Floating CTA (Free Edition) Security & Risk Analysis
wordpress.org/plugins/floating-ctaA simple and effective plugin for adding a floating CTA button to posts and pages. Customize the button text, link, color, and position with ease.
Is Floating CTA (Free Edition) Safe to Use in 2026?
Generally Safe
Score 100/100Floating CTA (Free Edition) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "floating-cta" plugin v1.0.7 exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent practices regarding SQL queries, all of which are prepared, and output escaping, with all outputs being properly escaped. It also includes a nonce check, indicating some awareness of security measures. However, significant concerns arise from the attack surface. The plugin exposes two AJAX handlers, and critically, both of these lack any authentication or authorization checks. This means that any unauthenticated user could potentially trigger these AJAX actions, leading to unintended consequences.
The taint analysis shows no unsanitized paths, which is a positive indicator, and the vulnerability history is clean, with no recorded CVEs. This suggests that, at least to date, the plugin has not been publicly associated with known security flaws. Despite the absence of historical vulnerabilities, the presence of unprotected AJAX endpoints represents a clear and immediate risk that should be addressed to prevent potential exploitation.
Key Concerns
- AJAX handlers without auth checks
- Lack of capability checks
Floating CTA (Free Edition) Security Vulnerabilities
Floating CTA (Free Edition) Release Timeline
Floating CTA (Free Edition) Code Analysis
Output Escaping
Data Flow Analysis
Floating CTA (Free Edition) Attack Surface
AJAX Handlers 2
WordPress Hooks 4
Maintenance & Trust
Floating CTA (Free Edition) Maintenance & Trust
Maintenance Signals
Community Trust
Floating CTA (Free Edition) Alternatives
Floating Button Call To Action
floating-button-call-to-action
Add a customizable floating button call to action to your WordPress site with this plugin. Easily convert visitors to sales, leads, and more.
Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin
experto-cta-widget
A lightweight plugin to create floating CTA bubble widgets with contact forms, custom buttons, and analytics to boost website conversions.
Mobile Contact Bar
mobile-contact-bar
Allow your visitors to contact you via mobile phones, or access your site's pages instantly.
WP CTA – Call Now Button, Sticky Button & Call to Action Builder
easy-sticky-sidebar
WordPress Call To Action builder that creates sticky buttons, call now buttons and CTAs to boost clicks, increase sales and generate leads.
TopBar Call To Action
topbar-call-to-action
Allow user to add upsales or any call to actions with TopBar Call To Action.
Floating CTA (Free Edition) Developer Profile
1 plugin · 0 total installs
How We Detect Floating CTA (Free Edition)
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/floating-cta/css/floating-cta.css/wp-content/plugins/floating-cta/js/floating-cta.js/wp-content/plugins/floating-cta/js/floating-cta.jsfloating-cta/css/floating-cta.css?ver=floating-cta/js/floating-cta.js?ver=HTML / DOM Fingerprints
floating-cta-containercta-sub-textcta-buttonfloating-cta-closename="floact_enable"name="floact_button_text"name="floact_sub_text"name="floact_url"name="floact_position"name="floact_opacity"+3 morefloact_ajaxfloactClickCount