enqueue_scriptsfunction.php:35
actionwp_enqueue_scriptsfunction.php:46
actionadmin_menufunction.php:77
actionsave_postfunction.php:147
actioncategory_edit_formfunction.php:150
actionedited_termfunction.php:165
actionplugins_loadedfunction.php:316
actionrest_api_initfunction.php:376
actionrest_api_initfunction.php:443
actionrest_api_initfunction.php:510
actionbfb_cleanup_logs_eventfunction.php:571
actionadmin_noticesoptimize.php:155
actionadmin_menutrunk\blog-floating-button.php:146
actionwp_footertrunk\blog-floating-button.php:157
actioninittrunk\blog-floating-button.php:163
actionadmin_noticestrunk\blog-floating-button.php:1009
actionadmin_enqueue_scriptstrunk\function.php:35
actionwp_enqueue_scriptstrunk\function.php:46
actionadmin_menutrunk\function.php:77
actionsave_posttrunk\function.php:147
actioncategory_edit_formtrunk\function.php:150
actionedited_termtrunk\function.php:165
actionplugins_loadedtrunk\function.php:316
actionrest_api_inittrunk\function.php:376
actionrest_api_inittrunk\function.php:443
actionrest_api_inittrunk\function.php:510
actionbfb_cleanup_logs_eventtrunk\function.php:571
actionadmin_noticestrunk\optimize.php:155

Scheduled Events 2

bfb_cleanup_logs_event
bfb_cleanup_logs_event
Maintenance & Trust

Blog Floating Button Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedSep 18, 2025
PHP min version8.2
Downloads76K

Community Trust

Rating100/100
Number of ratings1
Active installs9K
Alternatives

Blog Floating Button Alternatives

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

simple-banner

A
96

Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.

50K 6 CVEs
Notibar – Notification Bar for WordPress

Notibar – Notification Bar for WordPress

notibar

A
98

Customizer for sticky header, notification bar, alert, promo code, marketing campaign, top banner

8K 3 CVEs
Announcement & Notification Banner – Bulletin

Announcement & Notification Banner – Bulletin

bulletin-announcements

A
96

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs
Sticky Banner

Sticky Banner

sticky-banner

A
100

Create eye-catching announcement banners that stick to the top or bottom of your site. Perfect for promotions, alerts, and important updates.

600 1 CVE
Announcement Banner

Announcement Banner

announcement-banner

A
85

Display a banner at the top or bottom of your WordPress site.

100 No CVEs
Developer Profile

Blog Floating Button Developer Profile

1meril

1 plugin · 9K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
326 days
View full developer profile
Detection Fingerprints

How We Detect Blog Floating Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blog-floating-button/css/bfb_style.css/wp-content/plugins/blog-floating-button/js/bfb.js/wp-content/plugins/blog-floating-button/js/bfb_setting.js/wp-content/plugins/blog-floating-button/js/bfb_init.js
Script Paths
/wp-content/plugins/blog-floating-button/js/bfb.js/wp-content/plugins/blog-floating-button/js/bfb_setting.js/wp-content/plugins/blog-floating-button/js/bfb_init.js
Version Parameters
/wp-content/plugins/blog-floating-button/css/bfb_style.css?ver=/wp-content/plugins/blog-floating-button/js/bfb.js?ver=/wp-content/plugins/blog-floating-button/js/bfb_setting.js?ver=/wp-content/plugins/blog-floating-button/js/bfb_init.js?ver=

HTML / DOM Fingerprints

CSS Classes
bfb_positionbfb_design_textBtnbfb_design_textTextBtnbfb_design_textBtnTextBtnbfb_design_imgBanner
HTML Comments
<!-- BFB --><!-- START BFB_optimize --><!-- END BFB_optimize --><!-- BFB_optimize_preview -->
Data Attributes
data-bfb-opt-id
JS Globals
bfb_setting
REST Endpoints
/wp-json/bfb/api/echo_bfb_optimize
Shortcode Output
[bfb_show[bfb_hide
FAQ

Frequently Asked Questions about Blog Floating Button