WP-Safety

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Security & Risk Analysis

wordpress.org/plugins/floating-button

Floating Buttons let you easily create sticky, fixed, and floating action buttons

4K active installs v7.0.2 PHP 7.4+ WP 5.5+ Updated Mar 16, 2026
buttonscall-buttoncontact-buttonfloating-buttonnav-menu
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 28, 2023
Plugin page Download
Safety Verdict

Is Floating Button – Easily Create Sticky, Fixed & Floating Buttons Safe to Use in 2026?

Generally Safe

Score 100/100

Floating Button – Easily Create Sticky, Fixed & Floating Buttons has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 28, 2023Updated 2mo ago
Risk Assessment

The "floating-button" plugin v7.0.2 exhibits a generally good security posture, with robust practices in place such as extensive use of prepared statements for SQL queries and proper output escaping. The presence of nonce and capability checks on its single AJAX entry point is also commendable, indicating an awareness of common web vulnerabilities. However, the taint analysis reveals a significant concern: 7 out of 8 analyzed flows contain unsanitized paths, with 2 identified as high severity. This suggests potential vulnerabilities where user-controlled input might be used in sensitive operations without adequate sanitization, possibly leading to path traversal or other file manipulation issues.

The plugin's vulnerability history, while showing no currently unpatched CVEs, does list one medium severity Cross-Site Request Forgery (CSRF) vulnerability discovered relatively recently. This indicates that while developers are addressing known issues, the historical presence of CSRF, combined with the high severity taint flows, suggests a need for heightened vigilance regarding input validation and sanitization to prevent potential exploitation. Overall, the plugin is well-maintained in terms of patching and employs good security practices, but the taint analysis highlights critical areas requiring immediate attention to mitigate potential security risks.

Key Concerns

  • High severity taint flows found
  • Unsanitized paths in taint flows
  • Medium severity CVE in history
Vulnerabilities
1 published

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-52149medium · 4.3Cross-Site Request Forgery (CSRF)

Floating Button <= 6.0 - Cross-Site Request Forgery via process_bulk_action

Dec 28, 2023 Patched in 6.0.1 (26d)
Version History

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Release Timeline

v7.0.2Current
v7.0.1
v7.0
v6.1
v6.0.13
v6.0.12
v6.0.11
v6.0.10
v6.0.9
v6.0.8
v6.0.7
v6.0.6
v6.0.5
v6.0.4
v6.0.3
v6.0.2
v6.0.1
v6.01 CVE
CVE-2023-52149
v5.3.11 CVE
CVE-2023-52149
v5.31 CVE
CVE-2023-52149
Code Analysis
Analyzed Mar 16, 2026

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
21 prepared
Unescaped Output
8
379 escaped
Nonce Checks
5
Capability Checks
4
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

81% prepared26 total queries

Output Escaping

98% escaped387 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths
menu (classes\Admin\Dashboard.php:161)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wowp_likespublic\class-wowp-public.php:38
WordPress Hooks 11
actionadmin_initclasses\Admin\AdminActions.php:25
actionadmin_noticesclasses\Admin\AdminNotices.php:26
filterplugin_action_linksclasses\Admin\Dashboard.php:21
filteradmin_footer_textclasses\Admin\Dashboard.php:22
actionadmin_enqueue_scriptsclasses\Admin\Dashboard.php:23
actionadmin_menuclasses\Admin\Dashboard.php:24
actionplugins_loadedfloating-button.php:72
actionadmin_menuincludes\class-wow-company.php:20
actionadmin_enqueue_scriptsincludes\class-wow-company.php:21
actionwp_enqueue_scriptspublic\class-wowp-public.php:39
actionwp_footerpublic\class-wowp-public.php:40
Maintenance & Trust

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 16, 2026
PHP min version7.4
Downloads130K

Community Trust

Rating60/100
Number of ratings15
Active installs4K
Alternatives

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Alternatives

Button Generator – Easily Create Custom Buttons with Icons and Analytics

Button Generator – Easily Create Custom Buttons with Icons and Analytics

button-generation

A
96

Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.

5K 8 CVEs
Sticky Action Buttons – Call, Chat, Navigate and more

Sticky Action Buttons – Call, Chat, Navigate and more

sticky-action-buttons-call-chat-navigate-and-more

A
85

The ultimate flexible and lightweight responsive sticky floating contact buttons. over 100 different design options.

200 No CVEs
Floating Contact Buttons

Floating Contact Buttons

degx-floating-buttons

A
100

Add customizable WhatsApp and Phone floating buttons to your WordPress website.

60 No CVEs
Nút Bấm Liên Hệ Dibrother

Nút Bấm Liên Hệ Dibrother

dibrother-floating-buttons

A
100

Thêm các nút liên hệ (Gọi, Zalo, Messenger) cố định vào website WordPress. Kết nối tức thì với khách hàng.

800 No CVEs
Mobile Contact Buttons

Mobile Contact Buttons

mobile-contact-buttons

A
85

Adds Call, Email and SMS buttons on bottom of website. Only for Mobile View of website.

300 No CVEs
Developer Profile

Floating Button – Easily Create Sticky, Fixed & Floating Buttons Developer Profile

Wow-Company

26 plugins · 98K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect Floating Button – Easily Create Sticky, Fixed & Floating Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/floating-button/admin/css/dashboard.css/wp-content/plugins/floating-button/admin/css/style.css/wp-content/plugins/floating-button/assets/css/floating-button.css/wp-content/plugins/floating-button/assets/js/floating-button.js/wp-content/plugins/floating-button/assets/js/sticky.js/wp-content/plugins/floating-button/assets/js/vue.js/wp-content/plugins/floating-button/assets/js/wow-icon.js
Script Paths
/wp-content/plugins/floating-button/assets/js/floating-button.js/wp-content/plugins/floating-button/assets/js/sticky.js/wp-content/plugins/floating-button/assets/js/vue.js/wp-content/plugins/floating-button/assets/js/wow-icon.js
Version Parameters
floating-button/style.css?ver=floating-button/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wowp-link-changewowp-link-ratingwowp-link-prowowp-link-docswowp-link-demowpie-linkswpie-links-divider
Data Attributes
data-wowp-slugdata-wowp-prefix
JS Globals
floatingButtonWOWP_Plugin_Data
REST Endpoints
/wp-json/floating-button/v1/settings
Shortcode Output
[Floating-Button]
FAQ

Frequently Asked Questions about Floating Button – Easily Create Sticky, Fixed & Floating Buttons