Does ATP Call Now have any unpatched vulnerabilities?

Yes — ATP Call Now currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is ATP Call Now compatible with WordPress 5.3.21?

According to WordPress.org data, ATP Call Now 1.0.3 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is ATP Call Now updated?

ATP Call Now was last updated on Mar 11, 2020. Frequent updates are generally a positive security signal.

What is ATP Call Now's security score?

ATP Call Now has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ATP Call Now Security & Risk Analysis

wordpress.org/plugins/atp-call-now

Show button Call Now on your website (support desktop and mobile).

800 active installs v1.0.3 PHP + WP 4.6+ Updated Mar 11, 2020

callcontactcustomershotlinesell

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is ATP Call Now Safe to Use in 2026?

Use With Caution

Score 63/100

ATP Call Now has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 6yr ago

Risk Assessment

The 'atp-call-now' plugin, version 1.0.3, presents a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. Furthermore, the plugin demonstrates good practice by using prepared statements for all its SQL queries and not performing file operations or external HTTP requests. However, a significant concern arises from the extremely low percentage of properly escaped output (3%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on any entry points, coupled with zero taint analysis flows, is concerning. While the static analysis reports no immediate critical or high-severity issues in the current code, the historical vulnerability data, including one unpatched medium-severity CVE related to XSS, strongly suggests a pattern of insecurity and a need for diligent patching. The plugin's past issues and current output escaping deficiencies create a risk of XSS attacks, despite the lack of a large, immediately exploitable attack surface in this version.

Key Concerns

Unpatched CVE found
Very low output escaping percentage
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

ATP Call Now Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-50024medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ATP Call Now <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 19, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

ATP Call Now Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

3% escaped37 total outputs

Attack Surface

ATP Call Now Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_enqueue_scriptsATP-Call-Now.php:18

actionadmin_menuATP-Call-Now.php:20

filterplugin_row_metaATP-Call-Now.php:21

actionadmin_initATP-Call-Now.php:22

actionwp_enqueue_scriptsATP-Call-Now.php:25

actionwp_footerATP-Call-Now.php:26

Maintenance & Trust

ATP Call Now Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedMar 11, 2020

PHP min version

Downloads5K

Community Trust

Rating20/100

Number of ratings1

Active installs800

Alternatives

ATP Call Now Alternatives

HT CALL ME

ht-call-now

This plugin places a Call Now button (click-to-call) to the bottom of the screen which is only visible for your mobile visitors.

30 No CVEs

Lucep Call Now Button

lucep-call-now-button

An award winning "call now" (or click to call) widget that works on all of your pages! Proven to increase sales by over 72% and it's fr …

10 No CVEs

EchBay Phonering Alo

echbay-phonering-alo

100

Add Phonering Alo button to your website. A very simple yet very effective plugin that adds a Call Now button to your website for every device (mobile …

1K No CVEs

WebRTC Softphone

webrtc-softphone

WebRTC Softphone for Sip Calling with motion animate icon at the bottom of your site.

10 No CVEs

Call Now Button – The #1 Click to Call Button for WordPress

call-now-button

The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.

200K 5 CVEs

Developer Profile

ATP Call Now Developer Profile

Truong Thanh

2 plugins · 830 total installs

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ATP Call Now

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/atp-call-now/css/style.css/wp-content/plugins/atp-call-now/js/script.js

Script Paths

/wp-content/plugins/atp-call-now/js/script.js

Version Parameters

atp-call-now/style.css?ver=atp-call-now/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

atp-call-now

Data Attributes

id="atpcn_upload_button"

JS Globals

atpcn_page_idatpcn_linkatpcn_textatpcn_left_rightatpcn_bottom_topatpcn_hide_pc+7 more

FAQ