Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Security Review

Safety Verdict

Is Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Safe to Use in 2026?

Generally Safe

Score 92/100

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "sticky-floating-notification-bar-call-to-action" plugin version 1.3.4 exhibits a generally strong security posture based on the provided static analysis. The absence of critical or high-severity taint flows, coupled with a high percentage of SQL queries using prepared statements and properly escaped output, indicates good coding practices. The presence of nonce checks and a limited, protected attack surface further contributes to its security. The plugin also has no recorded vulnerability history, suggesting a stable and secure development track record.

However, a significant concern lies in the complete absence of capability checks on its entry points, which are AJAX handlers. While these handlers do have nonce checks, this omission represents a potential weakness. If a vulnerability were to be discovered that bypassed nonce checks, an attacker could potentially execute actions without proper user authorization, impacting the integrity or availability of the site. Despite the current lack of known vulnerabilities and generally sound coding practices, this missing capability check is a point of concern that slightly reduces its overall security rating.

Key Concerns

Missing capability checks on AJAX handlers

Vulnerabilities

None known

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Code Analysis

Dangerous Functions

0

Raw SQL Queries

10

82 prepared

Unescaped Output

121

1028 escaped

Nonce Checks

29

Capability Checks

0

File Operations

0

External Requests

0

Bundled Libraries

1

Bundled Libraries

Select2

SQL Query Safety

89% prepared92 total queries

Output Escaping

89% escaped1149 total outputs

Data Flows

All sanitized

Data Flow Analysis

18 flows

sticky_cta_banners_start_banner (includes\endpoints\endpoint-banners.php:11)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_sticky_cta_ajax_requestincludes\ajax\tracking-banner.php:46

noprivwp_ajax_sticky_cta_ajax_requestincludes\ajax\tracking-banner.php:47

WordPress Hooks 27

actionadmin_initincludes\endpoints\endpoint-banners.php:29

actionadmin_initincludes\endpoints\endpoint-banners.php:54

actionadmin_initincludes\endpoints\endpoint-banners.php:87

actionadmin_initincludes\endpoints\endpoint-banners.php:107

actionadmin_initincludes\endpoints\endpoint-banners.php:358

actionadmin_initincludes\endpoints\endpoint-campaigns.php:40

actionadmin_initincludes\endpoints\endpoint-campaigns.php:76

actionadmin_initincludes\endpoints\endpoint-campaigns.php:96

actionadmin_initincludes\endpoints\endpoint-campaigns.php:193

actionadmin_initincludes\endpoints\endpoint-campaigns.php:242

actionadmin_initincludes\endpoints\endpoint-statistics.php:62

actionadmin_initincludes\endpoints\endpoint-statistics.php:101

actionadmin_initincludes\endpoints\endpoint-statistics.php:152

actionadmin_initincludes\endpoints\endpoint-statistics.php:188

actionadmin_initincludes\endpoints\endpoint-statistics.php:208

actionadmin_initincludes\endpoints\endpoint-statistics.php:256

actioninitincludes\functions.php:16

filterplugin_action_linksincludes\functions.php:245

actionadmin_menuincludes\system\admin-menu.php:79

actionadmin_menuincludes\system\admin-menu.php:90

actionwp_footerincludes\system\display-banner.php:213

actionadd_meta_boxesincludes\system\display-table-statistics.php:127

actionadmin_enqueue_scriptsincludes\system\enqueue-scripts.php:34

actionwp_enqueue_scriptsincludes\system\enqueue-scripts.php:660

actionplugins_loadedsticky-floating-notification-bar-call-to-action.php:47

actionadmin_noticessticky-floating-notification-bar-call-to-action.php:59

actionadmin_noticessticky-floating-notification-bar-call-to-action.php:71

Maintenance & Trust

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 19, 2024

PHP min version7.4

Downloads1K

Community Trust

Rating94/100

Number of ratings12

Active installs90

Alternatives

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Alternatives

Astro Sticky Buttons

astro-sticky-buttons

A

100

Add sticky buttons for easy contact and social sharing on your site. Supports email, phone, WhatsApp, Skype, Facebook, Instagram, and more.

10 No CVEs

Sticky Buttons – Floating Buttons Builder

sticky-buttons

A

98

Increase user engagement by incorporating sticky buttons that highlight relevant information on your website.

10K 3 CVEs

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales

easy-sticky-sidebar

B

72

WordPress Call To Action plugin to promote content, increase sales and leads. Easy to use and includes 3 professional, flexible templates.

2K 1 unpatched

Bubble Menu – Floating Button Menu with Sticky Navigation

bubble-menu

A

98

Create interactive floating bubble menus to enhance site navigation and boost user engagement effortlessly.

1K 3 CVEs

Easy Sticky Buttons

easy-sticky-buttons

A

85

With the Easy Sticky Buttons plugin, you can add 1 to 4 sticky buttons at the bottom of your site's mobile view.

700 No CVEs

Developer Profile

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Developer Profile

Sticky CTA

1 plugin · 90 total installs

88

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/css/style.css/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/lib/select2/select2.min.js/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/css/lib/select2/select2.css/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/script.js/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/lib/alpinejs/alpinejs.min.js/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/lib/pickr/pickr.min.js/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/css/lib/pickr/nano.css/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/css/lib/trix/trix.css+3 more

Script Paths

/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/script.js/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/front.js/wp-content/plugins/sticky-floating-notification-bar-call-to-action/assets/dist/js/tracking.js

Version Parameters

sticky-floating-notification-bar-call-to-action/style.css?ver=sticky-cta-style?ver=1.1sticky-cta-select2-js?ver=4.0.13sticky-cta-select2-css?ver=4.0.13sticky-cta-script?ver=1.1sticky-cta-alpine-js?ver=3.14.1sticky-cta-pickr?ver=1.9.1sticky-cta-pickr-theme-nano?ver=1.9.1sticky-cta-trix-editor-css?ver=2.0.8sticky-cta-trix-editor-js?ver=2.0.8sticky-cta-front-js?ver=1.0sticky-cta-alpine-js?ver=3.14.1tracking-data?ver=1.1

HTML / DOM Fingerprints

CSS Classes

sticky-cta-banner

Data Attributes

data-sticky-cta-id

JS Globals

sticky_cta_dataajax_object

FAQ

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Security & Risk Analysis

Is Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Safe to Use in 2026?

Generally Safe

Key Concerns

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Security Vulnerabilities

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Attack Surface

AJAX Handlers 2

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Maintenance & Trust

Maintenance Signals

Community Trust

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Alternatives

Astro Sticky Buttons

Sticky Buttons – Floating Buttons Builder

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales

Bubble Menu – Floating Button Menu with Sticky Navigation

Easy Sticky Buttons

Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing Developer Profile

How We Detect Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Sticky CTA – Sticky Floating Notification bar, Buttons, Call To Action A/B Testing