Does Blog Floating Button have any unpatched vulnerabilities?

No. All known vulnerabilities in Blog Floating Button have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blog Floating Button compatible with WordPress 6.7.5?

According to WordPress.org data, Blog Floating Button 1.4.20 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Blog Floating Button compatible with PHP 8.2+?

Blog Floating Button requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Blog Floating Button updated?

Blog Floating Button was last updated on Sep 18, 2025. Frequent updates are generally a positive security signal.

What is Blog Floating Button's security score?

Blog Floating Button has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blog Floating Button Security & Risk Analysis

wordpress.org/plugins/blog-floating-button

Blog Floating Button(BFB)は、ブログにフロートボタンを簡単に実装できるプラグインです。フロートボタンでキラーページに簡単に誘導することができるため、商品購入数や問い合わせ数の向上が期待できます。

9K active installs v1.4.20 PHP 8.2+ WP 6.0+ Updated Sep 18, 2025

announcementbannerfixed-bannerfloating-bannerfooter-banner

A · Safe

CVEs total1

Unpatched0

Last CVEMar 3, 2023

Plugin page Download

Safety Verdict

Is Blog Floating Button Safe to Use in 2026?

Generally Safe

Score 100/100

Blog Floating Button has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 3, 2023Updated 6mo ago

Risk Assessment

The blog-floating-button plugin, version 1.4.20, exhibits a mixed security posture. While it demonstrates some good practices like implementing nonce checks and capability checks, a significant concern arises from its attack surface. A substantial portion of its entry points, specifically 6 out of 10, lack proper authentication checks, making them potentially vulnerable to unauthorized access and manipulation. The presence of the `unserialize` function is another red flag, as it can be a vector for remote code execution if not handled with extreme care and validation of the serialized data. Furthermore, the plugin's vulnerability history, while currently showing no unpatched CVEs, includes a past medium severity vulnerability, specifically Cross-Site Request Forgery (CSRF). This pattern suggests a recurring need for diligent security practices and potentially highlights areas where past vulnerabilities may not have been fully addressed at a fundamental level. The taint analysis results are positive, showing no critical or high severity flows with unsanitized paths, which is a strength, but this is overshadowed by the exposed attack surface and the dangerous function usage.

Key Concerns

REST API routes without permission callbacks
Dangerous function: unserialize
SQL queries with low prepared statement usage
Output escaping below threshold
Bundled library: DataTables
Past medium severity CVE (CSRF)

Vulnerabilities

Blog Floating Button Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-27445medium · 4.3Cross-Site Request Forgery (CSRF)

Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery

Mar 3, 2023 Patched in 1.4.13 (326d)

Code Analysis

Analyzed Mar 16, 2026

Blog Floating Button Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

470

590 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$imports = unserialize(file_get_contents($icache));scssphp\scss.inc.php:4268

unserialize$imports = unserialize(file_get_contents($icache));trunk\scssphp\scss.inc.php:4268

Bundled Libraries

DataTables

SQL Query Safety

44% prepared18 total queries

Output Escaping

56% escaped1060 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

<setting-info> (inc\setting-info.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Blog Floating Button Attack Surface

Entry Points10

Unprotected6

REST API Routes 6

POST/wp-json/bfb/api/bfb_write_logfunction.php:366

POST/wp-json/bfb/api/live_previewfunction.php:433

POST/wp-json/bfb/api/echo_bfb_optimizefunction.php:500

POST/wp-json/bfb/api/bfb_write_logtrunk\function.php:366

POST/wp-json/bfb/api/live_previewtrunk\function.php:433

POST/wp-json/bfb/api/echo_bfb_optimizetrunk\function.php:500

Shortcodes 4

[bfb_show] blog-floating-button.php:168

[bfb_hide] blog-floating-button.php:169

[bfb_show] trunk\blog-floating-button.php:168

[bfb_hide] trunk\blog-floating-button.php:169

WordPress Hooks 32

actionadmin_menublog-floating-button.php:146

actionwp_footerblog-floating-button.php:157

actioninitblog-floating-button.php:163

actionadmin_noticesblog-floating-button.php:1009

actionadmin_enqueue_scriptsfunction.php:35

actionwp_enqueue_scriptsfunction.php:46

actionadmin_menufunction.php:77

actionsave_postfunction.php:147

actioncategory_edit_formfunction.php:150

actionedited_termfunction.php:165

actionplugins_loadedfunction.php:316

actionrest_api_initfunction.php:376

actionrest_api_initfunction.php:443

actionrest_api_initfunction.php:510

actionbfb_cleanup_logs_eventfunction.php:571

actionadmin_noticesoptimize.php:155

actionadmin_menutrunk\blog-floating-button.php:146

actionwp_footertrunk\blog-floating-button.php:157

actioninittrunk\blog-floating-button.php:163

actionadmin_noticestrunk\blog-floating-button.php:1009

actionadmin_enqueue_scriptstrunk\function.php:35

actionwp_enqueue_scriptstrunk\function.php:46

actionadmin_menutrunk\function.php:77

actionsave_posttrunk\function.php:147

actioncategory_edit_formtrunk\function.php:150

actionedited_termtrunk\function.php:165

actionplugins_loadedtrunk\function.php:316

actionrest_api_inittrunk\function.php:376

actionrest_api_inittrunk\function.php:443

actionrest_api_inittrunk\function.php:510

actionbfb_cleanup_logs_eventtrunk\function.php:571

actionadmin_noticestrunk\optimize.php:155

Scheduled Events 2

bfb_cleanup_logs_event

Maintenance & Trust

Blog Floating Button Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedSep 18, 2025

PHP min version8.2

Downloads75K

Community Trust

Rating100/100

Number of ratings1

Active installs9K

Alternatives

Blog Floating Button Alternatives

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

simple-banner

Display a simple banner/bar at the top or bottom of your website. Now with multi-banner support.

50K 6 CVEs

Notibar – Notification Bar for WordPress

notibar

Customizer for sticky header, notification bar, alert, promo code, marketing campaign, top banner

8K 3 CVEs

Announcement & Notification Banner – Bulletin

bulletin-announcements

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs

Sticky Banner

sticky-banner

Create eye-catching announcement banners that stick to the top or bottom of your site. Perfect for promotions, alerts, and important updates.

600 1 CVE

Announcement Banner

announcement-banner

Display a banner at the top or bottom of your WordPress site.

100 No CVEs

Developer Profile

Blog Floating Button Developer Profile

1meril

1 plugin · 9K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

326 days

View full developer profile

Detection Fingerprints

How We Detect Blog Floating Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blog-floating-button/css/bfb_style.css/wp-content/plugins/blog-floating-button/js/bfb.js/wp-content/plugins/blog-floating-button/js/bfb_setting.js/wp-content/plugins/blog-floating-button/js/bfb_init.js

Script Paths

/wp-content/plugins/blog-floating-button/js/bfb.js/wp-content/plugins/blog-floating-button/js/bfb_setting.js/wp-content/plugins/blog-floating-button/js/bfb_init.js

Version Parameters

/wp-content/plugins/blog-floating-button/css/bfb_style.css?ver=/wp-content/plugins/blog-floating-button/js/bfb.js?ver=/wp-content/plugins/blog-floating-button/js/bfb_setting.js?ver=/wp-content/plugins/blog-floating-button/js/bfb_init.js?ver=

HTML / DOM Fingerprints

CSS Classes

bfb_positionbfb_design_textBtnbfb_design_textTextBtnbfb_design_textBtnTextBtnbfb_design_imgBanner

HTML Comments

Data Attributes

data-bfb-opt-id

JS Globals

bfb_setting

REST Endpoints

/wp-json/bfb/api/echo_bfb_optimize

Shortcode Output

[bfb_show[bfb_hide

FAQ

Blog Floating Button Security & Risk Analysis

Is Blog Floating Button Safe to Use in 2026?

Generally Safe

Key Concerns

Blog Floating Button Security Vulnerabilities

CVEs by Year

Severity Breakdown

Blog Floating Button Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Blog Floating Button Attack Surface

REST API Routes 6

Shortcodes 4

Scheduled Events 2

Blog Floating Button Maintenance & Trust

Maintenance Signals

Community Trust

Blog Floating Button Alternatives

Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website

Notibar – Notification Bar for WordPress

Announcement & Notification Banner – Bulletin

Sticky Banner

Announcement Banner

Blog Floating Button Developer Profile

How We Detect Blog Floating Button

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Blog Floating Button