Click to top Security & Risk Analysis
wordpress.org/plugins/click-to-topA wordpress plugin to create a customisable Click To Top feature.
Is Click to top Safe to Use in 2026?
Generally Safe
Score 99/100Click to top has a strong security track record. Known vulnerabilities have been patched promptly.
The 'click-to-top' plugin v1.3.0 demonstrates a generally good security posture in its static analysis, with no dangerous functions, no unescaped SQL queries, and a high percentage of output escaping. The presence of nonce and capability checks on its AJAX handlers is also a positive sign, indicating an effort to secure these entry points.
However, the plugin's vulnerability history is a significant concern. With two known medium-severity vulnerabilities in the past, specifically related to Missing Authorization and Cross-site Scripting, there's a pattern of past security weaknesses. While there are currently no unpatched vulnerabilities, the historical prevalence of these common and impactful vulnerability types suggests potential underlying issues in how user input is handled or how authorization is managed.
While the current code analysis doesn't reveal immediate exploitable flaws, the historical context warrants caution. The plugin has a history of exploitable vulnerabilities that were addressed, but the recurring nature of certain vulnerability types suggests a need for ongoing scrutiny and potentially more robust security practices in future development to prevent similar issues from resurfacing.
Key Concerns
- Two known medium severity vulnerabilities
- History of XSS and Missing Authorization
- 84% output escaping (16% not properly escaped)
Click to top Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Appsero <= 1.2.1 - Missing Authorization
Click to top <= 1.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting
Click to top Code Analysis
Output Escaping
Click to top Attack Surface
AJAX Handlers 3
WordPress Hooks 13
Maintenance & Trust
Click to top Maintenance & Trust
Maintenance Signals
Community Trust
Click to top Alternatives
WPFront Scroll Top
wpfront-scroll-top
Adds a lightweight and smooth "Scroll to Top" button to your WordPress site, improving navigation and user experience with customizable options.
Scroll Back To Top Button
scrollup-master
This is just a very simple plugin to have a scroll back to top button throughout your whole blog/site.
X-Scroll To Top – Responsive
x-scroll-to-top-responsive
X-Scroll To Top adds a customizable scroll-up button to your site. Personalize it to seamlessly match your design and enhance functionality.
scrollToTop
scrolltotop
Create your own back to top button or full-height bar and simple customize it as you want.
Flexible Scroll Top
flexible-scroll-top
Add a slick, lightweight and customizable scroll to top button that uses SVG icon with no jQuery dependency.
Click to top Developer Profile
102 plugins · 29K total installs
How We Detect Click to top
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/click-to-top/assets/css/click-top-icons.css/wp-content/plugins/click-to-top/assets/css/hover.css/wp-content/plugins/click-to-top/assets/css/click-top-style.css/wp-content/plugins/click-to-top/assets/js/jquery.easing.js/wp-content/plugins/click-to-top/assets/js/jquery.scrollUp.js/wp-content/plugins/click-to-top/assets/js/admin.jsclick-to-top/assets/css/click-top-icons.css?ver=click-to-top/assets/css/click-top-style.css?ver=HTML / DOM Fingerprints
click-to-top-update-noticeclick-to-top-dismiss-noticedata-notice-dismissclick_to_top_dismiss_nonce