Falling Things Security & Risk Analysis
wordpress.org/plugins/falling-thingsFalling leafs, snowflakes, flowers or wathever you want :)
Is Falling Things Safe to Use in 2026?
Generally Safe
Score 99/100Falling Things has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "falling-things" v1.09 plugin exhibits a generally strong security posture based on the static analysis. The code demonstrates excellent practices by utilizing prepared statements for all SQL queries and properly escaping all output, indicating a good understanding of common web vulnerabilities. The absence of file operations, external HTTP requests, and dangerous functions further solidifies this positive outlook. Crucially, the plugin has a well-implemented defense against unauthorized actions with two nonce checks and one capability check on its single AJAX handler, meaning its attack surface is effectively protected.
Despite these strengths, a past medium severity SQL injection vulnerability (CVE) stands out. While there are no currently unpatched vulnerabilities, the existence of a previous SQL injection suggests a potential area of weakness that, although remediated, warrants careful monitoring. The taint analysis found no unsanitized paths, which is excellent, but the historical vulnerability still represents a latent risk. In conclusion, "falling-things" v1.09 is built with many good security practices, but the historical CVE implies that developers should remain vigilant regarding input validation, especially concerning SQL operations.
Key Concerns
- Past medium SQL injection vulnerability
Falling Things Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Falling things <= 1.08 - Authenticated (Editor+) SQL Injection
Falling Things Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Falling Things Attack Surface
AJAX Handlers 1
WordPress Hooks 4
Maintenance & Trust
Falling Things Maintenance & Trust
Maintenance Signals
Community Trust
Falling Things Alternatives
DB Falling Snowflakes
db-falling-snowflakes
Snow falling animation. Personal customization of snowflakes and their movement. The script runs only during the period of time you want.
Snow Storm
snow-storm
Display falling snow flakes on the front of your WordPress website for a festive presentation.
Christmas Snow 3D – Snowfalling, Snowflake Effect and Christmas mood
christmas-snow-3d
The plugin adds Christmas mood and falling snowflakes with unique and smooth experience and realistic animation.
Rs Christmas Trees
rs-christmas-trees
Add nice looking animation effect of falling snow and header and footer trees banner to your Wordpress site and enjoy winter with RS Christmas.
DevVN Snow
devvn-snow
Christmas decorations for your website such as snowfall, Christmas bell scene, Christmas tree...
Falling Things Developer Profile
18 plugins · 27K total installs
How We Detect Falling Things
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/falling-things/css/admin.css/wp-content/plugins/falling-things/js/front.js/wp-content/plugins/falling-things/css/front.css/wp-content/plugins/falling-things/js/front.jsfalling-things/css/admin.css?ver=falling-things/js/front.js?ver=falling-things/css/front.css?ver=HTML / DOM Fingerprints
settings_ft