Sticky Bottom Cart Bar Security & Risk Analysis

wordpress.org/plugins/sticky-bottom-cart-bar

Adds a sticky Add to Cart and Buy Now button at the bottom of WooCommerce product pages with a customizable interface.

0 active installs v1.2.0 PHP 7.2+ WP 5.0+ Updated May 21, 2025
add-to-cartbuy-nowfloating-buttonsticky-barwoocommerce-plugin
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Sticky Bottom Cart Bar Safe to Use in 2026?

Generally Safe

Score 92/100

Sticky Bottom Cart Bar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The sticky-bottom-cart-bar plugin, version 1.2.0, exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities, including CVEs, and the clean taint analysis results are positive indicators. Furthermore, the plugin demonstrates good coding practices by not using dangerous functions, performing all SQL queries using prepared statements, and avoiding file operations and external HTTP requests. This suggests a low risk of common web vulnerabilities originating from these areas.

However, there are a few areas that warrant attention. The plugin has a concerningly low percentage of properly escaped output (40%), indicating a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled with care before being displayed. Additionally, the complete lack of nonce checks and capability checks on its entry points (though there are none currently) raises a flag. While the attack surface is currently zero, if any new entry points are introduced in future versions without appropriate authentication and authorization checks, this could create significant security risks. The absence of any vulnerability history is a strength, but the lack of defensive checks on potential entry points means that if vulnerabilities were introduced, they might go unnoticed until exploited.

In conclusion, the plugin is currently in a good state, with no known vulnerabilities or serious coding flaws. Its strengths lie in its disciplined handling of SQL and its avoidance of risky external operations. The primary weakness is the insufficient output escaping, which could lead to XSS if new input vectors are added. The lack of security checks on entry points is a latent risk that should be addressed proactively if the plugin's functionality expands.

Key Concerns

  • Insufficient output escaping (40% proper)
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

Sticky Bottom Cart Bar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sticky Bottom Cart Bar Release Timeline

v1.2.0Current
v1.1.1
Code Analysis
Analyzed Mar 17, 2026

Sticky Bottom Cart Bar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped5 total outputs
Attack Surface

Sticky Bottom Cart Bar Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionplugins_loadedsticky-bottom-cart-bar.php:20
actionwp_enqueue_scriptssticky-bottom-cart-bar.php:30
actionwoocommerce_after_add_to_cart_formsticky-bottom-cart-bar.php:57
Maintenance & Trust

Sticky Bottom Cart Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 21, 2025
PHP min version7.2
Downloads397

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Sticky Bottom Cart Bar Developer Profile

Md. Al-Amin

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sticky Bottom Cart Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sticky-bottom-cart-bar/assets/css/style.css/wp-content/plugins/sticky-bottom-cart-bar/assets/js/script.js
Script Paths
/wp-content/plugins/sticky-bottom-cart-bar/assets/js/script.js
Version Parameters
sticky-bottom-cart-bar/assets/css/style.css?ver=sticky-bottom-cart-bar/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sbcb-sticky-barsbcb-price-wrappersbcb-price-labelsbcb-price-containersbcb-buttonssbcb-add-to-cartsbcb-labelsbcb-loader+1 more
JS Globals
sbcb_params
FAQ

Frequently Asked Questions about Sticky Bottom Cart Bar