Does Fixed HTML Toolbar have any unpatched vulnerabilities?

No. All known vulnerabilities in Fixed HTML Toolbar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fixed HTML Toolbar compatible with WordPress 6.7.5?

According to WordPress.org data, Fixed HTML Toolbar 1.0.9 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Fixed HTML Toolbar compatible with PHP 7.3+?

Fixed HTML Toolbar requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Fixed HTML Toolbar updated?

Fixed HTML Toolbar was last updated on Jan 30, 2025. Frequent updates are generally a positive security signal.

What is Fixed HTML Toolbar's security score?

Fixed HTML Toolbar has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fixed HTML Toolbar Security & Risk Analysis

wordpress.org/plugins/fixed-html-toolbar

A fixed HTML toolbar which displayed at the bottom or at the top of your website. You can add up to 5 linked icons or just an HTML code.

60 active installs v1.0.9 PHP 7.3+ WP 5.3+ Updated Jan 30, 2025

fixedstickytoolbarweb357

A · Safe

CVEs total1

Unpatched0

Last CVEApr 15, 2024

Plugin page Download

Safety Verdict

Is Fixed HTML Toolbar Safe to Use in 2026?

Generally Safe

Score 91/100

Fixed HTML Toolbar has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 15, 2024Updated 1yr ago

Risk Assessment

The static analysis of the "fixed-html-toolbar" plugin v1.0.9 reveals a generally positive security posture. The absence of identified attack surface points (AJAX handlers, REST API routes, shortcodes, cron events) without authentication checks is a significant strength. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and performing file operations responsibly. However, a notable concern is the output escaping, where only 72% of outputs are properly escaped, leaving a substantial portion potentially vulnerable to cross-site scripting (XSS) if unsanitized user input is involved.

Taint analysis shows no identified flows with unsanitized paths, which is a positive indicator. The vulnerability history, however, presents a mixed picture. While there are no currently unpatched CVEs, the plugin has had one previous vulnerability categorized as medium severity, specifically an Improper Neutralization of Input During Web Page Generation (XSS) in April 2024. This history, coupled with the observed output escaping issues, suggests a potential recurring weakness that warrants attention.

In conclusion, the "fixed-html-toolbar" plugin exhibits strengths in its limited attack surface and secure data handling for SQL. Nevertheless, the moderate rate of unescaped output and the past XSS vulnerability indicate a need for ongoing vigilance and code review to ensure all output is adequately sanitized, mitigating the risk of XSS attacks. The plugin is not inherently insecure, but the identified output sanitization gap represents a weakness that could be exploited.

Key Concerns

Moderate output escaping percentage
Past medium severity XSS vulnerability

Vulnerabilities

Fixed HTML Toolbar Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-32540medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fixed HTML Toolbar <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 15, 2024 Patched in 1.0.8 (11d)

Code Analysis

Analyzed Mar 16, 2026

Fixed HTML Toolbar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

86 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

72% escaped119 total outputs

Attack Surface

Fixed HTML Toolbar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionplugins_loadedincludes\class-main.php:129

actionadmin_enqueue_scriptsincludes\class-main.php:144

actionadmin_enqueue_scriptsincludes\class-main.php:145

actionadmin_menuincludes\class-main.php:147

actionadmin_initincludes\class-main.php:148

actionwpincludes\class-main.php:173

actionwp_enqueue_scriptsincludes\class-main.php:174

actionwp_enqueue_scriptsincludes\class-main.php:175

actionwp_footerincludes\class-main.php:176

filterthe_content_fixed_html_toolbarpublic\class-public.php:173

filterthe_content_fixed_html_toolbarpublic\class-public.php:174

filterthe_content_fixed_html_toolbarpublic\class-public.php:175

filterthe_content_fixed_html_toolbarpublic\class-public.php:176

filterthe_content_fixed_html_toolbarpublic\class-public.php:177

filterthe_content_fixed_html_toolbarpublic\class-public.php:178

Maintenance & Trust

Fixed HTML Toolbar Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 30, 2025

PHP min version7.3

Downloads3K

Community Trust

Rating100/100

Number of ratings5

Active installs60

Alternatives

Fixed HTML Toolbar Alternatives

Fixed Widget and Sticky Elements for WordPress

q2w3-fixed-widget

More attention and a higher ad performance with fixed sticky widgets.

90K No CVEs

WP Sticky Sidebar – Floating Sidebar On Scroll for Any Theme

mystickysidebar

100

WP Sticky Sidebar plugin will make your menu or header stick to the side of page, after desired number of pixels when scrolled 📌

10K No CVEs

Simple Floating Menu

simple-floating-menu

100

Simple Floating Menu add a simple floating button with various layouts and settings.

10K No CVEs

Ultimate Floating Widgets – Make popup sidebars

ultimate-floating-widgets

Create sticky / fixed / popup bubble and flyout sidebars and add your widgets to it.

3K No CVEs

Catch Sticky Menu

catch-sticky-menu

100

Catch Sticky Menu is a lightweight, simple yet feature-rich free WordPress plugin for sticky menu that allows you to lock the menu on your website.

2K No CVEs

Developer Profile

Fixed HTML Toolbar Developer Profile

Yiannis Christodoulou

4 plugins · 30K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect Fixed HTML Toolbar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fixed-html-toolbar/admin/css/admin.min.css/wp-content/plugins/fixed-html-toolbar/admin/js/admin.min.js

Script Paths

/wp-content/plugins/fixed-html-toolbar/admin/js/admin.min.js

Version Parameters

fixed-html-toolbar/css/admin.min.css?ver=fixed-html-toolbar/js/admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

w357-css-code-textarea-fixed-html-toolbar

HTML Comments

/* ====================================================== 
 # Fixed HTML Toolbar for WordPress - v1.0.9 (free version) 
 # ------------------------------------------------------- 
 # Author: Web357 
 # Copyright © 2014-2025 Web357. All rights reserved. 
 # License: GNU/GPLv3, http://www.gnu.org/licenses/gpl-3.0.html 
 # Website: https://www.web357.com/fixed-html-toolbar-wordpress-plugi 
 # Demo: https://demo-wordpress.web357.com/ 
 # Support: https://www.web357.com/support 
 # Last modified: Thursday 30 January 2025, 08:09:45 PM 
 ========================================================= */

Data Attributes

data-iddata-settings

JS Globals

FixedHtmlToolbar

FAQ