WP-Safety

Button Generator – Easily Create Custom Buttons with Icons and Analytics Security & Risk Analysis

wordpress.org/plugins/button-generation

Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.

5K active installs v3.2.6 PHP 7.4+ WP 5.5+ Updated Mar 13, 2026
buttonscall-buttoncontact-buttonfloating-buttonfloating-menu
96
A · Safe
CVEs total8
Unpatched0
Last CVEJan 24, 2025
Plugin page Download
Safety Verdict

Is Button Generator – Easily Create Custom Buttons with Icons and Analytics Safe to Use in 2026?

Generally Safe

Score 96/100

Button Generator – Easily Create Custom Buttons with Icons and Analytics has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Jan 24, 2025Updated 2mo ago
Risk Assessment

The "button-generation" plugin v3.2.6 exhibits a mixed security posture. On the positive side, the static analysis reveals good practices such as a high percentage of SQL queries using prepared statements and properly escaped output. The absence of file operations and external HTTP requests is also a strength. Furthermore, all identified AJAX handlers have authentication checks, and there are no unprotected entry points, which is excellent. However, there are significant concerns highlighted by the taint analysis, specifically 8 flows with unsanitized paths and 3 identified as high severity. This suggests potential vulnerabilities where user-supplied data is not being adequately validated or sanitized before being used in sensitive operations. The plugin's historical vulnerability record is a major red flag, with 8 known CVEs, including one high severity and seven medium severity. The common vulnerability types (CSRF, missing authorization, XSS) are indicative of recurring insecure coding patterns. While there are currently no unpatched vulnerabilities, the frequent discovery of past issues suggests an ongoing struggle with secure development practices.

In conclusion, while the plugin demonstrates some sound security implementations like prepared statements and output escaping, the significant number of unsanitized taint flows and the extensive history of diverse vulnerabilities paint a concerning picture. The presence of high-severity taint flows warrants immediate attention, as these could be exploited by attackers. The recurring nature of past vulnerabilities suggests that developers may need to revisit fundamental security principles and implement more robust input validation and sanitization mechanisms to prevent future exploitable issues. The plugin has strengths in certain areas, but the weaknesses, particularly concerning taint analysis and historical CVEs, outweigh them, indicating a moderate to high risk.

Key Concerns

  • High severity taint flows found
  • Unsanitized paths in taint flows
  • History of 8 known CVEs
  • History of 1 high severity CVE
  • History of 7 medium severity CVEs
Vulnerabilities
8 published

Button Generator – Easily Create Custom Buttons with Icons and Analytics Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
5 CVEs in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
7

8 total CVEs

CVE-2025-24713medium · 4.3Cross-Site Request Forgery (CSRF)

Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery

Jan 24, 2025 Patched in 3.1.2 (5d)
CVE-2024-3471medium · 4.3Cross-Site Request Forgery (CSRF)

Button Generator – easily Button Builder <= 2.3.9 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 3.0 (27d)
CVE-2023-49154medium · 5.3Missing Authorization

Button Generator – easily Button Builder <= 2.3.8 - Missing Authorization

Nov 28, 2023 Patched in 2.3.9 (58d)
CVE-2023-49155medium · 4.3Cross-Site Request Forgery (CSRF)

Button Generator – easily Button Builder <= 2.3.8 - Cross-Site Request Forgery

Nov 28, 2023 Patched in 2.3.9 (58d)
CVE-2023-25443medium · 5.3Cross-Site Request Forgery (CSRF)

Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php

May 25, 2023 Patched in 2.3.6 (243d)
CVE-2023-2362medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter

May 22, 2023 Patched in 2.3.5 (246d)
CVE-2023-27452medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 2, 2023 Patched in 2.3.4 (327d)
CVE-2021-25052high · 8.8Cross-Site Request Forgery (CSRF)

Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery

Dec 5, 2021 Patched in 2.3.3 (779d)
Version History

Button Generator – Easily Create Custom Buttons with Icons and Analytics Release Timeline

v3.2.6Current
v3.2.5
v3.2.4
v3.2.3
v3.2.2
v3.2.1
v3.2
v3.1.3
v3.1.2
v3.1.11 CVE
CVE-2025-24713
v3.11 CVE
CVE-2025-24713
v3.0.31 CVE
CVE-2025-24713
v3.0.21 CVE
CVE-2025-24713
v3.0.11 CVE
CVE-2025-24713
v3.01 CVE
CVE-2025-24713
v2.3.92 CVEs
CVE-2024-3471 CVE-2025-24713
v2.3.84 CVEs
CVE-2023-49154 CVE-2024-3471 CVE-2025-24713 +1 more
v2.3.74 CVEs
CVE-2023-49154 CVE-2024-3471 CVE-2025-24713 +1 more
v2.3.64 CVEs
CVE-2023-49154 CVE-2024-3471 CVE-2025-24713 +1 more
v2.3.55 CVEs
CVE-2023-49154 CVE-2024-3471 CVE-2025-24713 +2 more
Code Analysis
Analyzed Mar 16, 2026

Button Generator – Easily Create Custom Buttons with Icons and Analytics Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
20 prepared
Unescaped Output
7
274 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

77% prepared26 total queries

Output Escaping

98% escaped281 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

10 flows8 with unsanitized paths
menu (classes\Admin\Dashboard.php:161)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Button Generator – Easily Create Custom Buttons with Icons and Analytics Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_reset_statisticadmin\class-wowp-admin.php:32
noprivwp_ajax_button_actionpublic\class-wowp-public.php:34
authwp_ajax_button_actionpublic\class-wowp-public.php:35
WordPress Hooks 13
actionplugins_loadedbutton-generation.php:69
actionadmin_initclasses\Admin\AdminActions.php:23
actionadmin_noticesclasses\Admin\AdminNotices.php:25
filterplugin_action_linksclasses\Admin\Dashboard.php:21
filterplugin_row_metaclasses\Admin\Dashboard.php:22
filteradmin_footer_textclasses\Admin\Dashboard.php:23
actionadmin_enqueue_scriptsclasses\Admin\Dashboard.php:24
actionadmin_menuclasses\Admin\Dashboard.php:25
actionadmin_menuincludes\class-wow-company.php:20
actionadmin_enqueue_scriptsincludes\class-wow-company.php:21
actionwp_enqueue_scriptspublic\class-wowp-public.php:37
filterthe_contentpublic\class-wowp-public.php:38
actionwp_footerpublic\class-wowp-public.php:40
Maintenance & Trust

Button Generator – Easily Create Custom Buttons with Icons and Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads114K

Community Trust

Rating86/100
Number of ratings18
Active installs5K
Alternatives

Button Generator – Easily Create Custom Buttons with Icons and Analytics Alternatives

Floating Button – Easily Create Sticky, Fixed & Floating Buttons

Floating Button – Easily Create Sticky, Fixed & Floating Buttons

floating-button

A
100

Floating Buttons let you easily create sticky, fixed, and floating action buttons

4K 1 CVE
Sticky Action Buttons – Call, Chat, Navigate and more

Sticky Action Buttons – Call, Chat, Navigate and more

sticky-action-buttons-call-chat-navigate-and-more

A
85

The ultimate flexible and lightweight responsive sticky floating contact buttons. over 100 different design options.

200 No CVEs
Floating Contact Buttons

Floating Contact Buttons

degx-floating-buttons

A
100

Add customizable WhatsApp and Phone floating buttons to your WordPress website.

60 No CVEs
Bubble Menu – Floating Button Menu with Sticky Navigation

Bubble Menu – Floating Button Menu with Sticky Navigation

bubble-menu

A
98

Create interactive floating bubble menus to enhance site navigation and boost user engagement effortlessly.

1K 3 CVEs
Nút Bấm Liên Hệ Dibrother

Nút Bấm Liên Hệ Dibrother

dibrother-floating-buttons

A
100

Thêm các nút liên hệ (Gọi, Zalo, Messenger) cố định vào website WordPress. Kết nối tức thì với khách hàng.

800 No CVEs
Developer Profile

Button Generator – Easily Create Custom Buttons with Icons and Analytics Developer Profile

Wow-Company

26 plugins · 98K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect Button Generator – Easily Create Custom Buttons with Icons and Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/button-generation/admin/css/admin-style.css/wp-content/plugins/button-generation/admin/css/colorpicker.css/wp-content/plugins/button-generation/admin/css/responsive.css/wp-content/plugins/button-generation/admin/js/admin-script.js/wp-content/plugins/button-generation/admin/js/colorpicker.js/wp-content/plugins/button-generation/admin/js/libs/jquery.min.js/wp-content/plugins/button-generation/admin/js/libs/jquery.ui.core.min.js/wp-content/plugins/button-generation/admin/js/libs/jquery.ui.mouse.min.js+28 more
Script Paths
/wp-content/plugins/button-generation/admin/js/admin-script.js/wp-content/plugins/button-generation/admin/js/colorpicker.js/wp-content/plugins/button-generation/admin/js/libs/jquery.min.js/wp-content/plugins/button-generation/admin/js/libs/jquery.ui.core.min.js/wp-content/plugins/button-generation/admin/js/libs/jquery.ui.mouse.min.js/wp-content/plugins/button-generation/admin/js/libs/jquery.ui.widget.min.js+26 more
Version Parameters
button-generation/admin/css/admin-style.css?ver=button-generation/admin/css/colorpicker.css?ver=button-generation/admin/css/responsive.css?ver=button-generation/admin/js/admin-script.js?ver=button-generation/admin/js/colorpicker.js?ver=button-generation/admin/js/libs/jquery.min.js?ver=button-generation/admin/js/libs/jquery.ui.core.min.js?ver=button-generation/admin/js/libs/jquery.ui.mouse.min.js?ver=button-generation/admin/js/libs/jquery.ui.widget.min.js?ver=button-generation/admin/js/libs/jquery.ui.draggable.min.js?ver=button-generation/admin/js/libs/jquery.ui.droppable.min.js?ver=button-generation/admin/js/libs/jquery.ui.resizable.min.js?ver=button-generation/admin/js/libs/jquery.ui.sortable.min.js?ver=button-generation/admin/js/libs/jquery.ui.accordion.min.js?ver=button-generation/admin/js/libs/jquery.ui.autocomplete.min.js?ver=button-generation/admin/js/libs/jquery.ui.button.min.js?ver=button-generation/admin/js/libs/jquery.ui.datepicker.min.js?ver=button-generation/admin/js/libs/jquery.ui.dialog.min.js?ver=button-generation/admin/js/libs/jquery.ui.menu.min.js?ver=button-generation/admin/js/libs/jquery.ui.position.min.js?ver=button-generation/admin/js/libs/jquery.ui.progressbar.min.js?ver=button-generation/admin/js/libs/jquery.ui.selectable.min.js?ver=button-generation/admin/js/libs/jquery.ui.slider.min.js?ver=button-generation/admin/js/libs/jquery.ui.spinner.min.js?ver=button-generation/admin/js/libs/jquery.ui.tabs.min.js?ver=button-generation/admin/js/libs/jquery.ui.tooltip.min.js?ver=button-generation/admin/js/libs/jquery.ui.datepicker.min.js?ver=button-generation/admin/js/libs/jquery.ui.draggable.min.js?ver=button-generation/admin/js/libs/jquery.ui.droppable.min.js?ver=button-generation/admin/js/libs/jquery.ui.resizable.min.js?ver=button-generation/admin/js/libs/jquery.ui.selectable.min.js?ver=button-generation/admin/js/libs/jquery.ui.sortable.min.js?ver=button-generation/admin/js/libs/jquery.ui.mouse.min.js?ver=button-generation/admin/js/libs/jquery.ui.widget.min.js?ver=button-generation/public/css/public-style.css?ver=button-generation/public/js/public-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wow-company-button-generatorwpie-linkswpie-color-orangewpie-links-dividerwpie-color-dangerbutton-generator-admin-wrapbutton-generator-dashboard-wrapbutton-generator-main-content+666 more
Data Attributes
data-iddata-titledata-paramdata-statusdata-modedata-tag
JS Globals
WOWP_Pluginwow_plugin_script_paramswow_plugin_admin_paramswow_company_button_generator_reset_nonce
FAQ

Frequently Asked Questions about Button Generator – Easily Create Custom Buttons with Icons and Analytics