WP-Safety

Floating Buttons for WooCommerce Security & Risk Analysis

wordpress.org/plugins/shop-assistant-for-woocommerce-jarvis

Floating Buttons and Action Bar on your WooCommerce website with floating Cart. Floating action buttons to increase store sales!

10 active installs v2.9.2 PHP 5.6+ WP 4.6+ Updated Dec 17, 2025
action-buttonsfloating-buttonsfloating-cartshop-assistantwoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 11, 2024
Plugin page Download
Safety Verdict

Is Floating Buttons for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Floating Buttons for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 11, 2024Updated 3mo ago
Risk Assessment

The "shop-assistant-for-woocommerce-jarvis" plugin v2.9.2 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices, with a high percentage of properly escaped output and all SQL queries utilizing prepared statements. The absence of file operations and external HTTP requests further reduces the attack surface. However, there are notable areas of concern. The presence of four AJAX handlers without authentication checks creates a significant attack vector. While the total number of entry points is moderate, the unprotected ones are a direct risk. The taint analysis revealed one flow with an unsanitized path, classified as high severity, which is a critical finding that could lead to serious vulnerabilities. The plugin's vulnerability history shows a past medium-severity issue, specifically related to missing authorization, which aligns with the current static analysis findings concerning unprotected AJAX handlers. Although no critical or high-severity vulnerabilities are currently unpatched, the historical pattern and the identified high-severity taint flow warrant attention. Overall, while the plugin implements many security best practices, the unprotected AJAX handlers and the high-severity taint flow represent immediate risks that need addressing.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flow with unsanitized path
  • Dangerous function used (unserialize)
  • Bundled outdated jQuery library v3.1.1
Vulnerabilities
1

Floating Buttons for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-52395medium · 5.3Missing Authorization

Floating Buttons for WooCommerce <= 2.8.8 - Missing Authorization

Nov 11, 2024 Patched in 2.9.2 (11d)
Code Analysis
Analyzed Mar 17, 2026

Floating Buttons for WooCommerce Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
11 prepared
Unescaped Output
31
908 escaped
Nonce Checks
13
Capability Checks
11
File Operations
0
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$form_fields = unserialize($form_fields);classes\jarvis-class-language-builder.php:82
unserialize$form_fields = unserialize($form_fields);classes\shortcodes\class-shortcode-qc-jarvis.php:52
unserialize$form_fields = unserialize($form_fields);classes\shortcodes\class-widget-shortcode.php:51
unserialize$products = unserialize(get_option('jarvis-recommended-products'));functions.php:96

Bundled Libraries

Select2jQuery3.1.1

SQL Query Safety

100% prepared11 total queries

Output Escaping

97% escaped939 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

11 flows1 with unsanitized paths
goodbye_form_callback (class-plugin-deactivate-feedback.php:363)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Floating Buttons for WooCommerce Attack Surface

Entry Points33
Unprotected4

AJAX Handlers 25

authwp_ajax_goodbye_formclass-plugin-deactivate-feedback.php:61
authwp_ajax_get_cart_productsfunctions.php:768
noprivwp_ajax_get_cart_productsfunctions.php:769
authwp_ajax_qcld_jarvis_get_sold_productsfunctions.php:816
noprivwp_ajax_qcld_jarvis_get_sold_productsfunctions.php:817
authwp_ajax_get_admin_order_notification_itemfunctions.php:875
noprivwp_ajax_admin_order_notification_itemfunctions.php:876
authwp_ajax_get_jarvis_ajax_search_productsfunctions.php:937
noprivwp_ajax_get_jarvis_ajax_search_productsfunctions.php:938
authwp_ajax_qcld_jarvis_add_to_cartfunctions.php:1082
noprivwp_ajax_qcld_jarvis_add_to_cartfunctions.php:1083
authwp_ajax_get_cart_items_num_product_titlefunctions.php:1102
noprivwp_ajax_get_cart_items_num_product_titlefunctions.php:1103
authwp_ajax_remove_item_numbers_genie_cartfunctions.php:1122
noprivwp_ajax_remove_item_numbers_genie_cartfunctions.php:1123
authwp_ajax_pin_ball_modefunctions.php:1139
noprivwp_ajax_pin_ball_modefunctions.php:1140
authwp_ajax_pin_ball_supportfunctions.php:1189
noprivwp_ajax_pin_ball_supportfunctions.php:1190
authwp_ajax_jarvis_cart_item_removefunctions.php:1256
noprivwp_ajax_jarvis_cart_item_removefunctions.php:1257
authwp_ajax_jarvis_delete_all_options_for_uninstalljarvis-woo.php:2579
noprivwp_ajax_jarvis_delete_all_options_for_uninstalljarvis-woo.php:2580
authwp_ajax_qc_jarvis_process_qc_promo_formqc-support-promo-page\class-qc-support-promo-page.php:116
authwp_ajax_qcld_recommend_support_function_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:8

Shortcodes 8

[jarvis-recently-viewed-products] functions.php:73
[jarvis-recently-viewed-product-widget] functions.php:74
[jarvis-cart-products] functions.php:75
[jarvis_recommended_products] functions.php:77
[last_sold_product] functions.php:78
[last-sold-product-widget] functions.php:79
[qc_jarvis] jarvis-woo.php:122
[qc_jarvis_widget] jarvis-woo.php:123
WordPress Hooks 28
actionadmin_footer-plugins.phpclass-plugin-deactivate-feedback.php:60
filterwp_mail_content_typeclass-plugin-deactivate-feedback.php:96
actionadmin_headclass-qc-free-plugin-upgrade-notice.php:34
actionplugin_row_metaclass-qc-free-plugin-upgrade-notice.php:124
actionadmin_menuclass-qc-free-plugin-upgrade-notice.php:166
actiontemplate_redirectfunctions.php:369
actionwp_footerfunctions.php:563
filterwoocommerce_is_filteredfunctions.php:950
filterwoocommerce_is_filteredfunctions.php:973
actioninitjarvis-woo.php:50
actionadmin_noticesjarvis-woo.php:96
actionadmin_menujarvis-woo.php:102
actionadmin_initjarvis-woo.php:104
actionwidgets_initjarvis-woo.php:106
actionwoocommerce_initjarvis-woo.php:110
actionadmin_initjarvis-woo.php:112
actionadmin_enqueue_scriptsjarvis-woo.php:115
actionwp_enqueue_scriptsjarvis-woo.php:119
filterpre_get_postsjarvis-woo.php:125
filterloop_shop_post_injarvis-woo.php:127
filterwoocommerce_is_filteredjarvis-woo.php:2273
filterwoocommerce_is_filteredjarvis-woo.php:2295
filterwoocommerce_page_titlejarvis-woo.php:2342
filterwoocommerce_is_filteredjarvis-woo.php:2374
actionplugins_loadedjarvis-woo.php:2469
actionadmin_initjarvis-woo.php:2561
actionadmin_menuqc-support-promo-page\class-qc-support-promo-page.php:32
actionadmin_enqueue_scriptsqc-support-promo-page\class-qc-support-promo-page.php:62
Maintenance & Trust

Floating Buttons for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedDec 17, 2025
PHP min version5.6
Downloads9K

Community Trust

Rating100/100
Number of ratings7
Active installs10
Alternatives

Floating Buttons for WooCommerce Alternatives

Side Cart Woocommerce | Woocommerce Cart

Side Cart Woocommerce | Woocommerce Cart

side-cart-woocommerce

A
98

Manage your cart from just a click away with an interactive design

80K 3 CVEs
Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

cart-for-woocommerce

A
100

FunnelKit Cart adds a beautiful sliding cart to your WooCommerce store. Let the buyers add items, edit quantity and add upsells on the side cart.

30K No CVEs
Modern Cart – WooCommerce Side Cart & Popup Cart

Modern Cart – WooCommerce Side Cart & Popup Cart

modern-cart

A
100

Modern Cart gives your store a side cart and free shipping bar so shoppers stay on the page, spend more to unlock rewards, and check out in seconds.

30K No CVEs
WPC Fly Cart for WooCommerce

WPC Fly Cart for WooCommerce

woo-fly-cart

A
100

WPC Fly Cart is an interactive mini cart for WooCommerce. It allows users to update product quantities or remove products without reloading the page.

10K No CVEs
Advance Side Cart, Ajax Cart & Floating Cart for WooCommerce

Advance Side Cart, Ajax Cart & Floating Cart for WooCommerce

th-all-in-one-woo-cart

A
100

Enhance your Cart for WooCommerce with a modern side cart and floating cart. Improve shopping experience with a fast, Ajax-powered shopping cart.

7K 1 CVE
Developer Profile

Floating Buttons for WooCommerce Developer Profile

QuantumCloud

29 plugins · 26K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect Floating Buttons for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Floating Buttons for WooCommerce