Does Falling Things have any unpatched vulnerabilities?

No. All known vulnerabilities in Falling Things have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Falling Things compatible with WordPress 6.9.4?

According to WordPress.org data, Falling Things 1.09 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Falling Things compatible with PHP 5.6+?

Falling Things requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Falling Things updated?

Falling Things was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Falling Things's security score?

Falling Things has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Falling Things Security & Risk Analysis

wordpress.org/plugins/falling-things

Falling leafs, snowflakes, flowers or wathever you want :)

300 active installs v1.09 PHP 5.6+ WP 3.5+ Updated Dec 2, 2025

fallingflowerleafsnowthings

A · Safe

CVEs total1

Unpatched0

Last CVEApr 4, 2025

Download

Safety Verdict

Is Falling Things Safe to Use in 2026?

Generally Safe

Score 99/100

Falling Things has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 4, 2025Updated 4mo ago

Risk Assessment

The "falling-things" v1.09 plugin exhibits a generally strong security posture based on the static analysis. The code demonstrates excellent practices by utilizing prepared statements for all SQL queries and properly escaping all output, indicating a good understanding of common web vulnerabilities. The absence of file operations, external HTTP requests, and dangerous functions further solidifies this positive outlook. Crucially, the plugin has a well-implemented defense against unauthorized actions with two nonce checks and one capability check on its single AJAX handler, meaning its attack surface is effectively protected.

Despite these strengths, a past medium severity SQL injection vulnerability (CVE) stands out. While there are no currently unpatched vulnerabilities, the existence of a previous SQL injection suggests a potential area of weakness that, although remediated, warrants careful monitoring. The taint analysis found no unsanitized paths, which is excellent, but the historical vulnerability still represents a latent risk. In conclusion, "falling-things" v1.09 is built with many good security practices, but the historical CVE implies that developers should remain vigilant regarding input validation, especially concerning SQL operations.

Key Concerns

Past medium SQL injection vulnerability

Vulnerabilities

Falling Things Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32203medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Falling things <= 1.08 - Authenticated (Editor+) SQL Injection

Apr 4, 2025 Patched in 1.09 (7d)

Code Analysis

Analyzed Mar 16, 2026

Falling Things Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared11 total queries

Output Escaping

100% escaped9 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

falling_things_settings (falling_things.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Falling Things Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_falling_image_addfalling_things.php:344

WordPress Hooks 4

actionadmin_menufalling_things.php:142

actionadmin_print_stylesfalling_things.php:152

actionadmin_enqueue_scriptsfalling_things.php:162

actionwp_headfalling_things.php:266

Maintenance & Trust

Falling Things Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version5.6

Downloads18K

Community Trust

Rating80/100

Number of ratings3

Active installs300

Alternatives

Falling Things Alternatives

DB Falling Snowflakes

db-falling-snowflakes

Snow falling animation. Personal customization of snowflakes and their movement. The script runs only during the period of time you want.

700 No CVEs

Snow Storm

snow-storm

Display falling snow flakes on the front of your WordPress website for a festive presentation.

500 2 CVEs

Christmas Snow 3D – Snowfalling, Snowflake Effect and Christmas mood

christmas-snow-3d

The plugin adds Christmas mood and falling snowflakes with unique and smooth experience and realistic animation.

200 No CVEs

DevVN Snow

devvn-snow

100

Christmas decorations for your website such as snowfall, Christmas bell scene, Christmas tree...

100 No CVEs

Rs Christmas Trees

rs-christmas-trees

Add nice looking animation effect of falling snow and header and footer trees banner to your Wordpress site and enjoy winter with RS Christmas.

100 No CVEs

Developer Profile

Falling Things Developer Profile

manu225

17 plugins · 27K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

29 days

View full developer profile

Detection Fingerprints

How We Detect Falling Things

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/falling-things/css/admin.css/wp-content/plugins/falling-things/js/front.js/wp-content/plugins/falling-things/css/front.css

Script Paths

/wp-content/plugins/falling-things/js/front.js

Version Parameters

falling-things/css/admin.css?ver=falling-things/js/front.js?ver=falling-things/css/front.css?ver=

HTML / DOM Fingerprints

JS Globals

settings_ft

FAQ