WP-Safety

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Security & Risk Analysis

wordpress.org/plugins/easy-sticky-sidebar

WordPress Call To Action builder that creates sticky buttons, call now buttons and CTAs to boost clicks, increase sales and generate leads.

2K active installs v2.2.1 PHP 7.4+ WP 5.0+ Updated Apr 14, 2026
call-buttoncall-now-buttoncall-to-actionctasticky-button
95
A · Safe
CVEs total5
Unpatched0
Last CVEMar 3, 2026
Download
Safety Verdict

Is WP CTA – Call Now Button, Sticky Button & Call to Action Builder Safe to Use in 2026?

Generally Safe

Score 95/100

WP CTA – Call Now Button, Sticky Button & Call to Action Builder has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Mar 3, 2026Updated 1mo ago
Risk Assessment

The "easy-sticky-sidebar" plugin version 1.7.4 presents a mixed security posture. While it demonstrates good practices in utilizing prepared statements for SQL queries (66%) and proper output escaping (89%), several concerns warrant attention. The presence of 4 AJAX handlers, even though none are explicitly noted as unprotected in the static analysis, along with 4 flows with unsanitized paths identified during taint analysis, suggests potential avenues for attackers. The two high-severity taint flows are particularly concerning and require immediate investigation.

The plugin's vulnerability history is a significant red flag. With 5 known CVEs, including one that remains unpatched, and a consistent pattern of medium-severity vulnerabilities such as Missing Authorization and CSRF, this indicates a recurring struggle with robust security implementation. The fact that the last vulnerability was recently discovered (2026-03-03) and is still unpatched is a critical issue that elevates the risk considerably. While the plugin has strengths in its handling of SQL and output, the historical pattern and the current unpatched vulnerability cannot be overlooked.

In conclusion, the "easy-sticky-sidebar" plugin exhibits some positive security hygiene but is marred by a history of exploitable vulnerabilities and a currently unpatched security flaw. The taint analysis also reveals potential weaknesses. Users should exercise extreme caution, and the developers need to prioritize addressing the outstanding CVE and improving their code's resilience against authorization and CSRF attacks.

Key Concerns

  • Unpatched CVE found
  • High severity taint flows detected
  • Flows with unsanitized paths detected
  • Multiple medium severity CVEs historically
  • Bundled library (Select2) not version checked
Vulnerabilities
5 published

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2026-22459medium · 5.3Missing Authorization

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales <= 2.1.2 - Missing Authorization

Mar 3, 2026 Patched in 2.1.3 (44d)
CVE-2025-8152medium · 5.3Missing Authorization

WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

Aug 1, 2025 Patched in 1.7.1 (1d)
CVE-2025-53270medium · 4.3Cross-Site Request Forgery (CSRF)

WordPress CTA <= 1.7.0 - Cross-Site Request Forgery

Jun 27, 2025 Patched in 1.7.1 (36d)
CVE-2023-46644medium · 6.5Missing Authorization

WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions

Oct 25, 2023 Patched in 1.5.9 (157d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-easy-sticky-sidebarmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.5.9 (699d)
Version History

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Release Timeline

v2.2.1Current
v2.2.0
v2.1.3
v2.1.21 CVE
CVE-2026-22459
v2.1.11 CVE
CVE-2026-22459
v2.1.01 CVE
CVE-2026-22459
v2.0.11 CVE
CVE-2026-22459
v2.0.01 CVE
CVE-2026-22459
v1.7.41 CVE
CVE-2026-22459
v1.6.53 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.6.43 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.6.33 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.6.23 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.6.13 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.6.03 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.5.93 CVEs
CVE-2025-53270 CVE-2026-22459 CVE-2025-8152
v1.5.85 CVEs
CVE-2025-53270 CVE-2026-22459 WF-84003388-c47c-41db-8d2d-4643aa375a89-easy-sticky-sidebar +2 more
v1.5.75 CVEs
CVE-2025-53270 CVE-2026-22459 WF-84003388-c47c-41db-8d2d-4643aa375a89-easy-sticky-sidebar +2 more
v1.5.65 CVEs
CVE-2025-53270 CVE-2026-22459 WF-84003388-c47c-41db-8d2d-4643aa375a89-easy-sticky-sidebar +2 more
v1.5.55 CVEs
CVE-2025-53270 CVE-2026-22459 WF-84003388-c47c-41db-8d2d-4643aa375a89-easy-sticky-sidebar +2 more
Code Analysis
Analyzed Mar 16, 2026

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
24
46 prepared
Unescaped Output
86
670 escaped
Nonce Checks
20
Capability Checks
12
File Operations
24
External Requests
6
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

66% prepared70 total queries

Output Escaping

89% escaped756 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
output (inc\import-export.php:135)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_update_cta_statusinc\ClassActions.php:21
authwp_ajax_change_sticky_sidebar_nameinc\ClassActions.php:22
authwp_ajax_update_cta_statustrunk\inc\ClassActions.php:21
authwp_ajax_change_sticky_sidebar_nametrunk\inc\ClassActions.php:22
WordPress Hooks 160
actionswitch_themeappsero\src\Insights.php:116
actionswitch_themeappsero\src\Insights.php:117
actionadmin_footerappsero\src\Insights.php:129
actionadmin_noticesappsero\src\Insights.php:147
actionadmin_initappsero\src\Insights.php:150
filtercron_schedulesappsero\src\Insights.php:156
actionadmin_menuappsero\src\License.php:176
actionafter_switch_themeappsero\src\License.php:669
actionswitch_themeappsero\src\License.php:670
filterplugins_apiappsero\src\Updater.php:50
filterpre_set_site_transient_update_themesappsero\src\Updater.php:59
actioneasy_sticky_sidebar_after_saveinc\ClassActions.php:26
filterwp_kses_allowed_htmlinc\ClassActions.php:141
actionadmin_menuinc\ClassAdminOptions.php:20
actionadmin_footerinc\ClassAdminOptions.php:23
actionadmin_footerinc\ClassAdminOptions.php:24
actioninitinc\ClassAdminOptions.php:26
actioneasy_sticky_sidebar_after_saveinc\ClassGenerateStyle.php:15
actionadmin_footerinc\ClassIconsLibrary.php:23
actionwpinc\ClassQuery.php:32
actionwp_enqueue_scriptsinc\ClassQuery.php:33
actioninitinc\ClassStickySidebar.php:83
actionadmin_noticesinc\ClassStickySidebar.php:87
actionwp_enqueue_scriptsinc\ClassStickySidebar.php:135
actionadmin_enqueue_scriptsinc\ClassStickySidebar.php:138
actionwp_footerinc\ClassStickySidebar.php:139
filterplugin_row_metainc\ClassStickySidebar.php:144
actioneasy_sticky_sidebar_content_imageinc\ContentTab.php:11
actioneasy_sticky_sidebar_content_buttoninc\ContentTab.php:12
actioneasy_sticky_sidebar_content_textinc\ContentTab.php:13
actioneasy_sticky_sidebar_content_link_optionsinc\ContentTab.php:15
actioneasy_sticky_sidebar_content_link_optionsinc\ContentTab.php:16
actioneasy_sticky_sidebar_content_tab_optionsinc\FloatingButtons.php:61
actioneasy_sticky_sidebar_styling_optionsinc\FloatingButtons.php:62
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:64
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:65
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:66
actioneasy_sticky_sidebar_global_stylesinc\FloatingButtons.php:67
actioneasy_sticky_sidebar_floating_buttons_styleinc\FloatingButtons.php:68
actioneasy_sticky_sidebar_generate_cssinc\FloatingButtons.php:70
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:573
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:587
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:601
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:615
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:629
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:652
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:684
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:707
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:731
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:754
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:851
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:888
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:910
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:927
actioneasy_sticky_sidebar_content_tab_optionsinc\helpers.php:942
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:968
actioneasy_sticky_sidebar_styling_optionsinc\helpers.php:984
actioneasy_sticky_sidebar_settingsinc\helpers.php:1004
filterwordpress_cta_free/pro_fieldsinc\ProFields.php:10
actioneasy_sticky_sidebar_cta_positioninc\sticky-form-fields.php:88
actioneasy_sticky_sidebar_form_cta_locationinc\sticky-form-fields.php:90
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:126
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:139
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:156
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:176
actioneasy_sticky_sidebar_button_optionsinc\sticky-form-fields.php:197
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:210
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:223
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:237
actioneasy_sticky_sidebar_content_optioninc\sticky-form-fields.php:248
actioneasy_sticky_sidebar_line_separatorinc\sticky-form-fields.php:250
actioneasy_sticky_sidebar_line_separatorinc\sticky-form-fields.php:263
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:284
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:297
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:310
actioneasy_sticky_sidebar_call_to_actioninc\sticky-form-fields.php:323
actioneasy_sticky_sidebar_design_templateinc\sticky-form-fields.php:351
actioneasy_sticky_sidebar_page_load_optionsinc\sticky-form-fields.php:369
filterset-screen-optioninc\sticky-sidebar-list.php:15
actioneasy_sticky_sidebar_sticky_cta_buttoninc\template-filters.php:14
actionswitch_themetrunk\appsero\src\Insights.php:116
actionswitch_themetrunk\appsero\src\Insights.php:117
actionadmin_footertrunk\appsero\src\Insights.php:129
actionadmin_noticestrunk\appsero\src\Insights.php:147
actionadmin_inittrunk\appsero\src\Insights.php:150
filtercron_schedulestrunk\appsero\src\Insights.php:156
actionadmin_menutrunk\appsero\src\License.php:176
actionafter_switch_themetrunk\appsero\src\License.php:669
actionswitch_themetrunk\appsero\src\License.php:670
filterplugins_apitrunk\appsero\src\Updater.php:50
filterpre_set_site_transient_update_themestrunk\appsero\src\Updater.php:59
actioneasy_sticky_sidebar_after_savetrunk\inc\ClassActions.php:26
filterwp_kses_allowed_htmltrunk\inc\ClassActions.php:141
actionadmin_menutrunk\inc\ClassAdminOptions.php:20
actionadmin_footertrunk\inc\ClassAdminOptions.php:23
actionadmin_footertrunk\inc\ClassAdminOptions.php:24
actioninittrunk\inc\ClassAdminOptions.php:26
actioneasy_sticky_sidebar_after_savetrunk\inc\ClassGenerateStyle.php:15
actionadmin_footertrunk\inc\ClassIconsLibrary.php:23
actionwptrunk\inc\ClassQuery.php:32
actionwp_enqueue_scriptstrunk\inc\ClassQuery.php:33
actioninittrunk\inc\ClassStickySidebar.php:83
actionadmin_noticestrunk\inc\ClassStickySidebar.php:87
actionwp_enqueue_scriptstrunk\inc\ClassStickySidebar.php:135
actionadmin_enqueue_scriptstrunk\inc\ClassStickySidebar.php:138
actionwp_footertrunk\inc\ClassStickySidebar.php:139
filterplugin_row_metatrunk\inc\ClassStickySidebar.php:144
actioneasy_sticky_sidebar_content_imagetrunk\inc\ContentTab.php:11
actioneasy_sticky_sidebar_content_buttontrunk\inc\ContentTab.php:12
actioneasy_sticky_sidebar_content_texttrunk\inc\ContentTab.php:13
actioneasy_sticky_sidebar_content_link_optionstrunk\inc\ContentTab.php:15
actioneasy_sticky_sidebar_content_link_optionstrunk\inc\ContentTab.php:16
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\FloatingButtons.php:61
actioneasy_sticky_sidebar_styling_optionstrunk\inc\FloatingButtons.php:62
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:64
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:65
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:66
actioneasy_sticky_sidebar_global_stylestrunk\inc\FloatingButtons.php:67
actioneasy_sticky_sidebar_floating_buttons_styletrunk\inc\FloatingButtons.php:68
actioneasy_sticky_sidebar_generate_csstrunk\inc\FloatingButtons.php:70
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:573
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:587
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:601
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:615
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:629
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:652
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:684
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:707
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:731
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:754
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:851
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:888
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:910
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:927
actioneasy_sticky_sidebar_content_tab_optionstrunk\inc\helpers.php:942
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:968
actioneasy_sticky_sidebar_styling_optionstrunk\inc\helpers.php:984
actioneasy_sticky_sidebar_settingstrunk\inc\helpers.php:1004
filterwordpress_cta_free/pro_fieldstrunk\inc\ProFields.php:10
actioneasy_sticky_sidebar_cta_positiontrunk\inc\sticky-form-fields.php:88
actioneasy_sticky_sidebar_form_cta_locationtrunk\inc\sticky-form-fields.php:90
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:126
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:139
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:156
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:176
actioneasy_sticky_sidebar_button_optionstrunk\inc\sticky-form-fields.php:197
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:210
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:223
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:237
actioneasy_sticky_sidebar_content_optiontrunk\inc\sticky-form-fields.php:248
actioneasy_sticky_sidebar_line_separatortrunk\inc\sticky-form-fields.php:250
actioneasy_sticky_sidebar_line_separatortrunk\inc\sticky-form-fields.php:263
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:284
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:297
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:310
actioneasy_sticky_sidebar_call_to_actiontrunk\inc\sticky-form-fields.php:323
actioneasy_sticky_sidebar_design_templatetrunk\inc\sticky-form-fields.php:351
actioneasy_sticky_sidebar_page_load_optionstrunk\inc\sticky-form-fields.php:369
filterset-screen-optiontrunk\inc\sticky-sidebar-list.php:15
actioneasy_sticky_sidebar_sticky_cta_buttontrunk\inc\template-filters.php:14
Maintenance & Trust

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 14, 2026
PHP min version7.4
Downloads86K

Community Trust

Rating88/100
Number of ratings7
Active installs2K
Alternatives

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Alternatives

Floating Click to Contact Buttons

Floating Click to Contact Buttons

floating-click-to-contact-buttons

A
85

Tạo các nút gọi, nút chat Zalo, nút Chat messenger, nút để lại thông tin để tư vấn, nút chỉ đường. Trình bày các nút đẹp mắt ở góc phải dưới màn hình, &hellip;

2K No CVEs
Call Now Button – The #1 Click to Call Button for WordPress

Call Now Button – The #1 Click to Call Button for WordPress

call-now-button

A
96

The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.

200K 5 CVEs
WP Call Button – Easy Click to Call Button for WordPress

WP Call Button – Easy Click to Call Button for WordPress

wp-call-button

A
100

The best WordPress call now button plugin. We help you add a clickable phone link (quick call button), so people can easily call your business phone.

40K No CVEs
Mobile Contact Bar

Mobile Contact Bar

mobile-contact-bar

A
99

Allow your visitors to contact you via mobile phones, or access your site's pages instantly.

10K 1 CVE
Really Simple Click To Call Bar

Really Simple Click To Call Bar

really-simple-click-to-call

A
85

A simple plugin that adds a click to call bar/call now button for mobile visitors.

8K No CVEs
Developer Profile

WP CTA – Call Now Button, Sticky Button & Call to Action Builder Developer Profile

Blend Media

5 plugins · 3K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
187 days
View full developer profile
Detection Fingerprints

How We Detect WP CTA – Call Now Button, Sticky Button & Call to Action Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-sticky-sidebar/inc/sticky-cta-data.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassStickySidebarCore.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassQuery.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassActions.php/wp-content/plugins/easy-sticky-sidebar/inc/sticky-form-fields.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassAdminOptions.php/wp-content/plugins/easy-sticky-sidebar/inc/DesignTemplates.php/wp-content/plugins/easy-sticky-sidebar/inc/ClassIconsLibrary.php+7 more
Version Parameters
easy-sticky-sidebar/style.css?ver=easy-sticky-sidebar/js/sticky-sidebar.js?ver=easy-sticky-sidebar/css/animate.css?ver=

HTML / DOM Fingerprints

CSS Classes
sticky-cta-wrappersticky-cta-contentsticky-cta-buttonsticky-cta-closeeasy-sticky-sidebar-pro-notice
HTML Comments
<!-- Easy Sticky CTA Pro --><!-- WP CTA - Sticky CTA Builder -->
Data Attributes
data-sticky-cta-iddata-sticky-cta-locationdata-sticky-cta-type
JS Globals
SSuprydpStickySidebarSSuprydp_shortcodesCTA_Query
Shortcode Output
[easy_sticky_cta][easy_sticky_cta_banner][easy_sticky_cta_popup]
FAQ

Frequently Asked Questions about WP CTA – Call Now Button, Sticky Button & Call to Action Builder