WP-Safety

Smart Floating / Sticky Buttons For Post and Page Read Status Security & Risk Analysis

wordpress.org/plugins/post-read-unread-floating-sticky-button

Smart Floating / Sticky Buttons used to get the read status of the post or page or any custom post if user reach at the end of post.

0 active installs v1.0 PHP 5.6+ WP 4.6+ Updated Apr 13, 2021
page-read-buttonpost-read-buttonsmart-buttonsmart-read-buttonsticky-button
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Smart Floating / Sticky Buttons For Post and Page Read Status Safe to Use in 2026?

Generally Safe

Score 85/100

Smart Floating / Sticky Buttons For Post and Page Read Status has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin "post-read-unread-floating-sticky-button" v1.0 exhibits a mixed security posture. While it has a very small attack surface and no recorded vulnerability history, suggesting good maintenance and minimal exposure, the static code analysis reveals significant concerns. Specifically, the taint analysis indicates a high severity flow with unsanitized paths, which could be exploited for injection attacks. Furthermore, the plugin demonstrates poor output escaping practices, with only 25% of outputs being properly sanitized, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. The lack of capability checks on its single AJAX handler is also a notable weakness, as it means any logged-in user could potentially trigger this functionality without proper authorization.

Key Concerns

  • High severity taint flow with unsanitized path
  • Poor output escaping (25% properly escaped)
  • No capability checks on AJAX handler
Vulnerabilities
None known

Smart Floating / Sticky Buttons For Post and Page Read Status Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Smart Floating / Sticky Buttons For Post and Page Read Status Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Smart Floating / Sticky Buttons For Post and Page Read Status Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
3
1 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

25% escaped4 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<vee_Read_unread_report> (vee_Read_unread_report.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Smart Floating / Sticky Buttons For Post and Page Read Status Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_vee_save_readpost_read_unread.php:139
WordPress Hooks 3
actionadmin_menupost_read_unread.php:81
actionwp_enqueue_scriptspost_read_unread.php:87
actionthe_contentpost_read_unread.php:121
Maintenance & Trust

Smart Floating / Sticky Buttons For Post and Page Read Status Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedApr 13, 2021
PHP min version5.6
Downloads957

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Smart Floating / Sticky Buttons For Post and Page Read Status Alternatives

Simple Floating Menu

Simple Floating Menu

simple-floating-menu

A
100

Simple Floating Menu add a simple floating button with various layouts and settings.

10K No CVEs
Sticky Buttons – Floating Buttons Builder

Sticky Buttons – Floating Buttons Builder

sticky-buttons

A
98

Increase user engagement by incorporating sticky buttons that highlight relevant information on your website.

10K 3 CVEs
WP Sticky Button – Click to Chat

WP Sticky Button – Click to Chat

wa-sticky-button

A
99

Display the beautiful WhatsApp Sticky Button on the WordPress frontend.

10K 2 CVEs
WP CTA – Call Now Button, Sticky Button & Call to Action Builder

WP CTA – Call Now Button, Sticky Button & Call to Action Builder

easy-sticky-sidebar

A
95

WordPress Call To Action builder that creates sticky buttons, call now buttons and CTAs to boost clicks, increase sales and generate leads.

2K 5 CVEs
WP Click to Chat – Email, Live Chat, Call & Book Now Buttons

WP Click to Chat – Email, Live Chat, Call & Book Now Buttons

support-chat

A
98

Offer unlimited chat apps and support channels to your WordPress website.

1K 3 CVEs
Developer Profile

Smart Floating / Sticky Buttons For Post and Page Read Status Developer Profile

Romal

2 plugins · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart Floating / Sticky Buttons For Post and Page Read Status

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-read-unread-floating-sticky-button/assets/css/veemain.css/wp-content/plugins/post-read-unread-floating-sticky-button/assets/js/main.js
Script Paths
/wp-content/plugins/post-read-unread-floating-sticky-button/assets/js/main.js
Version Parameters
post-read-unread-floating-sticky-button/assets/css/veemain.css?ver=post-read-unread-floating-sticky-button/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
read_unread
JS Globals
vee_plugin_ajax_object
Shortcode Output
<div id="read_unread">Already read!</div>
FAQ

Frequently Asked Questions about Smart Floating / Sticky Buttons For Post and Page Read Status