WP-Safety

Floating Action Buttons Security & Risk Analysis

wordpress.org/plugins/floating-action-buttons

Floating Buttons and Action Bar on your WordPress website! Floating action buttons to increase user conversions!

10 active installs v1.0.1 PHP 5.6.0+ WP 4.6+ Updated Jul 4, 2025
action-buttonsconversion-buttonsfloating-buttons
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is Floating Action Buttons Safe to Use in 2026?

Generally Safe

Score 99/100

Floating Action Buttons has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 30, 2024Updated 9mo ago
Risk Assessment

The "floating-action-buttons" v1.0.1 plugin demonstrates a generally good security posture, with a strong emphasis on prepared statements for SQL queries and a high percentage of properly escaped output. The static analysis reveals no dangerous functions, file operations, or external HTTP requests, which are positive indicators. The presence of a bundled library (Select2) is noted, but its security implications are not detailed in the provided data. The taint analysis shows a limited number of flows, with one flow having an unsanitized path, though it's not flagged as critical or high severity.

A primary concern arises from the vulnerability history, which indicates one known medium-severity CVE related to missing authorization. While this CVE is reported as currently unpatched, the data also states it is "currently unpatched: 0". This contradiction needs clarification. The historical trend of missing authorization vulnerabilities suggests a recurring oversight in how user permissions are handled, even though the current analysis shows a high number of entry points with authentication checks. The limited number of nonce checks (4) in relation to the 8 AJAX handlers could also be a potential area for improvement, although no specific vulnerabilities were identified from this during the static analysis.

In conclusion, the plugin has several strengths, particularly in its handling of SQL and output escaping. However, the past vulnerability concerning missing authorization and the potential for insufficient nonce checks on AJAX endpoints warrant careful consideration. The contradiction in the CVE patching status requires immediate attention to ensure user data and site integrity are fully protected.

Key Concerns

  • One medium severity CVE (potentially unpatched)
  • One flow with unsanitized paths (taint analysis)
  • Potential for insufficient nonce checks on AJAX
Vulnerabilities
1

Floating Action Buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-56238medium · 5.3Missing Authorization

Floating Action Buttons <= 0.9.1 - Missing Authorization

Dec 30, 2024 Patched in 1.0.1 (10d)
Code Analysis
Analyzed Mar 17, 2026

Floating Action Buttons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
252 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

95% escaped265 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
floating_action_buttons_save_options (floating-action-button-main.php:1279)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Floating Action Buttons Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 8

authwp_ajax_qc_fab_delete_all_options_for_uninstallfloating-action-button-main.php:1826
noprivwp_ajax_qc_fab_delete_all_options_for_uninstallfloating-action-button-main.php:1827
authwp_ajax_pin_ball_modeqc-fab-functions.php:239
noprivwp_ajax_pin_ball_modeqc-fab-functions.php:240
authwp_ajax_get_floating_action_button_ajax_search_resultsqc-fab-functions.php:321
noprivwp_ajax_get_floating_action_button_ajax_search_resultsqc-fab-functions.php:322
authwp_ajax_pin_ball_supportqc-fab-functions.php:376
noprivwp_ajax_pin_ball_supportqc-fab-functions.php:377

Shortcodes 1

[qc_floating_action_button] qc-fab-functions.php:290
WordPress Hooks 8
actioninitfloating-action-button-main.php:36
actionadmin_menufloating-action-button-main.php:79
actionwidgets_initfloating-action-button-main.php:81
actionadmin_initfloating-action-button-main.php:85
actionadmin_enqueue_scriptsfloating-action-button-main.php:88
actionwp_enqueue_scriptsfloating-action-button-main.php:92
actionplugins_loadedfloating-action-button-main.php:1671
actionwp_footerqc-fab-functions.php:2
Maintenance & Trust

Floating Action Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 4, 2025
PHP min version5.6.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Floating Action Buttons Alternatives

Floating Buttons for WooCommerce

Floating Buttons for WooCommerce

shop-assistant-for-woocommerce-jarvis

A
99

Floating Buttons and Action Bar on your WooCommerce website with floating Cart. Floating action buttons to increase store sales!

10 1 CVE
Book Now

Book Now

book-now

A
85

This plugin, Book Now adds a fixed call to action button to your site, with text and link to anywhere you want.

1K No CVEs
Bubble Menu – Floating Button Menu with Sticky Navigation

Bubble Menu – Floating Button Menu with Sticky Navigation

bubble-menu

A
98

Create interactive floating bubble menus to enhance site navigation and boost user engagement effortlessly.

1K 3 CVEs
ShareThis Reaction Buttons

ShareThis Reaction Buttons

sharethis-reaction-buttons

A
100

Integrate ShareThis Reaction Buttons seamlessly into your WordPress site.

700 No CVEs
Nút Bấm Liên Hệ Dibrother

Nút Bấm Liên Hệ Dibrother

dibrother-floating-buttons

A
100

Thêm các nút liên hệ (Gọi, Zalo, Messenger) cố định vào website WordPress. Kết nối tức thì với khách hàng.

600 No CVEs
Developer Profile

Floating Action Buttons Developer Profile

QuantumCloud

29 plugins · 26K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect Floating Action Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/floating-action-buttons/css/admin-style.css/wp-content/plugins/floating-action-buttons/css/font-awesome.min.css/wp-content/plugins/floating-action-buttons/css/font-awesome-animation.min.css/wp-content/plugins/floating-action-buttons/css/sweetalert2.min.css/wp-content/plugins/floating-action-buttons/css/select2.min.css/wp-content/plugins/floating-action-buttons/css/qc-fab-tabs.css/wp-content/plugins/floating-action-buttons/js/cbpFWTabs.js/wp-content/plugins/floating-action-buttons/js/sweetalert2.min.js+8 more
Version Parameters
floating-action-buttons/css/admin-style.css?ver=floating-action-buttons/css/font-awesome.min.css?ver=floating-action-buttons/css/font-awesome-animation.min.css?ver=floating-action-buttons/css/sweetalert2.min.css?ver=floating-action-buttons/css/select2.min.css?ver=floating-action-buttons/css/qc-fab-tabs.css?ver=floating-action-buttons/js/cbpFWTabs.js?ver=floating-action-buttons/js/sweetalert2.min.js?ver=floating-action-buttons/js/modernizr.custom.js?ver=floating-action-buttons/js/jquery.grideditor.js?ver=floating-action-buttons/js/select2.full.min.js?ver=floating-action-buttons/js/bootstrap.js?ver=floating-action-buttons/css/qc-layout.css?ver=floating-action-buttons/css/bootstrap.min.css?ver=floating-action-buttons/js/jquery.repeatable.js?ver=floating-action-buttons/js/qc-fab-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
qc-fab-tab-menuqc-fab-tab-contentqc-fab-contentqc-fab-iconsqc-fab-tabsqc-fab-modalqc-fab-backgroundqc-fab-menu+1 more
Data Attributes
data-tab-id
JS Globals
ajax_object
FAQ

Frequently Asked Questions about Floating Action Buttons