Does SticklyUI have any unpatched vulnerabilities?

No. All known vulnerabilities in SticklyUI have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SticklyUI compatible with WordPress 6.9.4?

According to WordPress.org data, SticklyUI 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SticklyUI compatible with PHP 7.0+?

SticklyUI requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SticklyUI updated?

SticklyUI was last updated on Jan 14, 2026. Frequent updates are generally a positive security signal.

What is SticklyUI's security score?

SticklyUI has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SticklyUI Security & Risk Analysis

wordpress.org/plugins/sticklyui

Create customizable floating service buttons, a sticky header, and a dedicated contact button with a popup form for your WordPress site.

0 active installs v1.0.0 PHP 7.0+ WP 5.0+ Updated Jan 14, 2026

contact-buttonfloating-buttonssocial-mediasticky-headersticky-menu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SticklyUI Safe to Use in 2026?

Generally Safe

Score 100/100

SticklyUI has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "sticklyui" v1.0.0 plugin presents a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices by extensively using prepared statements for SQL queries and properly escaping nearly all output. It also correctly implements nonce checks on a significant portion of its AJAX handlers and has a clean vulnerability history with no recorded CVEs. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security profile.

However, a significant concern arises from the plugin's attack surface. All 9 identified AJAX handlers lack proper authentication checks, creating a substantial risk for unauthorized actions. While taint analysis shows no critical or high severity flows, the unprotected AJAX endpoints mean that any attacker could potentially trigger these handlers without prior verification of user privileges or intent. This lack of authorization on entry points is the most critical weakness identified.

Given the lack of known vulnerabilities and good coding practices in other areas, the plugin's overall security is decent but hampered by the critical oversight in its AJAX handler authorization. Addressing the unprotected AJAX handlers should be the immediate priority to mitigate the most significant risk.

Key Concerns

AJAX handlers without auth checks
Large attack surface without authentication

Vulnerabilities

None known

SticklyUI Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SticklyUI Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

67 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

99% escaped68 total outputs

Attack Surface

9 unprotected

SticklyUI Attack Surface

Entry Points9

Unprotected9

AJAX Handlers 9

authwp_ajax_sticklyui_get_buttonsincludes\class-sticklyui.php:76

authwp_ajax_sticklyui_save_buttonincludes\class-sticklyui.php:77

authwp_ajax_sticklyui_delete_buttonincludes\class-sticklyui.php:78

authwp_ajax_sticklyui_toggle_statusincludes\class-sticklyui.php:79

authwp_ajax_sticklyui_update_orderincludes\class-sticklyui.php:80

authwp_ajax_sticklyui_save_header_settingsincludes\class-sticklyui.php:81

authwp_ajax_sticklyui_get_header_settingsincludes\class-sticklyui.php:82

authwp_ajax_sticklyui_save_contact_settingsincludes\class-sticklyui.php:83

authwp_ajax_sticklyui_get_contact_settingsincludes\class-sticklyui.php:84

WordPress Hooks 7

actionplugins_loadedincludes\class-sticklyui.php:62

actionadmin_enqueue_scriptsincludes\class-sticklyui.php:71

actionadmin_enqueue_scriptsincludes\class-sticklyui.php:72

actionadmin_menuincludes\class-sticklyui.php:73

actionwp_enqueue_scriptsincludes\class-sticklyui.php:93

actionwp_enqueue_scriptsincludes\class-sticklyui.php:94

actionwp_footerincludes\class-sticklyui.php:95

Maintenance & Trust

SticklyUI Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 14, 2026

PHP min version7.0

Downloads102

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

SticklyUI Alternatives

My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)

mystickymenu

Create a welcome notification bar for your website. Also, My Sticky Bar plugin can make your menu or header sticky to the top when scrolled 📌

100K 6 CVEs

Sticky Menu & Sticky Header

sticky-menu-or-anything-on-scroll

100

Sticky Menu or Sticky Header sticks elements at the top of the screen when you scroll, or create a floating sticky menu or fixed widget.

100K 1 CVE

All-in-One Sticky Anything – Fixed Widget, Sticky Header, Menu, Sidebar, Social Icons & Cookie Consent

all-in-one-wp-sticky-anything

100

All-in-One Sticky Anything easily creates fixed widgets, sticky elements, sticky header, menu, sidebar, social icons & cookie consent on your website.

1K No CVEs

Fixed And Sticky Header

fixed-and-sticky-header

This plugin will made your header or menu fixed and sticky.

1K No CVEs

Sticky Header by ThematoSoup

sticky-header

Sticky Header by ThematoSoup allows you to add sticky header to any WordPress theme.

1K No CVEs

Developer Profile

SticklyUI Developer Profile

arunkunwar

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SticklyUI

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sticklyui/admin/css/sticklyui-admin.css/wp-content/plugins/sticklyui/public/css/sticklyui-public.css/wp-content/plugins/sticklyui/public/js/sticklyui-public.js

Script Paths

/wp-content/plugins/sticklyui/admin/js/sticklyui-admin.js

Version Parameters

sticklyui-admin?ver=sticklyui-public?ver=sticklyui-public?ver=

HTML / DOM Fingerprints

CSS Classes

sticklyui-buttonsticklyui-button-wrapper

HTML Comments

Data Attributes

data-sticklyui-tooltipdata-sticklyui-position

JS Globals

sticklyuiAdmin

FAQ

SticklyUI Security & Risk Analysis

Is SticklyUI Safe to Use in 2026?

Generally Safe

Key Concerns

SticklyUI Security Vulnerabilities

SticklyUI Code Analysis

SQL Query Safety

Output Escaping

SticklyUI Attack Surface

AJAX Handlers 9

SticklyUI Maintenance & Trust

Maintenance Signals

Community Trust

SticklyUI Alternatives

My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)

Sticky Menu & Sticky Header

All-in-One Sticky Anything – Fixed Widget, Sticky Header, Menu, Sidebar, Social Icons & Cookie Consent

Fixed And Sticky Header

Sticky Header by ThematoSoup

SticklyUI Developer Profile

How We Detect SticklyUI

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about SticklyUI