WP-Safety

Jumper – custom contact popup sidebar with floating button Security & Risk Analysis

wordpress.org/plugins/jumper

The ultimate WordPress flexible popup sidebar tool that is triggered by a floating button and displays a variety of contact options

50 active installs v1.1.2 PHP 7.0+ WP 5.0+ Updated Jun 29, 2022
click-to-actioncontactfloatingformsidebar
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Jumper – custom contact popup sidebar with floating button Safe to Use in 2026?

Generally Safe

Score 85/100

Jumper – custom contact popup sidebar with floating button has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "jumper" plugin v1.1.2 demonstrates a generally good security posture with several positive indicators. All identified entry points, specifically the 8 AJAX handlers, appear to have authorization checks, which is a crucial security control. Furthermore, the plugin exclusively uses prepared statements for its SQL queries, mitigating the risk of SQL injection vulnerabilities. The high percentage of properly escaped output (82%) is also encouraging, reducing the likelihood of cross-site scripting (XSS) attacks. The absence of any known CVEs or historical vulnerabilities further contributes to a positive assessment.

However, there are a few areas that warrant attention. The presence of the `create_function` dangerous function, while only one instance, is a significant concern as it can lead to arbitrary code execution if used improperly. Although no taint flows indicate immediate unsanitized paths, the very existence of this function should be flagged. The limited number of nonce and capability checks (4 and 2 respectively) compared to the number of AJAX handlers might suggest potential weaknesses if authorization checks are not comprehensive enough for all AJAX actions. Finally, the plugin performs 2 file operations, which, without further context, introduces a potential risk if these operations are not carefully secured against directory traversal or arbitrary file write vulnerabilities.

Overall, the "jumper" plugin v1.1.2 is built on a foundation of good security practices, particularly in its handling of AJAX endpoints and SQL queries. The lack of past vulnerabilities is a strong positive. The primary concerns lie in the single instance of `create_function` and the potential for less robust authorization in the limited number of nonce and capability checks relative to the attack surface. The file operations also represent an area to scrutinize further. Vigilance regarding the `create_function` usage and ensuring all AJAX actions are thoroughly secured is recommended.

Key Concerns

  • Dangerous function (create_function) detected
  • Limited nonce checks relative to AJAX handlers
  • Limited capability checks relative to AJAX handlers
  • File operations present, potential for misuse
Vulnerabilities
None known

Jumper – custom contact popup sidebar with floating button Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Jumper – custom contact popup sidebar with floating button Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
38
176 escaped
Nonce Checks
4
Capability Checks
2
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('init', create_function('$a', "remove_action( 'init', 'wp_version_check' );") , 2);combar-fs.php:56

Output Escaping

82% escaped214 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
combar_fs_update_options (inc\admin-functions.php:816)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Jumper – custom contact popup sidebar with floating button Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

noprivwp_ajax_combar_fs_element_fields_ajaxinc\admin-functions.php:802
authwp_ajax_combar_fs_element_fields_ajaxinc\admin-functions.php:803
noprivwp_ajax_combar_fs_preview_ajaxinc\admin-functions.php:813
authwp_ajax_combar_fs_preview_ajaxinc\admin-functions.php:814
noprivwp_ajax_combar_fs_update_optionsinc\admin-functions.php:829
authwp_ajax_combar_fs_update_optionsinc\admin-functions.php:830
noprivwp_ajax_combar_fs_restart_optionsinc\admin-functions.php:845
authwp_ajax_combar_fs_restart_optionsinc\admin-functions.php:846
WordPress Hooks 11
actionadmin_menucombar-fs.php:38
actioninitcombar-fs.php:56
filterpre_option_update_corecombar-fs.php:57
filterpre_site_transient_update_corecombar-fs.php:58
actionadmin_initcombar-fs.php:92
actionactivated_plugincombar-fs.php:234
actionwp_enqueue_scriptscombar-fs.php:372
actionadmin_enqueue_scriptscombar-fs.php:373
filteradmin_body_classinc\admin-functions.php:32
filterbody_classinc\functions.php:30
actionwp_footerinc\functions.php:36
Maintenance & Trust

Jumper – custom contact popup sidebar with floating button Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJun 29, 2022
PHP min version7.0
Downloads4K

Community Trust

Rating96/100
Number of ratings6
Active installs50
Alternatives

Jumper – custom contact popup sidebar with floating button Alternatives

cformsII

cformsII

cforms2

A
93

This is a fork of cformsII, a highly customizable, flexible and powerful form builder plugin, covering a variety of use cases and features.

4K 11 CVEs
Contact Form 7 Widget

Contact Form 7 Widget

contact-form-7-widget

A
85

Use your Contact Form 7 forms and other shortcodes in your sidebars.

2K No CVEs
Sticky Floating Forms Lite

Sticky Floating Forms Lite

sticky-floating-forms-lite

A
100

Sticky Floating Forms WordPress plugin allows you to add CTA buttons on your website and when the user clicks on that buttons it will display contact …

1K No CVEs
Sticky Action Buttons – Call, Chat, Navigate and more

Sticky Action Buttons – Call, Chat, Navigate and more

sticky-action-buttons-call-chat-navigate-and-more

A
85

The ultimate flexible and lightweight responsive sticky floating contact buttons. over 100 different design options.

200 No CVEs
Simple Floating Contact Form

Simple Floating Contact Form

simple-floating-contact-form

A
85

Simple Floating Contact Form is a simple tool to build website visitor engagement.

100 No CVEs
Developer Profile

Jumper – custom contact popup sidebar with floating button Developer Profile

Combar Digital

3 plugins · 550 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Jumper – custom contact popup sidebar with floating button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jumper/assets/css/jumper.css/wp-content/plugins/jumper/assets/js/jumper.js/wp-content/plugins/jumper/assets/js/libs/bootstrap.bundle.min.js/wp-content/plugins/jumper/assets/js/libs/font-awesome.min.js
Script Paths
/wp-content/plugins/jumper/assets/js/jumper.js/wp-content/plugins/jumper/assets/js/libs/bootstrap.bundle.min.js/wp-content/plugins/jumper/assets/js/libs/font-awesome.min.js
Version Parameters
jumper/style.css?ver=jumper.js?ver=

HTML / DOM Fingerprints

CSS Classes
jumper-trigger-buttonjumper-sidebarjumper-close-buttoncombar-fs-admin-wrap
HTML Comments
<!-- Jumper Floating Sidebar --><!-- Jumper Close Button --><!-- Jumper Floating Sidebar Inner --><!-- Jumper Trigger Button -->+2 more
Data Attributes
data-jumper-sidedata-jumper-theme-colordata-jumper-trigger-icondata-jumper-trigger-titledata-jumper-opendata-bs-toggle+1 more
JS Globals
JumperSettingsJumper
REST Endpoints
/wp-json/combar-fs/v1/settings
FAQ

Frequently Asked Questions about Jumper – custom contact popup sidebar with floating button