Does WPFront Scroll Top have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WPFront Scroll Top compatible with WordPress 6.9.4?

According to WordPress.org data, WPFront Scroll Top 3.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPFront Scroll Top compatible with PHP 7.2+?

WPFront Scroll Top requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPFront Scroll Top updated?

WPFront Scroll Top was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is WPFront Scroll Top's security score?

WPFront Scroll Top has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPFront Scroll Top Security & Risk Analysis

wordpress.org/plugins/wpfront-scroll-top

Adds a lightweight and smooth "Scroll to Top" button to your WordPress site, improving navigation and user experience with customizable options.

200K active installs v3.0.1 PHP 7.2+ WP 5.3+ Updated Dec 2, 2025

back-to-topscroll-to-topscroll-topscroll-upsmooth-scroll

A · Safe

CVEs total1

Unpatched0

Last CVEJul 26, 2021

Plugin page Download

Safety Verdict

Is WPFront Scroll Top Safe to Use in 2026?

Generally Safe

Score 100/100

WPFront Scroll Top has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jul 26, 2021Updated 5mo ago

Risk Assessment

The wpfront-scroll-top plugin v3.0.1 exhibits a generally good security posture with a small attack surface and a high percentage of properly escaped outputs. The presence of nonce and capability checks on its single AJAX handler suggests an effort to secure entry points. File operations and external HTTP requests are not a concern in this version. However, the presence of a single SQL query that is not using prepared statements is a minor concern, as it could potentially be vulnerable to SQL injection if the input is not meticulously sanitized before being passed to the query. The vulnerability history reveals one medium severity Cross-Site Scripting (XSS) vulnerability, which was patched as of July 2021. While the current version shows no critical or high severity issues and no unpatched CVEs, the past XSS vulnerability, coupled with the un-prepared SQL statement, indicates a need for continued vigilance in code review and testing to prevent future similar issues. Overall, the plugin appears reasonably secure for its current version, but the minor SQL concern and historical vulnerability warrant attention.

Key Concerns

Raw SQL without prepared statements

Vulnerabilities

1 published

WPFront Scroll Top Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-24564medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPFront Scroll Top <= 2.0.5 - Authenticated Stored Cross-Site Scripting

Jul 26, 2021 Patched in 2.0.6 (911d)

Version History

WPFront Scroll Top Release Timeline

v3.0.1Current5 files changed

v3.0.0144 files changed

v2.25 files changed

v2.1.13 files changed

v2.170 files changed

v2.0.76 files changed

v2.0.65 files changed

v2.0.51 CVE5 files changed

CVE-2021-24564

v2.0.41 CVE3 files changed

CVE-2021-24564

v2.0.31 CVE88 files changed

CVE-2021-24564

v2.0.21 CVE3 files changed

CVE-2021-24564

v2.0.11 CVE17 files changed

CVE-2021-24564

v1.6.21 CVE15 files changed

CVE-2021-24564

v1.6.11 CVE3 files changed

CVE-2021-24564

v1.61 CVE34 files changed

CVE-2021-24564

v1.51 CVE34 files changed

CVE-2021-24564

v1.4.51 CVE6 files changed

CVE-2021-24564

v1.4.41 CVE4 files changed

CVE-2021-24564

v1.4.31 CVE16 files changed

CVE-2021-24564

v1.4.21 CVE

CVE-2021-24564

Code Analysis

Analyzed Mar 16, 2026

WPFront Scroll Top Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

97% escaped38 total outputs

Attack Surface

WPFront Scroll Top Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wpfront_scroll_top_submit_dataincludes\settings\class-settings-view-model.php:101

WordPress Hooks 8

actionwp_enqueue_scriptsincludes\front\class-front-view-model.php:80

actionadmin_enqueue_scriptsincludes\front\class-front-view-model.php:81

actionadmin_initincludes\settings\class-settings-view-model.php:89

actionadmin_menuincludes\settings\class-settings-view-model.php:90

filterplugin_action_linksincludes\settings\class-settings-view-model.php:91

actionadmin_initincludes\settings\class-settings-view-model.php:110

filteradmin_footer_textincludes\settings\class-settings-view.php:60

actionplugins_loadedwpfront-scroll-top.php:42

Maintenance & Trust

WPFront Scroll Top Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version7.2

Downloads1.9M

Community Trust

Rating100/100

Number of ratings142

Active installs200K

Alternatives

WPFront Scroll Top Alternatives

Flexible Scroll Top

flexible-scroll-top

Add a slick, lightweight and customizable scroll to top button that uses SVG icon with no jQuery dependency.

100 No CVEs

MM Scroll To Top

tap-to-top

100

Tap the button and scroll to top immediately.

100 No CVEs

Scroll to top button

wp-scroll-2

100

Scroll to top button plugin is an simple and nice plugin with the standard settings.

100 No CVEs

AR Back To Top

ar-back-to-top

100

AR Back To Top is a standard WordPress plugin for back to top.

10 No CVEs

BH Scroll Top

bh-scroll-top

This plugin will add a scroll top feature in your site.

0 No CVEs

Developer Profile

WPFront Scroll Top Developer Profile

Syam Mohan

4 plugins · 280K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

458 days

View full developer profile

Detection Fingerprints

How We Detect WPFront Scroll Top

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpfront-scroll-top/includes/assets/wpfront-scroll-top.min.js/wp-content/plugins/wpfront-scroll-top/assets/wpfront-scroll-top.js

Script Paths

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Version Parameters

wpfront-scroll-top/style.css?ver=wpfront-scroll-top?ver=

HTML / DOM Fingerprints

CSS Classes

wpfront-scroll-top

HTML Comments

Data Attributes

data-scroll-durationdata-auto-hide-afterdata-auto-hidedata-button-fade-durationdata-hide-iframedata-scroll-offset+5 more

JS Globals

wpfront_scroll_top_data

FAQ

WPFront Scroll Top Security & Risk Analysis

Is WPFront Scroll Top Safe to Use in 2026?

Generally Safe

Key Concerns

WPFront Scroll Top Security Vulnerabilities

CVEs by Year

Severity Breakdown

WPFront Scroll Top Release Timeline

WPFront Scroll Top Code Analysis

SQL Query Safety

Output Escaping

WPFront Scroll Top Attack Surface

AJAX Handlers 1

WPFront Scroll Top Maintenance & Trust

Maintenance Signals

Community Trust

WPFront Scroll Top Alternatives

Flexible Scroll Top

MM Scroll To Top

Scroll to top button

AR Back To Top

BH Scroll Top

WPFront Scroll Top Developer Profile

How We Detect WPFront Scroll Top

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WPFront Scroll Top