SC To Top Security & Risk Analysis

wordpress.org/plugins/sc-to-top

A simple plugin to scroll to the top! Impossible to be easier than this one!

10 active installs v2.2 PHP + WP 3.0.1+ Updated Jul 12, 2017
scroll-to-top
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is SC To Top Safe to Use in 2026?

Generally Safe

Score 85/100

SC To Top has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "sc-to-top" plugin version 2.2 exhibits a strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface, and importantly, there are no unprotected entry points. The code signals further reinforce this positive assessment, with no dangerous functions, all SQL queries utilizing prepared statements, and no file operations or external HTTP requests. However, a concerning signal is that 33% of output instances are not properly escaped. While the vulnerability history is clean, indicating past diligence, the lack of critical and high severity findings in taint analysis could be a consequence of the limited attack surface rather than a definitive indicator of perfect sanitation for all potential data flows.

Overall, the plugin demonstrates good practices in limiting its attack vectors and securing database interactions. The primary concern lies in the unescaped output, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data or dynamic content is displayed without proper sanitization. The clean vulnerability history is a positive sign, but the presence of unescaped output warrants attention. A balanced conclusion would be that the plugin is generally secure due to its minimal attack surface, but the unescaped output represents a specific, actionable area for improvement to achieve a more robust security posture.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

SC To Top Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SC To Top Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

SC To Top Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

67% escaped15 total outputs
Attack Surface

SC To Top Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadmin_menufunctions/options.php:3
actionadmin_initfunctions/options.php:12
actionwp_enqueue_scriptsindex.php:15
actionadmin_enqueue_scriptsindex.php:23
actionwp_footerindex.php:41
Maintenance & Trust

SC To Top Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 12, 2017
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Developer Profile

SC To Top Developer Profile

Sergio Costa

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SC To Top

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sc-to-top/css/sc-to-top.css/wp-content/plugins/sc-to-top/css/fontello.css/wp-content/plugins/sc-to-top/js/sc-to-top.js
Script Paths
/wp-content/plugins/sc-to-top/js/sc-to-top.js

HTML / DOM Fingerprints

CSS Classes
sc-to-topno-icon
Data Attributes
title
FAQ

Frequently Asked Questions about SC To Top