Skysa Scroll-to-Top App Security & Risk Analysis
wordpress.org/plugins/skysa-scroll-to-top-appAnimated scroll-to-top, button floats unobtrusively at the bottom of your site. A great convenience feature for your visitors.
Is Skysa Scroll-to-Top App Safe to Use in 2026?
Generally Safe
Score 85/100Skysa Scroll-to-Top App has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The skysa-scroll-to-top-app v1.4 plugin exhibits a concerning security posture primarily due to its unprotected entry points and lack of robust input sanitization and output escaping. The static analysis reveals two AJAX handlers with no authentication checks, creating a significant attack surface for unauthorized actions. Furthermore, all SQL queries are executed without prepared statements, increasing the risk of SQL injection vulnerabilities. The taint analysis highlights four flows with unsanitized paths, indicating potential for various injection attacks, although these did not reach critical or high severity in the provided analysis.
The plugin's vulnerability history is clean, with no recorded CVEs. While this is a positive sign, it does not negate the inherent risks identified in the code analysis. The absence of vulnerabilities could be due to a lack of rigorous security auditing of the plugin or the fact that discovered flaws were minor and not publicly disclosed. The overall security of this plugin is weakened by the presence of direct, unauthenticated access points and the insecure handling of data, despite its clean historical record.
Key Concerns
- AJAX handlers without auth checks
- SQL queries without prepared statements
- Taint flows with unsanitized paths
- Low percentage of properly escaped output
- No nonce checks on AJAX handlers
- No capability checks on AJAX handlers
Skysa Scroll-to-Top App Security Vulnerabilities
Skysa Scroll-to-Top App Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Skysa Scroll-to-Top App Attack Surface
AJAX Handlers 2
WordPress Hooks 3
Maintenance & Trust
Skysa Scroll-to-Top App Maintenance & Trust
Maintenance Signals
Community Trust
Skysa Scroll-to-Top App Alternatives
WPFront Scroll Top
wpfront-scroll-top
Adds a lightweight and smooth "Scroll to Top" button to your WordPress site, improving navigation and user experience with customizable options.
Scroll Back To Top Button
scrollup-master
This is just a very simple plugin to have a scroll back to top button throughout your whole blog/site.
Click to top
click-to-top
A wordpress plugin to create a customisable Click To Top feature.
X-Scroll To Top – Responsive
x-scroll-to-top-responsive
X-Scroll To Top adds a customizable scroll-up button to your site. Personalize it to seamlessly match your design and enhance functionality.
scrollToTop
scrolltotop
Create your own back to top button or full-height bar and simple customize it as you want.
Skysa Scroll-to-Top App Developer Profile
8 plugins · 80 total installs
How We Detect Skysa Scroll-to-Top App
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/skysa-scroll-to-top-app/icons/up-icon-wp.png/wp-content/plugins/skysa-scroll-to-top-app/skysa-required/css/skysa-required.css/wp-content/plugins/skysa-scroll-to-top-app/skysa-required/js/skysa-required.jsskysa-scroll-to-top-app/style.css?ver=skysa-scroll-to-top-app/skysa-required/js/skysa-required.js?ver=HTML / DOM Fingerprints
bar-buttonSKYUI-menuoffThis app was made using the:
Skysa App SDK
http://wordpress.org/extend/plugins/skysa-app-sdk/
*************************************************************Skysa App SDK version 2.0
Download the latest version here:
http://wordpress.org/extend/plugins/skysa-app-sdk/
*************************************************************
* Direct modification of this file for a production plugin
* is not recommended, due to incompatibilites it could
* cause for other plugins using this SDK.
* Instead it is remmended that you contact and submit your
* proposed changes to Skysa's staff at staff@skysa.com.
* Your proposed changes can then be reviewed for inclusion
* in the next version of the SDK, which will be made
* available to you and publically available for use in
* creation of new plugins and to update old ones.
*
* When these core files are included with plugins made
* using this SDK, the loader file will choose the most
* recent version of the core files to use. So it is very
* important that any changes made are updated in a version
* change in the core SDK. This will ensure that your plugn,
* as well as other plugins, will not be broken by the
* installation of any others on the same site.
*
* Thank you for taking this into consideration, and feel
* free to contact staff@sksya.com with any questions. You
* may also contact Skysa here:
* http://www.skysa.com/page/contact
*
* Please include these comments with any redistribution.
*************************************************************This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.+1 moreapptitleid="$button_id"class="bar-button SKYUI-menuoff"name="bar_label"id="field-bar_label"size="30|1"+6 morewindow.Swindow.YUI2var Svar YUI2