Does FloatyFAQ have any unpatched vulnerabilities?

No. All known vulnerabilities in FloatyFAQ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FloatyFAQ compatible with WordPress 6.9.4?

According to WordPress.org data, FloatyFAQ 2.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is FloatyFAQ compatible with PHP 7.2+?

FloatyFAQ requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FloatyFAQ updated?

FloatyFAQ was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is FloatyFAQ's security score?

FloatyFAQ has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FloatyFAQ Security & Risk Analysis

wordpress.org/plugins/floatyfaq

Interactive FAQ system with floating balloon, categories, search and statistics.

0 active installs v2.0.3 PHP 7.2+ WP 5.0+ Updated Feb 10, 2026

customer-servicefaqhelpknowledge-basesupport

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FloatyFAQ Safe to Use in 2026?

Generally Safe

Score 100/100

FloatyFAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "floatyfaq" plugin v2.0.3 exhibits a mixed security posture. While it shows strengths in output escaping, avoiding dangerous functions and file operations, and has no recorded vulnerability history, significant concerns arise from its attack surface and taint analysis. The presence of 16 AJAX handlers, with a concerning 6 lacking authentication checks, represents a substantial entry point for potential unauthorized actions. Furthermore, the taint analysis reveals 5 flows with unsanitized paths, with 4 of these flagged as high severity. This indicates potential for data injection or manipulation if these flows are reachable via the unprotected AJAX handlers. The lack of known CVEs is a positive indicator, suggesting a generally well-maintained codebase in terms of publicly disclosed vulnerabilities. However, the identified static analysis issues, particularly the unprotected AJAX handlers combined with high-severity unsanitized paths, suggest an elevated risk profile that requires attention.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized paths
SQL queries with potential for insecurity (38% prepared)
Limited nonce checks relative to AJAX handlers

Vulnerabilities

None known

FloatyFAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

FloatyFAQ Code Analysis

Dangerous Functions

Raw SQL Queries

40 prepared

Unescaped Output

130 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

38% prepared106 total queries

Output Escaping

97% escaped134 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths

<analytics> (admin\analytics.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

FloatyFAQ Attack Surface

Entry Points16

Unprotected6

AJAX Handlers 16

authwp_ajax_floatyfaq_save_categoryincludes\class-admin.php:19

authwp_ajax_floatyfaq_delete_categoryincludes\class-admin.php:20

authwp_ajax_floatyfaq_toggle_categoryincludes\class-admin.php:21

authwp_ajax_floatyfaq_reorder_categoriesincludes\class-admin.php:22

authwp_ajax_floatyfaq_reorder_faqsincludes\class-admin.php:23

authwp_ajax_floatyfaq_save_faqincludes\class-admin.php:24

authwp_ajax_floatyfaq_delete_faqincludes\class-admin.php:25

authwp_ajax_floatyfaq_get_faqincludes\class-admin.php:26

authwp_ajax_floatyfaq_save_settingsincludes\class-admin.php:27

authwp_ajax_floatyfaq_rateincludes\class-admin.php:28

noprivwp_ajax_floatyfaq_rateincludes\class-admin.php:29

authwp_ajax_floatyfaq_clear_cacheincludes\class-admin.php:30

authwp_ajax_floatyfaq_get_faqsincludes\class-frontend.php:19

noprivwp_ajax_floatyfaq_get_faqsincludes\class-frontend.php:20

authwp_ajax_floatyfaq_track_viewincludes\class-frontend.php:21

noprivwp_ajax_floatyfaq_track_viewincludes\class-frontend.php:22

WordPress Hooks 7

actionadmin_initfloatyfaq.php:42

actionplugins_loadedfloatyfaq.php:164

actionadmin_menuincludes\class-admin.php:17

actionadmin_enqueue_scriptsincludes\class-admin.php:18

actionwp_footerincludes\class-frontend.php:17

actionwp_enqueue_scriptsincludes\class-frontend.php:18

actionadmin_initincludes\class-migration.php:154

Maintenance & Trust

FloatyFAQ Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 10, 2026

PHP min version7.2

Downloads126

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

FloatyFAQ Alternatives

DearDocs – Documentation, Knowledge Base, Help Center & FAQs

deardocs

100

Create a searchable Documentation site, Knowledge Base, or Help Center. Manage your support wiki and product docs with this powerful WordPress plugin.

0 No CVEs

EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

eazydocs

Build professional knowledge bases with unlimited docs, drag-and-drop editor, live search, and SEO optimization.

2K 9 CVEs

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

Manage customer support with a powerful helpdesk & support ticket system — track customer tickets, resolve, and streamline your support workflow.

1K 3 CVEs

Freshdesk (official)

freshdesk-support

Quickly embed the Freshdesk help widget, convert WordPress comments to tickets and seamlessly log your WordPress users into your support portal.

900 3 CVEs

Knowledge Base

knowledgebase

Effortlessly build a comprehensive knowledge base for unlimited products on your WordPress site and elevate your customer support experience.

100 4 CVEs

Developer Profile

FloatyFAQ Developer Profile

Mario Merola

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FloatyFAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/floatyfaq/assets/css/floatyfaq-main.css/wp-content/plugins/floatyfaq/assets/js/floatyfaq-frontend.js/wp-content/plugins/floatyfaq/assets/js/floatyfaq-analytics.js

Script Paths

/wp-content/plugins/floatyfaq/assets/js/floatyfaq-frontend.js/wp-content/plugins/floatyfaq/assets/js/floatyfaq-analytics.js

Version Parameters

floatyfaq/assets/css/floatyfaq-main.css?ver=floatyfaq/assets/js/floatyfaq-frontend.js?ver=floatyfaq/assets/js/floatyfaq-analytics.js?ver=

HTML / DOM Fingerprints

CSS Classes

floatyfaq-balloonfloatyfaq-overlayfloatyfaq-search-inputfloatyfaq-category-titlefloatyfaq-item-questionfloatyfaq-item-answer

Data Attributes

data-floatyfaq-iddata-balloon-positiondata-balloon-sizedata-balloon-colordata-balloon-icon

JS Globals

floatyfaq_vars

FAQ