WP-Safety

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Security & Risk Analysis

wordpress.org/plugins/easy-sticky-sidebar

WordPress Call To Action plugin to promote content, increase sales and leads. Easy to use and includes 3 professional, flexible templates.

2K active installs v1.7.4 PHP 7.4+ WP 4.0+ Updated Feb 11, 2026
call-to-actionctalead-generationsticky-ctawoocommerce-sales
72
B · Generally Safe
CVEs total5
Unpatched1
Last CVEMar 3, 2026
Download
Safety Verdict

Is WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Safe to Use in 2026?

Mostly Safe

Score 72/100

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales is generally safe to use. 5 past CVEs were resolved. Keep it updated.

5 known CVEs 1 unpatched Last CVE: Mar 3, 2026Updated 1mo ago
Risk Assessment

The "easy-sticky-sidebar" plugin version 1.7.4 presents a mixed security posture. While it demonstrates good practices in utilizing prepared statements for SQL queries (66%) and proper output escaping (89%), several concerns warrant attention. The presence of 4 AJAX handlers, even though none are explicitly noted as unprotected in the static analysis, along with 4 flows with unsanitized paths identified during taint analysis, suggests potential avenues for attackers. The two high-severity taint flows are particularly concerning and require immediate investigation.

The plugin's vulnerability history is a significant red flag. With 5 known CVEs, including one that remains unpatched, and a consistent pattern of medium-severity vulnerabilities such as Missing Authorization and CSRF, this indicates a recurring struggle with robust security implementation. The fact that the last vulnerability was recently discovered (2026-03-03) and is still unpatched is a critical issue that elevates the risk considerably. While the plugin has strengths in its handling of SQL and output, the historical pattern and the current unpatched vulnerability cannot be overlooked.

In conclusion, the "easy-sticky-sidebar" plugin exhibits some positive security hygiene but is marred by a history of exploitable vulnerabilities and a currently unpatched security flaw. The taint analysis also reveals potential weaknesses. Users should exercise extreme caution, and the developers need to prioritize addressing the outstanding CVE and improving their code's resilience against authorization and CSRF attacks.

Key Concerns

  • Unpatched CVE found
  • High severity taint flows detected
  • Flows with unsanitized paths detected
  • Multiple medium severity CVEs historically
  • Bundled library (Select2) not version checked
Vulnerabilities
5

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
2 CVEs in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2026-22459medium · 5.3Missing Authorization

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales <= 1.7.4 - Missing Authorization

Mar 3, 2026Unpatched
CVE-2025-8152medium · 5.3Missing Authorization

WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

Aug 1, 2025 Patched in 1.7.1 (1d)
CVE-2025-53270medium · 4.3Cross-Site Request Forgery (CSRF)

WordPress CTA <= 1.7.0 - Cross-Site Request Forgery

Jun 27, 2025 Patched in 1.7.1 (36d)
CVE-2023-46644medium · 6.5Missing Authorization

WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions

Oct 25, 2023 Patched in 1.5.9 (157d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-easy-sticky-sidebarmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.5.9 (699d)
Code Analysis
Analyzed Mar 16, 2026

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Code Analysis

Dangerous Functions
0
Raw SQL Queries
24
46 prepared
Unescaped Output
86
670 escaped
Nonce Checks
20
Capability Checks
12
File Operations
24
External Requests
6
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

66% prepared70 total queries

Output Escaping

89% escaped756 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
output (inc\import-export.php:135)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_update_cta_statusinc\ClassActions.php:21
authwp_ajax_change_sticky_sidebar_nameinc\ClassActions.php:22
authwp_ajax_update_cta_statustrunk\inc\ClassActions.php:21
authwp_ajax_change_sticky_sidebar_nametrunk\inc\ClassActions.php:22
WordPress Hooks 160
actionswitch_themeappsero\src\Insights.php:116
actionswitch_themeappsero\src\Insights.php:117
actionadmin_footerappsero\src\Insights.php:129
actionadmin_noticesappsero\src\Insights.php:147
actionadmin_initappsero\src\Insights.php:150
filtercron_schedulesappsero\src\Insights.php:156
actionadmin_menuappsero\src\License.php:176
actionafter_switch_themeappsero\src\License.php:669
actionswitch_themeappsero\src\License.php:670
filterplugins_apiappsero\src\Updater.php:50
filterpre_set_site_transient_update_themesappsero\src\Updater.php:59
actioneasy_sticky_sidebar_after_saveinc\ClassActions.php:26
filterwp_kses_allowed_htmlinc\ClassActions.php:141
actionadmin_menuinc\ClassAdminOptions.php:20
actionadmin_footerinc\ClassAdminOptions.php:23
actionadmin_footerinc\ClassAdminOptions.php:24
actioninitinc\ClassAdminOptions.php:26
actioneasy_sticky_sidebar_after_saveinc\ClassGenerateStyle.php:15
actionadmin_footerinc\ClassIconsLibrary.php:23
actionwpinc\ClassQuery.php:32
actionwp_enqueue_scriptsinc\ClassQuery.php:33
actioninitinc\ClassStickySidebar.php:83
actionadmin_noticesinc\ClassStickySidebar.php:87
actionwp_enqueue_scriptsinc\ClassStickySidebar.php:135
actionadmin_enqueue_scriptsinc\ClassStickySidebar.php:138
actionwp_footerinc\ClassStickySidebar.php:139
filterplugin_row_metainc\ClassStickySidebar.php:144
actioneasy_sticky_sidebar_content_imageinc\ContentTab.php:11
actioneasy_sticky_sidebar_content_buttoninc\ContentTab.php:12
actioneasy_sticky_sidebar_content_textinc\ContentTab.php:13
actioneasy_sticky_sidebar_content_link_optionsinc\ContentTab.php:15
actioneasy_sticky_sidebar_content_link_optionsinc\ContentTab.php:16
actioneasy_sticky_sidebar_content_tab_optionsinc\FloatingButtons.php:61
actioneasy_sticky_sidebar_styling_optionsinc\FloatingButtons.php:62
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:64
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:65
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:66
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:67
actioneasy_sticky_sidebar_floating_buttons_styleinc\FloatingButtons.php:68
actioneasy_sticky_sidebar_generate_cssinc\FloatingButtons.php:70
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:573
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:587
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:601
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:615
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:629
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:652
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:684
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:707
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:731
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:754
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:851
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:888
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:910
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:927
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:942
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:968
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:984
actioneasy_sticky_sidebar_settingsinc\helpers.php:1004
filterwordpress_cta_free/pro_fieldsinc\ProFields.php:10
actioneasy_sticky_sidebar_cta_positioninc\sticky-form-fields.php:88
actioneasy_sticky_sidebar_form_cta_locationinc\sticky-form-fields.php:90
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:126
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:139
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:156
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:176
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:197
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:210
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:223
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:237
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:248
actioneasy_sticky_sidebar_line_separatorinc\sticky-form-fields.php:250
actioneasy_sticky_sidebar_line_separatorinc\sticky-form-fields.php:263
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:284
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:297
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:310
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:323
actioneasy_sticky_sidebar_design_templateinc\sticky-form-fields.php:351
actioneasy_sticky_sidebar_page_load_optionsinc\sticky-form-fields.php:369
filterset-screen-optioninc\sticky-sidebar-list.php:15
actioneasy_sticky_sidebar_sticky_cta_buttoninc\template-filters.php:14
actionswitch_themetrunk\appsero\src\Insights.php:116
actionswitch_themetrunk\appsero\src\Insights.php:117
actionadmin_footertrunk\appsero\src\Insights.php:129
actionadmin_noticestrunk\appsero\src\Insights.php:147
actionadmin_inittrunk\appsero\src\Insights.php:150
filtercron_schedulestrunk\appsero\src\Insights.php:156
actionadmin_menutrunk\appsero\src\License.php:176
actionafter_switch_themetrunk\appsero\src\License.php:669
actionswitch_themetrunk\appsero\src\License.php:670
filterplugins_apitrunk\appsero\src\Updater.php:50
filterpre_set_site_transient_update_themestrunk\appsero\src\Updater.php:59
actioneasy_sticky_sidebar_after_savetrunk\inc\ClassActions.php:26
filterwp_kses_allowed_htmltrunk\inc\ClassActions.php:141
actionadmin_menutrunk\inc\ClassAdminOptions.php:20
actionadmin_footertrunk\inc\ClassAdminOptions.php:23
actionadmin_footertrunk\inc\ClassAdminOptions.php:24
actioninittrunk\inc\ClassAdminOptions.php:26
actioneasy_sticky_sidebar_after_savetrunk\inc\ClassGenerateStyle.php:15
actionadmin_footertrunk\inc\ClassIconsLibrary.php:23
actionwptrunk\inc\ClassQuery.php:32
actionwp_enqueue_scriptstrunk\inc\ClassQuery.php:33
actioninittrunk\inc\ClassStickySidebar.php:83
actionadmin_noticestrunk\inc\ClassStickySidebar.php:87
actionwp_enqueue_scriptstrunk\inc\ClassStickySidebar.php:135
actionadmin_enqueue_scriptstrunk\inc\ClassStickySidebar.php:138
actionwp_footertrunk\inc\ClassStickySidebar.php:139
filterplugin_row_metatrunk\inc\ClassStickySidebar.php:144
actioneasy_sticky_sidebar_content_imagetrunk\inc\ContentTab.php:11
actioneasy_sticky_sidebar_content_buttontrunk\inc\ContentTab.php:12
actioneasy_sticky_sidebar_content_texttrunk\inc\ContentTab.php:13
actioneasy_sticky_sidebar_content_link_optionstrunk\inc\ContentTab.php:15
actioneasy_sticky_sidebar_content_link_optionstrunk\inc\ContentTab.php:16
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\FloatingButtons.php:61
actioneasy_sticky_sidebar_styling_optionstrunk\inc\FloatingButtons.php:62
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:64
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:65
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:66
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:67
actioneasy_sticky_sidebar_floating_buttons_styletrunk\inc\FloatingButtons.php:68
actioneasy_sticky_sidebar_generate_csstrunk\inc\FloatingButtons.php:70
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:573
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:587
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:601
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:615
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:629
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:652
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:684
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:707
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:731
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:754
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:851
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:888
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:910
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:927
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:942
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:968
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:984
actioneasy_sticky_sidebar_settingstrunk\inc\helpers.php:1004
filterwordpress_cta_free/pro_fieldstrunk\inc\ProFields.php:10
actioneasy_sticky_sidebar_cta_positiontrunk\inc\sticky-form-fields.php:88
actioneasy_sticky_sidebar_form_cta_locationtrunk\inc\sticky-form-fields.php:90
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:126
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:139
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:156
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:176
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:197
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:210
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:223
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:237
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:248
actioneasy_sticky_sidebar_line_separatortrunk\inc\sticky-form-fields.php:250
actioneasy_sticky_sidebar_line_separatortrunk\inc\sticky-form-fields.php:263
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:284
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:297
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:310
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:323
actioneasy_sticky_sidebar_design_templatetrunk\inc\sticky-form-fields.php:351
actioneasy_sticky_sidebar_page_load_optionstrunk\inc\sticky-form-fields.php:369
filterset-screen-optiontrunk\inc\sticky-sidebar-list.php:15
actioneasy_sticky_sidebar_sticky_cta_buttontrunk\inc\template-filters.php:14
Maintenance & Trust

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version7.4
Downloads80K

Community Trust

Rating88/100
Number of ratings7
Active installs2K
Alternatives

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Alternatives

MkWebTech CTA Studio

MkWebTech CTA Studio

mkwebtech-cta-studio

A
100

Create inline, sticky, and popup call-to-action boxes in WordPress to boost engagement and conversions without coding.

0 No CVEs
Mobile Contact Bar

Mobile Contact Bar

mobile-contact-bar

A
99

Allow your visitors to contact you via mobile phones, or access your site's pages instantly.

10K 1 CVE
TopBar Call To Action

TopBar Call To Action

topbar-call-to-action

A
100

Allow user to add upsales or any call to actions with TopBar Call To Action.

2K No CVEs
Call to Action Block by WPPOOL

Call to Action Block by WPPOOL

call-to-action-block-wppool

A
100

Add a stunning call to action (CTA) block to your WordPress post or page using 10+ prebuilt call to action layouts for Gutenberg.

1K No CVEs
CTA Button Styler

CTA Button Styler

cta-button-styler

A
100

Increase engagement with reusable CTA buttons, styled your way with hover effects and optional animations. Clean and efficient.

400 No CVEs
Developer Profile

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales Developer Profile

Blend Media

4 plugins · 3K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
223 days
View full developer profile
Detection Fingerprints

How We Detect WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-sticky-sidebar/inc/sticky-cta-data.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassStickySidebarCore.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassQuery.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassActions.php/wp-content/plugins/easy-sticky-sidebar/inc/sticky-form-fields.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassAdminOptions.php/wp-content/plugins/easy-sticky-sidebar/inc/DesignTemplates.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassIconsLibrary.php+7 more
Version Parameters
easy-sticky-sidebar/style.css?ver=easy-sticky-sidebar/js/sticky-sidebar.js?ver=easy-sticky-sidebar/css/animate.css?ver=

HTML / DOM Fingerprints

CSS Classes
sticky-cta-wrappersticky-cta-contentsticky-cta-buttonsticky-cta-closeeasy-sticky-sidebar-pro-notice
HTML Comments
<!-- Easy Sticky CTA Pro --><!-- WP CTA - Sticky CTA Builder -->
Data Attributes
data-sticky-cta-iddata-sticky-cta-locationdata-sticky-cta-type
JS Globals
SSuprydpStickySidebarSSuprydp_shortcodesCTA_Query
Shortcode Output
[easy_sticky_cta][easy_sticky_cta_banner][easy_sticky_cta_popup]
FAQ

Frequently Asked Questions about WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales