Does Flowbox have any unpatched vulnerabilities?

Yes — Flowbox currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Flowbox compatible with WordPress 6.6.5?

According to WordPress.org data, Flowbox 1.1.6 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Flowbox compatible with PHP 7.0+?

Flowbox requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Flowbox updated?

Flowbox was last updated on Mar 30, 2026. Frequent updates are generally a positive security signal.

What is Flowbox's security score?

Flowbox has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Flowbox Security & Risk Analysis

wordpress.org/plugins/flowbox

Flowbox helps brands leverage and distribute social content throughout the buyer journey to increase engagement, social proof and sales.

10 active installs v1.1.6 PHP 7.0+ WP 5.0+ Updated Mar 30, 2026

e-commerceengagementincrease-salessocial-proofuser-generated-content

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 31, 2025

Download

Safety Verdict

Is Flowbox Safe to Use in 2026?

Mostly Safe

Score 78/100

Flowbox is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Dec 31, 2025Updated 1mo ago

Risk Assessment

The Flowbox plugin v1.1.5 exhibits a generally good security posture with strong adherence to core WordPress security practices. The static analysis reveals a small attack surface with no unprotected entry points, a low number of SQL queries, and a high percentage of properly escaped outputs. The presence of nonce and capability checks further indicates an effort to secure the plugin's functionality. However, a significant concern arises from the taint analysis which identified one flow with unsanitized paths, despite no critical or high severity issues being flagged in this area. The plugin's vulnerability history is a major red flag, with one unpatched medium severity CVE from 2025-12-31, identified as a 'Missing Authorization' issue. This suggests a recurring pattern of authorization-related weaknesses, even if the latest static analysis appears to have addressed them or the vulnerability occurred in a future context not reflected in the current code scan. The combination of the unsanitized path flow and the known unpatched vulnerability necessitates caution.

Key Concerns

Unpatched CVE (medium severity)
Flow with unsanitized paths

Vulnerabilities

1 published

Flowbox Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49338medium · 5.3Missing Authorization

Flowbox <= 1.1.5 - Missing Authorization

Dec 31, 2025Unpatched

Version History

Flowbox Release Timeline

v1.1.6Current1 CVE

v1.1.51 CVE

v1.1.41 CVE

v1.1.31 CVE

v1.1.21 CVE

v1.1.11 CVE

v1.1.01 CVE

v1.0.01 CVE

Code Analysis

Analyzed Mar 17, 2026

Flowbox Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

167 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared24 total queries

Output Escaping

97% escaped172 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<update_options> (includes\update_options.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Flowbox Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[flow] includes\functions.php:262

WordPress Hooks 9

actionadmin_initincludes\functions.php:22

actionadmin_initincludes\functions.php:44

actionadmin_menuincludes\functions.php:58

actionwoocommerce_before_single_productincludes\functions.php:372

actionwoocommerce_after_single_product_summaryincludes\functions.php:373

actionwoocommerce_after_single_productincludes\functions.php:374

actionwp_enqueue_scriptsincludes\functions.php:551

actionadmin_initincludes\functions.php:579

actionwoocommerce_thankyouincludes\functions.php:606

Maintenance & Trust

Flowbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedMar 30, 2026

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Flowbox Alternatives

SocialProofus Notifications

socialproofus

Boost Your Online Presence with SocialProofus Notifications: Drive Engagement and Credibility! - 100% free!

10 No CVEs

Social Proof Booster

social-proof-booster

Short Description: Social Proof Booster helps you display engaging social proof popups on your WooCommerce website

0 No CVEs

Social Proof Generator

social-proof-generator

A simple plugin to display social proof pop-ups on your WordPress site.

0 No CVEs

Product Filter for WooCommerce by WBW

woo-product-filter

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 9 CVEs

WP ULike – Like & Dislike Buttons for Engagement and Feedback

wp-ulike

Voting buttons that let your visitors give instant feedback. See what your audience loves with no registration, no friction, just one click.

60K 17 CVEs

Developer Profile

Flowbox Developer Profile

Flowbox

1 plugin · 10 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Flowbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flowbox/css/bootstrap-5.1.3-dist/css/bootstrap.min.css/wp-content/plugins/flowbox/css/custom.css/wp-content/plugins/flowbox/css/bootstrap-5.1.3-dist/js/bootstrap.bundle.min.js/wp-content/plugins/flowbox/js/flowbox.js

Script Paths

../css/bootstrap-5.1.3-dist/js/bootstrap.bundle.min.js../js/flowbox.js

Version Parameters

flowbox/custom.css?ver=flowbox/flowbox.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

id="js-flowbox-flow"

JS Globals

window.flowbox

Shortcode Output

<div id="js-flowbox-flow"></div>
<script>
  window.flowbox('init', {
    container: '#js-flowbox-flow',
    key: '

',
    locale: '

FAQ

Flowbox Security & Risk Analysis

Is Flowbox Safe to Use in 2026?

Mostly Safe

Key Concerns

Flowbox Security Vulnerabilities

CVEs by Year

Severity Breakdown

Flowbox Release Timeline

Flowbox Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Flowbox Attack Surface

Shortcodes 1

Flowbox Maintenance & Trust

Maintenance Signals

Community Trust

Flowbox Alternatives

SocialProofus Notifications

Social Proof Booster

Social Proof Generator

Product Filter for WooCommerce by WBW

WP ULike – Like & Dislike Buttons for Engagement and Feedback

Flowbox Developer Profile

How We Detect Flowbox

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Flowbox