Does Mango Buttons have any unpatched vulnerabilities?

No. All known vulnerabilities in Mango Buttons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mango Buttons compatible with WordPress 4.6.30?

According to WordPress.org data, Mango Buttons 1.2.9 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Mango Buttons updated?

Mango Buttons was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Mango Buttons's security score?

Mango Buttons has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mango Buttons Security & Risk Analysis

wordpress.org/plugins/mango-buttons

Mango Buttons is a button creator for WordPress that allows anyone to create beautiful buttons anywhere on their site.

3K active installs v1.2.9 PHP + WP 3.9+ Updated Nov 28, 2017

button-creatorbutton-generatorbutton-makercss-buttoncss3-button

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Mango Buttons Safe to Use in 2026?

Generally Safe

Score 85/100

Mango Buttons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "mango-buttons" plugin v1.2.9 exhibits a generally positive security posture, demonstrating adherence to several good security practices. The absence of any recorded vulnerabilities or CVEs in its history is a significant strength, suggesting a history of stable and likely secure development. Furthermore, the plugin utilizes prepared statements for all SQL queries and includes nonce and capability checks for its AJAX handlers, which are crucial for preventing common attacks.

However, the static analysis reveals a significant concern: 100% of output is not properly escaped. This represents a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user interface. While there are no critical taint flows or unsanitized paths identified, the unescaped output means that any data processed by the plugin and displayed back to the user is potentially vulnerable.

In conclusion, while the plugin's lack of historical vulnerabilities and its use of prepared statements and authentication checks are commendable, the pervasive issue of unescaped output presents a substantial risk. Developers should prioritize addressing this oversight to mitigate potential XSS attacks. The plugin's limited attack surface and absence of other common security pitfalls are positive, but the output escaping flaw requires immediate attention.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

Mango Buttons Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Mango Buttons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

0% escaped8 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

process_admin_ajax (admin\ajax\mb-ajax-handler.php:31)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Mango Buttons Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_mb_admin_ajaxadmin\ajax\mb-ajax-handler.php:13

noprivwp_ajax_mb_public_ajaxadmin\ajax\mb-ajax-handler.php:14

WordPress Hooks 14

actionadmin_menuadmin\controllers\help.php:15

actionadmin_menuadmin\controllers\settings.php:15

actionplugins_loadedmango-buttons.php:28

actionadmin_menumango-buttons.php:169

filtermce_buttonsmango-buttons.php:176

filtermce_external_pluginsmango-buttons.php:177

filtermce_cssmango-buttons.php:178

filtertiny_mce_before_initmango-buttons.php:181

actionadmin_footermango-buttons.php:187

actionadmin_headmango-buttons.php:190

actionwp_print_scriptsmango-buttons.php:193

actionadmin_print_scriptsmango-buttons.php:194

actionwp_print_stylesmango-buttons.php:195

actionadmin_print_stylesmango-buttons.php:196

Maintenance & Trust

Mango Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 28, 2017

PHP min version

Downloads87K

Community Trust

Rating96/100

Number of ratings18

Active installs3K

Alternatives

Mango Buttons Alternatives

MaxButtons – Create buttons

maxbuttons

Maxbuttons is the best and easiest button plugin for WordPress. Within minutes you can create beautiful buttons, share buttons and social icons.

80K 13 CVEs

WP CSS3 Button Creator

wp-css3-button-creator-plugin

This Wordpress Plugin allows you to create beautiful CSS3 buttons that you can use on your WordPress Site

40 No CVEs

Link Designer – Free Link Designer Plugin for WordPress

link-designer-lite

Link Designer - Free Link Designer Plugin for WordPress lets you add beautiful customizable links to your site.

10 No CVEs

Developer Profile

Mango Buttons Developer Profile

philbaylog

1 plugin · 3K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mango Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mango-buttons/public/style/mb-button.css/wp-content/plugins/mango-buttons/admin/images/menu-icon.png

Script Paths

/wp-content/plugins/mango-buttons/admin/js/tinymce.mangobuttons-plugin.js

Version Parameters

mango-buttons/public/style/mb-button.css?ver=

HTML / DOM Fingerprints

CSS Classes

mb-bg

HTML Comments

JS Globals

MB_JS_GLOBALS

FAQ