WP-Safety

Sticky One-Many Security & Risk Analysis

wordpress.org/plugins/sticky-one-many

Sticky One to Many Elements in Your Website

10 active installs v1.0 PHP + WP 3.8+ Updated Jan 10, 2019
sticky-divsticky-elementssticky-manysticky-navswordpress-sticky
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sticky One-Many Safe to Use in 2026?

Generally Safe

Score 85/100

Sticky One-Many has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The sticky-one-many plugin version 1.0 exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. With two AJAX handlers identified and neither possessing authentication checks, there's a significant risk of unauthorized access and potential exploitation of any functionality exposed through these handlers. The presence of `unserialize` without explicit input validation or context also poses a critical risk, as it can lead to remote code execution if an attacker can control the serialized data being processed. While the plugin demonstrates good practices in its SQL querying, using prepared statements exclusively, and has no recorded vulnerability history, these strengths are overshadowed by the immediate threats posed by the exposed AJAX endpoints and the `unserialize` function. The lack of any taint analysis findings is positive, but this may be attributed to the limited scope or nature of the analyzed code rather than a guarantee of its safety. Overall, the plugin has a high risk profile due to directly exploitable entry points and a dangerous function, despite its clean vulnerability history and database query practices.

Key Concerns

  • Unprotected AJAX endpoints
  • Dangerous function: unserialize without auth checks
  • Missing nonce checks on AJAX handlers
  • Missing capability checks on AJAX handlers
Vulnerabilities
None known

Sticky One-Many Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Sticky One-Many Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
91
111 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize( $string );library\csf\functions\helpers.php:85

Output Escaping

55% escaped202 total outputs
Attack Surface
2 unprotected

Sticky One-Many Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_cs-get-iconslibrary\csf\functions\actions.php:44
authwp_ajax_cs-export-optionslibrary\csf\functions\actions.php:68
WordPress Hooks 18
actionadmin_footerlibrary\csf\functions\actions.php:88
actioncustomize_controls_print_footer_scriptslibrary\csf\functions\actions.php:89
actionadmin_enqueue_scriptslibrary\csf\functions\enqueue.php:43
filtercs_sanitize_textlibrary\csf\functions\sanitize.php:14
filtercs_sanitize_textarealibrary\csf\functions\sanitize.php:32
filtercs_sanitize_checkboxlibrary\csf\functions\sanitize.php:58
filtercs_sanitize_switcherlibrary\csf\functions\sanitize.php:59
filtercs_sanitize_image_selectlibrary\csf\functions\sanitize.php:88
filtercs_sanitize_grouplibrary\csf\functions\sanitize.php:104
filtercs_sanitize_titlelibrary\csf\functions\sanitize.php:119
filtercs_sanitize_cleanlibrary\csf\functions\sanitize.php:134
filtercs_validate_emaillibrary\csf\functions\validate.php:18
filtercs_validate_numericlibrary\csf\functions\validate.php:37
filtercs_validate_requiredlibrary\csf\functions\validate.php:54
actioninitlibrary\csf\stm-framework.php:61
actioninitplugin.php:24
actioninitplugin.php:32
actionwp_footerstickmany-loop.php:34
Maintenance & Trust

Sticky One-Many Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedJan 10, 2019
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Sticky One-Many Alternatives

Simple Sticky Footer

Simple Sticky Footer

simple-sticky-footer

C
59

Simple Sticky Footer is a lightweight plugin, it allows to promote/advertise a WP Page (rich-text document) as a sticky footer (always on top div).

700 1 unpatched
BuildWithGuru Sticky Header & Footer Builder for Elementor

BuildWithGuru Sticky Header & Footer Builder for Elementor

buildwithguru

A
100

Create custom headers and footers with Elementor and apply optional sticky behavior on scroll. Lightweight and compatible with most WordPress themes.

40 No CVEs
Sticky Video for Youtube

Sticky Video for Youtube

yt-sticky-video

A
85

Gutenberg block to adjust sticky video on frontend side.

10 No CVEs
Developer Profile

Sticky One-Many Developer Profile

Nayeem Hyder

3 plugins · 30 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sticky One-Many

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sticky-one-many/assets/js/jquery.jsticky.js/wp-content/plugins/sticky-one-many/assets/css/style.css
Script Paths
/wp-content/plugins/sticky-one-many/assets/js/jquery.jsticky.js
Version Parameters
sticky-one-many/assets/js/jquery.jsticky.js?ver=sticky-one-many/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
cs-shortcode-textarea
JS Globals
window.jQuery
Shortcode Output
<script type="text/javascript"> jQuery(function(){ jQuery('').sticky({ topSpacing:, zIndex:, stopper: "
FAQ

Frequently Asked Questions about Sticky One-Many