Scroll UP Security & Risk Analysis
wordpress.org/plugins/scroll-to-up,bar, custom icon, fixed button scroller, go-to-top, notification bar, one click scroller, plugin, responsive button, responsive scroll to top button …
Is Scroll UP Safe to Use in 2026?
Mostly Safe
Score 78/100Scroll UP is generally safe to use. 1 past CVE were resolved. Keep it updated.
The "scroll-to-up" plugin version 2.0 exhibits a mixed security posture. On the positive side, static analysis reveals no apparent dangerous functions, no direct SQL queries, no file operations, no external HTTP requests, and no identifiable attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks. This suggests a generally well-contained plugin in terms of direct exploitation vectors.
However, a significant concern arises from the output escaping. With 16 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is reflected in the plugin's output without proper sanitization can be exploited by attackers to inject malicious scripts. Furthermore, the vulnerability history reveals a known medium severity CVE related to XSS, which is currently unpatched. This pattern of XSS vulnerabilities, coupled with the lack of proper output escaping in the current version, strongly suggests a recurring issue and a lack of robust security practices in handling user input.
In conclusion, while the plugin has a small attack surface and avoids several common pitfalls like raw SQL and unauthenticated entry points, the pervasive lack of output escaping and the presence of an unpatched XSS vulnerability are critical weaknesses. Users should be extremely cautious and prioritize updating to a version that addresses the XSS flaw, as the current analysis indicates a high likelihood of such vulnerabilities.
Key Concerns
- Unpatched CVE found
- 0% output escaping
- Known XSS vulnerability type
Scroll UP Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Scroll UP <= 2.0 - Reflected Cross-Site Scripting
Scroll UP Code Analysis
Output Escaping
Scroll UP Attack Surface
WordPress Hooks 3
Maintenance & Trust
Scroll UP Maintenance & Trust
Maintenance Signals
Community Trust
Scroll UP Alternatives
Scroll Page To Top
scroll-page-to-top
Scroll Page To Top is a lightweight plugin that helps to add "Scroll to top / Back to top / Scroll Page to Top / Bottom to top" feature in y …
WPFront Scroll Top
wpfront-scroll-top
Adds a lightweight and smooth "Scroll to Top" button to your WordPress site, improving navigation and user experience with customizable options.
Smooth Back To Top Button
smooth-back-to-top-button
Smooth Back To Top button with scroll progress indicator.
Scroll To Top
scroll-top
Automatically adds a flexible Back to Top button to your WordPress website that allows your visitor to scroll back to the top of your page with one cl …
jQuery Smooth Scroll
jquery-smooth-scroll
Activate the plugin for smooth scrolling and smooth "back to top" feature.
Scroll UP Developer Profile
3 plugins · 140 total installs
How We Detect Scroll UP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/scroll-to-up/assets/css/font-awesome.min.css/wp-content/plugins/scroll-to-up/assets/jquery.scrollUp.min.js/wp-content/plugins/scroll-to-up/assets/jquery.scrollUp.min.js/wp-content/plugins/scroll-to-up/assets/css/font-awesome.min.css?ver=4.4.0/wp-content/plugins/scroll-to-up/assets/jquery.scrollUp.min.js?ver=2.4.1HTML / DOM Fingerprints
scroll_to_up_proDefine Scrollup button positionposition : Bottom rightposition : Bottom leftposition : Vertically middle left+6 moredata-scroll-namedata-scroll-distancedata-scroll-fromdata-scroll-speeddata-easing-typedata-animation+8 morejQuery$