Does Floating Button WP have any unpatched vulnerabilities?

No. All known vulnerabilities in Floating Button WP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Floating Button WP compatible with WordPress 5.1.22?

According to WordPress.org data, Floating Button WP 1.5 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

Is Floating Button WP compatible with PHP 5.6+?

Floating Button WP requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Floating Button WP updated?

Floating Button WP was last updated on Apr 2, 2019. Frequent updates are generally a positive security signal.

What is Floating Button WP's security score?

Floating Button WP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Floating Button WP Security & Risk Analysis

wordpress.org/plugins/floating-button-wp

A floating button that reveals a hidden element when clicked.

60 active installs v1.5 PHP 5.6+ WP 4.6+ Updated Apr 2, 2019

floating-buttonhide-element-buttonstatic-button

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Floating Button WP Safe to Use in 2026?

Generally Safe

Score 85/100

Floating Button WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "floating-button-wp" v1.5 plugin exhibits a strong security posture in several key areas. The static analysis reveals no identifiable attack surface through common entry points like AJAX handlers, REST API routes, or shortcodes. Furthermore, the absence of dangerous functions, external HTTP requests, and file operations, coupled with SQL queries exclusively using prepared statements, suggests a cautious and well-implemented codebase. The vulnerability history is also clean, with no recorded CVEs, which is a significant positive indicator of past security diligence.

However, a critical concern arises from the complete lack of output escaping. With 100% of detected outputs unescaped, the plugin presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by the plugin without proper sanitization could be manipulated by an attacker to inject malicious scripts, impacting users who interact with the affected pages. The absence of nonce and capability checks, while not directly exploitable given the limited attack surface, also indicates potential weaknesses if new entry points were introduced or existing ones were overlooked.

In conclusion, while the plugin's minimal attack surface and adherence to secure coding for database operations are commendable, the pervasive lack of output escaping is a severe and immediate risk that overshadows these strengths. The clean vulnerability history is promising but does not mitigate the present XSS potential. Addressing the unescaped output is paramount to improving the plugin's security.

Key Concerns

100% unescaped output
No nonce checks
No capability checks

Vulnerabilities

None known

Floating Button WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Floating Button WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

Floating Button WP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionwp_enqueue_scriptsfloating-button.php:21

actionwp_headfloating-button.php:59

actionwp_headfloating-button.php:93

actionget_footerincludes\button-template.php:24

actionwidgets_initincludes\content-sidebar.php:3

actioncustomize_registerincludes\customizer.php:92

Maintenance & Trust

Floating Button WP Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedApr 2, 2019

PHP min version5.6

Downloads5K

Community Trust

Rating100/100

Number of ratings2

Active installs60

Alternatives

Floating Button WP Alternatives

Joinchat

creame-whatsapp-me

100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs

Side Menu Lite – Sticky Floating Side Menu

side-menu-lite

Create a sticky vertical sidebar menu that enhances navigation and highlights important links on your website.

7K 5 CVEs

Button Generator – Easily Create Custom Buttons with Icons and Analytics

button-generation

Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.

5K 8 CVEs

Floating Button – Easily Create Sticky, Fixed & Floating Buttons

floating-button

100

Floating Buttons let you easily create sticky, fixed, and floating action buttons

5K 1 CVE

Bubble Menu – Floating Button Menu with Sticky Navigation

bubble-menu

Create interactive floating bubble menus to enhance site navigation and boost user engagement effortlessly.

1K 3 CVEs

Developer Profile

Floating Button WP Developer Profile

Adnan Usman

2 plugins · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Floating Button WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/floating-button-wp/css/style.css

Version Parameters

floating-button-wp/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

flbtn-containerfloating-buttoncontent-sidebar

FAQ