Does MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar compatible with WordPress 6.9.4?

According to WordPress.org data, MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar 1.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar compatible with PHP 7.4+?

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Security & Risk Analysis

wordpress.org/plugins/maxboxy

Make Conversion Boxes, Popups, Floats and Inject Any Content in a WorsPress way!

60 active installs v1.2.1 PHP 7.4+ WP 6.7+ Updated Dec 7, 2025

alertscontent-boxfloating-contentnotificationspopup

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Safe to Use in 2026?

Generally Safe

Score 100/100

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "maxboxy" v1.2.1 plugin exhibits a generally strong security posture based on the provided static analysis. All identified AJAX handlers have authentication checks, and there are no publicly accessible REST API routes, shortcodes, or cron events that could serve as attack vectors. The code also demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and a significant number of output operations are properly escaped. The absence of file operations and external HTTP requests further reduces potential risks. The plugin also includes a healthy number of nonce and capability checks, indicating an awareness of WordPress security best practices.

However, a concerning area is the output escaping. While 78% of outputs are escaped, this still leaves 22% unescaped. This could represent a potential Cross-Site Scripting (XSS) vulnerability if user-supplied data is directly outputted without proper sanitization in those unescaped instances. The taint analysis reveals no critical or high severity unsanitized paths, which is a positive indicator, but the unescaped output percentage warrants attention. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a history of secure development or a lack of exposure to known exploits. This, combined with the other positive code signals, points to a relatively safe plugin, but the unescaped output represents the primary risk that should be addressed.

Key Concerns

Significant percentage of unescaped output

Vulnerabilities

None known

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Release Timeline

v1.2.1Current

v1.2.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

Code Analysis

Analyzed Mar 16, 2026

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

240

857 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

78% escaped1097 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

csf_export (admin\codestar-framework\functions\actions.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 12

authwp_ajax_csf-get-iconsadmin\codestar-framework\functions\actions.php:50

authwp_ajax_csf-exportadmin\codestar-framework\functions\actions.php:87

authwp_ajax_csf-importadmin\codestar-framework\functions\actions.php:123

authwp_ajax_csf-resetadmin\codestar-framework\functions\actions.php:150

authwp_ajax_csf-chosenadmin\codestar-framework\functions\actions.php:189

authwp_ajax_maxboxy_update_loadclasses\track.php:18

noprivwp_ajax_maxboxy_update_loadclasses\track.php:22

authwp_ajax_maxboxy_update_viewsclasses\track.php:26

noprivwp_ajax_maxboxy_update_viewsclasses\track.php:30

authwp_ajax_maxboxy_update_goalsclasses\track.php:34

noprivwp_ajax_maxboxy_update_goalsclasses\track.php:38

authwp_ajax_maxboxy_reset_panel_statsclasses\track.php:43

WordPress Hooks 66

filtercsf_welcome_pageadmin\admin-init.php:21

actionadmin_enqueue_scriptsadmin\admin-init.php:62

actionwp_enqueue_scriptsadmin\codestar-framework\classes\abstract.class.php:21

actionadmin_menuadmin\codestar-framework\classes\admin-options.class.php:107

actionadmin_bar_menuadmin\codestar-framework\classes\admin-options.class.php:108

actionnetwork_admin_menuadmin\codestar-framework\classes\admin-options.class.php:112

filteradmin_footer_textadmin\codestar-framework\classes\admin-options.class.php:432

actionadd_meta_boxes_commentadmin\codestar-framework\classes\comment-options.class.php:38

actionedit_commentadmin\codestar-framework\classes\comment-options.class.php:39

actioncustomize_registeradmin\codestar-framework\classes\customize-options.class.php:44

actioncustomize_save_afteradmin\codestar-framework\classes\customize-options.class.php:45

actionwp_enqueue_scriptsadmin\codestar-framework\classes\customize-options.class.php:49

actionadd_meta_boxesadmin\codestar-framework\classes\metabox-options.class.php:50

actionsave_postadmin\codestar-framework\classes\metabox-options.class.php:51

actionedit_attachmentadmin\codestar-framework\classes\metabox-options.class.php:52

actionwp_nav_menu_item_custom_fieldsadmin\codestar-framework\classes\nav-menu-options.class.php:32

actionwp_update_nav_menu_itemadmin\codestar-framework\classes\nav-menu-options.class.php:33

filterwp_edit_nav_menu_walkeradmin\codestar-framework\classes\nav-menu-options.class.php:35

actionadmin_initadmin\codestar-framework\classes\profile-options.class.php:32

actionshow_user_profileadmin\codestar-framework\classes\profile-options.class.php:44

actionedit_user_profileadmin\codestar-framework\classes\profile-options.class.php:45

actionpersonal_options_updateadmin\codestar-framework\classes\profile-options.class.php:47

actionedit_user_profile_updateadmin\codestar-framework\classes\profile-options.class.php:48

actionafter_setup_themeadmin\codestar-framework\classes\setup.class.php:73

actioninitadmin\codestar-framework\classes\setup.class.php:74

actionswitch_themeadmin\codestar-framework\classes\setup.class.php:75

actionadmin_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:76

actionwp_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:77

actionwp_headadmin\codestar-framework\classes\setup.class.php:78

filteradmin_body_classadmin\codestar-framework\classes\setup.class.php:79

actionadmin_footeradmin\codestar-framework\classes\shortcode-options.class.php:47

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:48

actionelementor/editor/before_enqueue_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:59

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:60

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:61

actionenqueue_block_editor_assetsadmin\codestar-framework\classes\shortcode-options.class.php:258

actionmedia_buttonsadmin\codestar-framework\classes\shortcode-options.class.php:262

actionadmin_initadmin\codestar-framework\classes\taxonomy-options.class.php:41

actionadmin_footeradmin\codestar-framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsadmin\codestar-framework\fields\link\link.php:65

actionprint_default_editor_scriptsadmin\codestar-framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuadmin\codestar-framework\views\welcome.php:19

filterplugin_action_linksadmin\codestar-framework\views\welcome.php:20

filterplugin_row_metaadmin\codestar-framework\views\welcome.php:21

actioncsf_loadedadmin\opt\config\framework.php:395

actioncsf_loadedadmin\opt\config\metabox.php:1453

filtermanage_float_any_posts_columnsclasses\admin-columns.php:14

actionmanage_float_any_posts_custom_columnclasses\admin-columns.php:18

filtermanage_inject_any_posts_columnsclasses\admin-columns.php:23

actionmanage_inject_any_posts_custom_columnclasses\admin-columns.php:27

actioninitclasses\init.php:13

actioninitclasses\init.php:15

actionwp_enqueue_scriptsclasses\init.php:17

actionadmin_noticesclasses\init.php:19

actionadmin_menuclasses\init.php:21

actioninitclasses\init.php:23

actioninitclasses\init.php:25

actioninitclasses\init.php:27

actionwp_headclasses\init.php:29

actionwp_body_openclasses\init.php:31

actionwp_footerclasses\init.php:33

actionwp_footerclasses\init.php:35

actionbody_classclasses\track.php:14

actioninitpatterns.php:14

actioninitpatterns.php:78

Maintenance & Trust

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 7, 2025

PHP min version7.4

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Alternatives

Advanced Notifications

advanced-notifications

Advanced Notifications allows you to create beautiful custom notifications that appear on pages or posts of your choice.

100 1 CVE

Sales Notifications for WooCommerce – Recent Sales Popup

wc-live-sale-notifications

100

Sales Notifications for WooCommerce - Recent Sales Popup boosts sales by showing recent orders in a popup with customer and product details.

50 No CVEs

Social Proof Popups & Real-Time Notifications – Herd Effects

mwp-herd-effect

Boost conversions with real-time social proof popups and user activity notifications, encouraging visitor actions on your WordPress site.

1K 5 CVEs

Proof Factor – Social Proof Notifications

proof-factor-social-proof-notifications

Proof Factor displays recent user sign ups!

100 1 unpatched

Proof Factor – Social Proof Notifications for WooCommerce

proof-factor-social-proof-notifications-for-woocommerce

Proof Factor displays recent orders and purchases on your WooCommerce storefront!

80 No CVEs

Developer Profile

MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar Developer Profile

maxpressy

4 plugins · 270 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MaxBoxy: Make WordPress Floating Content, Popup, Alert Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/maxboxy/library/admin/min/adminizr.js

Script Paths