Does Bubble Menu – Floating Button Menu with Sticky Navigation have any unpatched vulnerabilities?

No. All known vulnerabilities in Bubble Menu – Floating Button Menu with Sticky Navigation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bubble Menu – Floating Button Menu with Sticky Navigation compatible with WordPress 6.9.4?

According to WordPress.org data, Bubble Menu – Floating Button Menu with Sticky Navigation 4.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Bubble Menu – Floating Button Menu with Sticky Navigation compatible with PHP 7.4+?

Bubble Menu – Floating Button Menu with Sticky Navigation requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Bubble Menu – Floating Button Menu with Sticky Navigation Security & Risk Analysis

wordpress.org/plugins/bubble-menu

Create interactive floating bubble menus to enhance site navigation and boost user engagement effortlessly.

1K active installs v4.1.1 PHP 7.4+ WP 5.5+ Updated Dec 2, 2025

bubble-menucircle-menufloating-buttonsfloating-menusticky-navigation

A · Safe

CVEs total3

Unpatched0

Last CVEJan 24, 2025

Plugin page Download

Safety Verdict

Is Bubble Menu – Floating Button Menu with Sticky Navigation Safe to Use in 2026?

Generally Safe

Score 98/100

Bubble Menu – Floating Button Menu with Sticky Navigation has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 24, 2025Updated 4mo ago

Risk Assessment

The 'bubble-menu' plugin v4.1.1 demonstrates a generally good security posture with a robust approach to output escaping and a low number of SQL queries that bypass prepared statements. The absence of any file operations or external HTTP requests further strengthens its security. However, the presence of taint analysis flows with unsanitized paths, specifically three flagged as high severity, indicates a potential risk for attackers to inject malicious code or exploit logic flaws. While there are no currently unpatched CVEs, the plugin's history of three medium-severity vulnerabilities, predominantly Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), suggests a recurring pattern of input validation issues that need careful attention. The presence of non-critical entry points and a limited number of capability checks are positive signs, but the identified taint flows and past vulnerability types warrant vigilance.

Key Concerns

High severity unsanitized taint flows found
Medium severity vulnerabilities in history
SQL queries without prepared statements

Vulnerabilities

Bubble Menu – Floating Button Menu with Sticky Navigation Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-24714medium · 4.3Cross-Site Request Forgery (CSRF)

Bubble Menu – circle floating menu <= 4.0.2 - Cross-Site Request Forgery

Jan 24, 2025 Patched in 4.0.3 (5d)

CVE-2023-3650medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 17, 2023 Patched in 3.0.5 (326d)

CVE-2023-23984medium · 4.3Cross-Site Request Forgery (CSRF)

Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery

Jan 20, 2023 Patched in 3.0.2 (368d)

Code Analysis

Analyzed Mar 16, 2026

Bubble Menu – Floating Button Menu with Sticky Navigation Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

342 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

77% prepared26 total queries

Output Escaping

98% escaped350 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths

menu (classes\Admin\Dashboard.php:163)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Bubble Menu – Floating Button Menu with Sticky Navigation Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionplugins_loadedbubble-menu.php:71

actionadmin_initclasses\Admin\AdminActions.php:23

actionadmin_noticesclasses\Admin\AdminNotices.php:13

filterplugin_action_linksclasses\Admin\Dashboard.php:25

filterplugin_row_metaclasses\Admin\Dashboard.php:26

filteradmin_footer_textclasses\Admin\Dashboard.php:27

actionadmin_enqueue_scriptsclasses\Admin\Dashboard.php:28

actionadmin_menuclasses\Admin\Dashboard.php:29

actionadmin_menuincludes\class-wow-company.php:20

actionadmin_enqueue_scriptsincludes\class-wow-company.php:21

actionwp_enqueue_scriptspublic\class-wowp-public.php:34

actionwp_footerpublic\class-wowp-public.php:35

filternav_menu_css_classpublic\class-wowp-public.php:38

filterwalker_nav_menu_start_elpublic\class-wowp-public.php:39

Maintenance & Trust

Bubble Menu – Floating Button Menu with Sticky Navigation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version7.4

Downloads47K

Community Trust

Rating84/100

Number of ratings9

Active installs1K

Alternatives

Bubble Menu – Floating Button Menu with Sticky Navigation Alternatives

Sticky Menu & Sticky Header

sticky-menu-or-anything-on-scroll

100

Sticky Menu or Sticky Header sticks elements at the top of the screen when you scroll, or create a floating sticky menu or fixed widget.

100K 1 CVE

Float menu – awesome floating side menu

float-menu

Easily create floating menus of varying complexity. Use its capabilities to place unique navigation on the site.

30K 4 CVEs

Simple Floating Menu

simple-floating-menu

100

Simple Floating Menu add a simple floating button with various layouts and settings.

10K No CVEs

Sticky Buttons – Floating Buttons Builder

sticky-buttons

Increase user engagement by incorporating sticky buttons that highlight relevant information on your website.

10K 3 CVEs

Side Menu Lite – Sticky Floating Side Menu

side-menu-lite

Create a sticky vertical sidebar menu that enhances navigation and highlights important links on your website.

7K 5 CVEs

Developer Profile

Bubble Menu – Floating Button Menu with Sticky Navigation Developer Profile

Wow-Company

25 plugins · 98K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

236 days

View full developer profile

Detection Fingerprints

How We Detect Bubble Menu – Floating Button Menu with Sticky Navigation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bubble-menu/assets/css/bubble-menu.css/wp-content/plugins/bubble-menu/assets/js/bubble-menu.js

Script Paths

/wp-content/plugins/bubble-menu/assets/js/bubble-menu.js

Version Parameters

bubble-menu/assets/css/bubble-menu.css?ver=bubble-menu/assets/js/bubble-menu.js?ver=

HTML / DOM Fingerprints

CSS Classes

wow-bubble-menu

Data Attributes

data-wow-bubble-menu-id

JS Globals

wow_bubble_menu_options

Shortcode Output

[Bubble-Menu

FAQ