Does Boom Fest have any unpatched vulnerabilities?

No. All known vulnerabilities in Boom Fest have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Boom Fest compatible with WordPress 6.9.4?

According to WordPress.org data, Boom Fest 2.2.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Boom Fest compatible with PHP 7.4+?

Boom Fest requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Boom Fest updated?

Boom Fest was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is Boom Fest's security score?

Boom Fest has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Boom Fest Security & Risk Analysis

wordpress.org/plugins/boom-fest

For decoration of pages according to festival.

40 active installs v2.2.4 PHP 7.4+ WP 4.0+ Updated Dec 12, 2025

christmasfestivalhalloweennewyearsnow

A · Safe

CVEs total1

Unpatched0

Last CVEJan 24, 2025

Plugin page Download

Safety Verdict

Is Boom Fest Safe to Use in 2026?

Generally Safe

Score 99/100

Boom Fest has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 24, 2025Updated 3mo ago

Risk Assessment

The "boom-fest" v2.2.4 plugin exhibits a mixed security posture. While it demonstrates strong practices in output escaping, SQL query sanitization, and avoids dangerous functions and file operations, significant concerns arise from its attack surface. The presence of three unprotected AJAX handlers is a major weakness, providing potential entry points for malicious actors to exploit without proper authentication. The taint analysis shows no high-severity issues, which is a positive sign, and the vulnerability history indicates that previous medium-severity issues have been patched. However, the recurrence of "Missing Authorization" as a common vulnerability type in its history, coupled with the current unprotected AJAX endpoints, suggests a pattern of oversight in authorization checks that requires immediate attention. Despite the plugin's strengths in other areas, the unprotected AJAX handlers pose a substantial risk that overshadows its good practices.

Key Concerns

Unprotected AJAX handlers present significant risk
History of medium CVEs with missing authorization

Vulnerabilities

Boom Fest Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-13449medium · 5.3Missing Authorization

Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

Jan 24, 2025 Patched in 2.2.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Boom Fest Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

128 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

67% prepared18 total queries

Output Escaping

99% escaped129 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

bf_admin_action (admin\class-boom-fest-admin.php:197)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Boom Fest Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_bf_admin_actionincludes\class-boom-fest.php:162

authwp_ajax_bf_customfestincludes\class-boom-fest.php:163

noprivwp_ajax_bf_customfestincludes\class-boom-fest.php:164

WordPress Hooks 6

actionplugins_loadedincludes\class-boom-fest.php:144

actionadmin_enqueue_scriptsincludes\class-boom-fest.php:159

actionadmin_enqueue_scriptsincludes\class-boom-fest.php:160

actionadmin_menuincludes\class-boom-fest.php:161

actionwp_enqueue_scriptsincludes\class-boom-fest.php:179

actionwp_enqueue_scriptsincludes\class-boom-fest.php:180

Maintenance & Trust

Boom Fest Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 12, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Boom Fest Alternatives

AWPLife Weather Effects

weather-effect

Add animated falling effects like snow, rain, autumn leaves, and seasonal decorations to your website.

5K 2 CVEs

Christmasify!

christmasify

Christmasify is an easy-to-use Christmas plugin that can add snow, santa, decorations, music and a lovely Christmas font to your WordPress website.

3K 1 CVE

WP Snow Effect

wp-snow-effect

Add nice looking animation effect of falling snow to your Wordpress site and enjoy winter and Christmas.

2K 1 unpatched

Snow Storm

snow-storm

Display falling snow flakes on the front of your WordPress website for a festive presentation.

500 2 CVEs

Christmas Snow 3D – Snowfalling, Snowflake Effect and Christmas mood

christmas-snow-3d

The plugin adds Christmas mood and falling snowflakes with unique and smooth experience and realistic animation.

200 No CVEs

Developer Profile

Boom Fest Developer Profile

ibsofts

5 plugins · 1K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Boom Fest

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/boom-fest/admin/css/boom-fest-admin.css/wp-content/plugins/boom-fest/admin/css/bootstrap.min.css/wp-content/plugins/boom-fest/admin/css/chosen.min.css/wp-content/plugins/boom-fest/admin/js/boom-fest-admin.js/wp-content/plugins/boom-fest/admin/js/boom-fest-customfest.js/wp-content/plugins/boom-fest/admin/js/bootstrap.bundle.min.js/wp-content/plugins/boom-fest/admin/js/chosen.jquery.min.js/wp-content/plugins/boom-fest/assets/css/style.css+1 more

Script Paths

/wp-content/plugins/boom-fest/admin/js/boom-fest-admin.js/wp-content/plugins/boom-fest/admin/js/boom-fest-customfest.js/wp-content/plugins/boom-fest/admin/js/bootstrap.bundle.min.js/wp-content/plugins/boom-fest/admin/js/chosen.jquery.min.js/wp-content/plugins/boom-fest/assets/js/script.js

Version Parameters

boom-fest/admin/css/boom-fest-admin.css?ver=boom-fest/admin/css/bootstrap.min.css?ver=boom-fest/admin/css/chosen.min.css?ver=boom-fest/admin/js/boom-fest-admin.js?ver=boom-fest/admin/js/boom-fest-customfest.js?ver=boom-fest/admin/js/bootstrap.bundle.min.js?ver=boom-fest/admin/js/chosen.jquery.min.js?ver=boom-fest/assets/css/style.css?ver=boom-fest/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

bf_admin_wrapperbf_dashboard_widget

HTML Comments

Data Attributes

data-bf-settingsdata-bf-save-nonce

JS Globals

ajax_objectbf_ajax_object

Shortcode Output

[boom_fest_countdown][boom_fest_gallery]

FAQ