Does Confetti have any unpatched vulnerabilities?

No. All known vulnerabilities in Confetti have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Confetti compatible with WordPress 6.9.4?

According to WordPress.org data, Confetti 1.3.8.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Confetti compatible with PHP 5.6+?

Confetti requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Confetti updated?

Confetti was last updated on Dec 18, 2025. Frequent updates are generally a positive security signal.

What is Confetti's security score?

Confetti has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Confetti Security & Risk Analysis

wordpress.org/plugins/confetti

Add some fun and excitement to your site with confetti effects on any page of your WordPress site. Premium version integrates automatically with popul …

3K active installs v1.3.8.1 PHP 5.6+ WP 5.5+ Updated Dec 18, 2025

animationconfettiformthank-youthankyou

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Confetti Safe to Use in 2026?

Generally Safe

Score 100/100

Confetti has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "confetti" plugin v1.3.8.1 exhibits a generally good security posture with several strengths. The absence of known CVEs and a lack of critical or high severity taint flows are positive indicators. The code also demonstrates good practices with 100% of SQL queries using prepared statements and a high rate of output escaping (78%). The plugin also includes nonce checks, which is a positive security measure.

However, there are notable concerns. The presence of one unprotected AJAX handler represents a significant entry point that could be exploited if it handles user-supplied data without proper validation or authorization. While the static analysis found no critical taint flows, the unprotected AJAX handler is a prime candidate for such issues if it interacts with sensitive data or functionality. The lack of capability checks on this entry point further exacerbates the risk. A more comprehensive security audit would be beneficial to ensure all AJAX handlers are properly secured.

Overall, while the plugin has a clean vulnerability history and good code practices in many areas, the unprotected AJAX handler introduces a tangible risk. This single vulnerability, if it processes user input without sufficient sanitization or authorization, could lead to unauthorized actions or data exposure. The plugin's strengths lie in its well-handled SQL and output escaping, but its weakness lies in a single, potentially exploitable, entry point.

Key Concerns

Unprotected AJAX handler present
Missing capability checks on AJAX handler
Some unescaped output present

Vulnerabilities

None known

Confetti Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Confetti Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

78% escaped46 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

instances_tab (includes\admin\class-options.php:285)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Confetti Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_wps_confetti_dismiss_reviewincludes\admin\promos.php:104

Shortcodes 1

[confetti] includes\class-shortcode.php:21

WordPress Hooks 23

actionplugins_loadedconfetti.php:44

actionadmin_menuincludes\admin\class-options.php:52

actionadmin_enqueue_scriptsincludes\admin\class-options.php:53

actionwps_confetti_header_linksincludes\admin\class-options.php:54

actionadmin_initincludes\admin\class-options.php:57

actionwps_confetti_options_tab_instancesincludes\admin\class-options.php:60

actionwps_confetti_options_tab_integrations_promoincludes\admin\class-options.php:61

actionwps_confetti_options_tab_usageincludes\admin\class-options.php:62

actionadmin_initincludes\admin\class-options.php:65

actionwps_confetti_save_tab_instancesincludes\admin\class-options.php:66

actionadmin_noticesincludes\admin\class-options.php:67

actionwps_confetti_headerincludes\admin\promos.php:17

actionwps_confetti_options_beforeincludes\admin\promos.php:54

actionadmin_noticesincludes\admin\promos.php:93

actionwps_confetti_instance_optionsincludes\admin\promos.php:106

actionadmin_footerincludes\admin\promos.php:247

actioninitincludes\class-block.php:25

actionenqueue_block_editor_assetsincludes\class-block.php:26

actionenqueue_block_assetsincludes\class-block.php:27

filterrender_blockincludes\class-block.php:28

actionwp_enqueue_scriptsincludes\class-confetti.php:146

actionadmin_enqueue_scriptsincludes\class-confetti.php:147

actionwp_footerincludes\class-confetti.php:148

Maintenance & Trust

Confetti Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 18, 2025

PHP min version5.6

Downloads31K

Community Trust

Rating100/100

Number of ratings44

Active installs3K

Alternatives

Confetti Alternatives

Successful Redirection for Contact Form

cf7-redirection

100

A simple add-on for Forms that adds a redirect option after form sent successfully.

10K No CVEs

Loading Page with Loading Screen

loading-page

100

Loading Page with Loading Screen plugin performs a pre-loading of images on your website and displays a loading progress screen with percentage of com …

10K 1 CVE

View Transitions

view-transitions

100

Adds smooth transitions between navigations to your WordPress site.

10K No CVEs

Fast Smooth Scroll

fast-smooth-scroll

100

This lightweight plugin enhances user experience by enabling smooth scrolling for anchor links without the need for jQuery or other dependencies.

800 No CVEs

Confetti Fall Animation

confetti-fall-animation

Confetti fall animation plugin for WordPress. Add a delightful falling confetti animation to your website for celebrations and special events.

600 2 CVEs

Developer Profile

Confetti Developer Profile

WP Sunshine

5 plugins · 4K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Confetti

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/confetti/assets/css/admin.css/wp-content/plugins/confetti/assets/images/confetti-logo.svg

Script Paths

/wp-content/plugins/confetti/assets/js/confetti.min.js

Version Parameters

confetti-admin?ver=

HTML / DOM Fingerprints

CSS Classes

wps-confetti-samplewps-headerwps-logowps-header-link--documentationwps-header-link--reviewwps-header-link--feedbackwps-header-link--upgradewps-options-menu+2 more

Data Attributes

data-style

JS Globals

wps_run_confettiWPS_CONFETTI_VERSIONWPS_CONFETTI_PLUGIN_URL

Shortcode Output

[confetti]

FAQ