[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7X6kZokncBmNyYKkgFO6V48cU73G5LyvyMaedAzH4w8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":14,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":53,"analysis":151,"fingerprints":272},"atp-call-now","ATP Call Now","1.0.3","Truong Thanh","https:\u002F\u002Fprofiles.wordpress.org\u002Ftruongthanh6365\u002F","\u003Ch3>Custom easy plugin call with ATP Call Now\u003C\u002Fh3>\n\u003Cp>An easy way to edit the call button’s color main and icon, text’s color and background. Setup position left, right, top, bottom. Edit size Call button, change icon for Call button.\u003C\u002Fp>\n\u003Ch3>Optimized for mobile\u003C\u002Fh3>\n\u003Cp>Optimized for responsive websites.\u003C\u002Fp>\n","Show button Call Now on your website (support desktop and mobile).",800,5455,20,1,"2020-03-11T03:19:00.000Z","5.3.21","4.6","",[20,21,22,23,24],"call","contact","customers","hotline","sell","https:\u002F\u002Fatpsoftware.vn\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatp-call-now.zip",63,"2025-06-19 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-50024","atp-call-now-authenticated-administrator-stored-cross-site-scripting","ATP Call Now \u003C= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The ATP Call Now plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-25 16:56:42",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3ad7ac46-e7d2-4d0c-ae20-fe9ddabf41b7?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"truongthanh6365",2,830,74,30,76,"2026-04-05T03:18:25.613Z",[54,74,90,108,126],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":50,"downloaded":62,"rating":63,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":71,"download_link":72,"security_score":73,"vuln_count":63,"unpatched_count":63,"last_vuln_date":36,"fetched_at":29},"ht-call-now","HT CALL ME","1.0.1","htweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fhtweb\u002F","\u003Cp>This plugin places a Call Now button (click-to-call) to the bottom of the screen which is only visible for your mobile visitors. Because your mobile visitors are already holding their phone it will allow them to call you with one simple touch of the button.\u003C\u002Fp>\n","This plugin places a Call Now button (click-to-call) to the bottom of the screen which is only visible for your mobile visitors.",1859,0,"2020-05-19T03:27:00.000Z","5.2.24","1.0.2","5.2",[20,21,22,69,70],"sale","ssell","https:\u002F\u002Fhtweb.vn\u002Fplugin\u002Fht-call-now.zip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fht-call-now.zip",85,{"slug":75,"name":76,"version":6,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":63,"num_ratings":63,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":88,"download_link":89,"security_score":73,"vuln_count":63,"unpatched_count":63,"last_vuln_date":36,"fetched_at":29},"lucep-call-now-button","Lucep Call Now Button","lucep","https:\u002F\u002Fprofiles.wordpress.org\u002Flucep\u002F","\u003Cp>Research shows that engaging with prospects in under 5 minutes of requesting a call back, results in 21x higher conversion rates. Lucep’s power packed duo of click-to-call widget and mobile app empowers you to do just this, with time and detailed analytics on your side.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFV08pvInFc4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>What does the plugin do?\u003C\u002Fh3>\n\u003Cp>This plugin places a call now widget (click to call) at the bottom of the sceen for all of your visitors. When they click on it, they will be prompted for their name and number, and upon submission, this will be sent to your entire sales team using the Lucep mobile app.\u003C\u002Fp>\n\u003Cp>The plugin uses advanced analytics that lets you monitor visitor flow, usage patterns, and understand what your prospect finds most interesting on your site.\u003C\u002Fp>\n\u003Ch3>Incredibly easy to start!\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Flucep.com\u002Fsignup\u002F?utm_medium=wordpress&utm_campaign=lucep-plugin&utm_source=wordpress-plugin-description\" rel=\"nofollow ugc\">Get your free Lucep account\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Install this plugin, and activate it\u003C\u002Fli>\n\u003Cli>Install the mobile app\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>What makes Lucep the number one choice for businesses?\u003C\u002Fh3>\n\u003Cp>Besides the 42% increase in visitor to lead conversion, Lucep does not have any per minute, or per lead charges. We also offer a pro service for businesses that provides support for integration with CRMs such as SalesForce, Hubspot, Pipedrive and others, along with many other power-packed business features!\u003C\u002Fp>\n","An award winning \"call now\" (or click to call) widget that works on all of your pages! Proven to increase sales by over 72% and it's fr &hellip;",10,1564,"2017-08-04T09:02:00.000Z","4.8.28","3.3",[20,21,22,87,24],"sales","https:\u002F\u002Flucep.com\u002Fsignup\u002F?utm_medium=wordpress&utm_campaign=lucep-plugin&utm_source=wordpress-plugin-uri","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flucep-call-now-button.1.0.3.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":14,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":106,"download_link":107,"security_score":100,"vuln_count":63,"unpatched_count":63,"last_vuln_date":36,"fetched_at":29},"echbay-phonering-alo","EchBay Phonering Alo","1.3.1","Dao Quoc Dai","https:\u002F\u002Fprofiles.wordpress.org\u002Fitvn9online\u002F","\u003Cp>Add Phonering Alo button to your website. A very simple yet very effective plugin that adds a Call Now button to your website for every device (mobile, table and desktop).\u003C\u002Fp>\n","Add Phonering Alo button to your website. A very simple yet very effective plugin that adds a Call Now button to your website for every device (mobile &hellip;",1000,26219,100,"2025-11-28T02:59:00.000Z","6.9.4","4.8",[20,21,22,105,87],"phonering","https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwordpresseb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechbay-phonering-alo.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":81,"downloaded":116,"rating":63,"num_ratings":63,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":124,"download_link":125,"security_score":73,"vuln_count":63,"unpatched_count":63,"last_vuln_date":36,"fetched_at":29},"webrtc-softphone","WebRTC Softphone","0.1.1","nabeelee","https:\u002F\u002Fprofiles.wordpress.org\u002Fnabeelee\u002F","\u003Ch3>What does the plugin do?\u003C\u002Fh3>\n\u003Cp>This plugin places a WebRTC Softphone showing after clicking Phone Icon to the bottom right corner of the screen or incoming call.\u003C\u002Fp>\n\u003Ch3>Could not be easier!\u003C\u002Fh3>\n\u003Cp>The settings are very easy: enable and enter your sip information. That’s it!\u003C\u002Fp>\n\u003Cp>But if you want more control, you can always open up the Advanced Settings and change the default behavior.\u003C\u002Fp>\n","WebRTC Softphone for Sip Calling  with motion  animate icon at the bottom of your site.",1653,"2017-11-15T16:42:00.000Z","4.9.29","2.7","5.6",[122,20,123,21,22],"button","call-now","http:\u002F\u002Fechobyte.net\u002Fwebrtc-softphone-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebrtc-softphone.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":102,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":146,"download_link":147,"security_score":148,"vuln_count":149,"unpatched_count":63,"last_vuln_date":150,"fetched_at":29},"call-now-button","Call Now Button – The #1 Click to Call Button for WordPress","2.0.0","Jerry Rietveld","https:\u002F\u002Fprofiles.wordpress.org\u002Fjgrietveld\u002F","\u003Ch3>What does the plugin do?\u003C\u002Fh3>\n\u003Cp>This plugin places a Call Now Button (click-to-call button) to the bottom of the screen. Because your mobile visitors already have a phone in their hands this plugin will allow them to call you with one simple touch of the button.\u003Cbr \u002F>\nNo more navigating to the contact page and no more complicated copy\u002Fpasting or memorizing the phone number!\u003C\u002Fp>\n\u003Ch4>More actions\u003C\u002Fh4>\n\u003Cp>Connect to our \u003Cstrong>cloud service\u003C\u002Fstrong> to enable more action buttons such as \u003Cstrong>WhatsApp\u003C\u002Fstrong>, \u003Cstrong>Signal\u003C\u002Fstrong>, \u003Cstrong>Telegram\u003C\u002Fstrong>, \u003Cstrong>Messenger\u003C\u002Fstrong>, \u003Cstrong>SMS\u002FText\u003C\u002Fstrong>, \u003Cstrong>Email\u003C\u002Fstrong>, \u003Cstrong>Directions\u003C\u002Fstrong>, \u003Cstrong>Viber\u003C\u002Fstrong>, \u003Cstrong>Zalo\u003C\u002Fstrong>, \u003Cstrong>WeChat\u003C\u002Fstrong>, \u003Cstrong>Line\u003C\u002Fstrong> and more. Find a more complete overview below in the \u003Cem>Account\u003C\u002Fem> section.\u003C\u002Fp>\n\u003Ch3>Could not be easier!\u003C\u002Fh3>\n\u003Cp>The settings are very easy: enable and enter your phone number. That’s it!\u003C\u002Fp>\n\u003Cp>The label allows you to add some text to your button. Leaving the label empty will show a nice circular phone button to your visitors (take a look at the screenshots).\u003C\u002Fp>\n\u003Ch4>Presentation controls\u003C\u002Fh4>\n\u003Cp>Under the \u003Cstrong>Presentation tab\u003C\u002Fstrong> you can change the colors of the button, move it to a different screen position and limit the pages on which the button should be visible.\u003C\u002Fp>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>In the \u003Cstrong>Settings menu\u003C\u002Fstrong> you’ll find a bunch of features such as click tracking in Google Analytics, fire a conversion tag so a call is registered as a conversion in Google Ads, adjust the size of the button or move the button further backwards in case you want something else to sit on top of it (e.g. your privacy notice). Here you can also enable the connection to our \u003Cem>Cloud service\u003C\u002Fem>.\u003C\u002Fp>\n\u003Ch3>Connecting to NowButtons.com\u003C\u002Fh3>\n\u003Cp>Connect the plugin to our cloud service NowButtons.com to unlock more features. Here’s an overview:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>⚡ More actions: SMS\u002FText, Email, Maps, URLs, Scroll to point\u003C\u002Fli>\n\u003Cli>🤗 Social actions: WhatsApp, Messenger, Telegram, Signal, Zalo, Viber, Line, WeChat\u003C\u002Fli>\n\u003Cli>🆕 Create 5 different buttons (instead of 1)\u003C\u002Fli>\n\u003Cli>🎯 Create smarter rules to decide where buttons should appear\u003C\u002Fli>\n\u003Cli>👁️️ Live preview\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>NowButtons PRO\u003C\u002Fh3>\n\u003Cp>We also offer a paid version of NowButtons which you can try 14 days for free!\u003C\u002Fp>\n\u003Cp>The PRO plan offers the following extras:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🧳 Create 100 unique buttons\u003C\u002Fli>\n\u003Cli>🤹🏽 Multiple buttons on a page\u003C\u002Fli>\n\u003Cli>🌼 Button templates\u003C\u002Fli>\n\u003Cli>💬 Live chat (beta)\u003C\u002Fli>\n\u003Cli>💬 WhatsApp chat window\u003C\u002Fli>\n\u003Cli>💬 Live Chat (beta)\u003C\u002Fli>\n\u003Cli>🗓️ Meeting Scheduler (coming soon)\u003C\u002Fli>\n\u003Cli>💬 Messenger Chat Widget\u003C\u002Fli>\n\u003Cli>🗂️ Multi action buttons\u003C\u002Fli>\n\u003Cli>🕘 Scheduler: create a weekly schedule for your buttons\u003C\u002Fli>\n\u003Cli>🎯 Advanced rules to decide where buttons should appear\u003C\u002Fli>\n\u003Cli>👋 Add extra attention grabbing animations\u003C\u002Fli>\n\u003Cli>🎨 Icon picker\u003C\u002Fli>\n\u003Cli>👽 3rd party integrations\u003C\u002Fli>\n\u003Cli>✨ Slide-in Content Windows\u003C\u002Fli>\n\u003Cli>📷 Use custom images on buttons\u003C\u002Fli>\n\u003Cli>🌍 Include and exclude countries\u003C\u002Fli>\n\u003Cli>\u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↕\u003C\u002Fspan>️ Appear after scrolling\u003C\u002Fli>\n\u003Cli>🔌 Intercom integration\u003C\u002Fli>\n\u003C\u002Ful>\n","The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.",200000,6779904,96,101,"2026-02-06T11:44:00.000Z","6.1","7.4",[142,127,143,144,145],"call-button","click-to-call","contact-button","convert","https:\u002F\u002Fcallnowbutton.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-now-button.2.0.0.zip",95,5,"2025-10-29 00:01:50",{"attackSurface":152,"codeSignals":184,"taintFlows":258,"riskAssessment":259,"analyzedAt":271},{"hooks":153,"ajaxHandlers":180,"restRoutes":181,"shortcodes":182,"cronEvents":183,"entryPointCount":63,"unprotectedCount":63},[154,160,163,168,172,176],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","admin_enqueue_scripts","ATP_CN_admin_scripts_and_styles","ATP-Call-Now.php",18,{"type":155,"name":161,"callback":162,"file":158,"line":13},"admin_menu","ATP_CN_create_menu",{"type":164,"name":165,"callback":166,"priority":81,"file":158,"line":167},"filter","plugin_row_meta","ATP_CN_add_plugin_links",21,{"type":155,"name":169,"callback":170,"file":158,"line":171},"admin_init","ATP_CN_register_settings",22,{"type":155,"name":173,"callback":174,"file":158,"line":175},"wp_enqueue_scripts","ATP_CN_scripts_and_styles",25,{"type":155,"name":177,"callback":178,"file":158,"line":179},"wp_footer","ATP_Call_Now",26,[],[],[],[],{"dangerousFunctions":185,"sqlUsage":186,"outputEscaping":188,"fileOperations":63,"externalRequests":63,"nonceChecks":63,"capabilityChecks":63,"bundledLibraries":257},[],{"prepared":63,"raw":63,"locations":187},[],{"escaped":14,"rawEcho":189,"locations":190},36,[191,194,196,197,199,200,202,204,206,208,210,212,214,215,217,219,221,223,225,226,228,230,232,234,236,237,239,241,243,245,247,249,250,251,253,255],{"file":158,"line":192,"context":193},69,"raw output",{"file":158,"line":195,"context":193},70,{"file":158,"line":49,"context":193},{"file":158,"line":198,"context":193},126,{"file":158,"line":198,"context":193},{"file":158,"line":201,"context":193},132,{"file":158,"line":203,"context":193},133,{"file":158,"line":205,"context":193},171,{"file":158,"line":207,"context":193},175,{"file":158,"line":209,"context":193},181,{"file":158,"line":211,"context":193},186,{"file":158,"line":213,"context":193},190,{"file":158,"line":213,"context":193},{"file":158,"line":216,"context":193},191,{"file":158,"line":218,"context":193},192,{"file":158,"line":220,"context":193},193,{"file":158,"line":222,"context":193},194,{"file":158,"line":224,"context":193},198,{"file":158,"line":224,"context":193},{"file":158,"line":227,"context":193},199,{"file":158,"line":229,"context":193},200,{"file":158,"line":231,"context":193},201,{"file":158,"line":233,"context":193},202,{"file":158,"line":235,"context":193},205,{"file":158,"line":235,"context":193},{"file":158,"line":238,"context":193},206,{"file":158,"line":240,"context":193},207,{"file":158,"line":242,"context":193},208,{"file":158,"line":244,"context":193},209,{"file":158,"line":246,"context":193},210,{"file":158,"line":248,"context":193},213,{"file":158,"line":248,"context":193},{"file":158,"line":248,"context":193},{"file":158,"line":252,"context":193},214,{"file":158,"line":254,"context":193},215,{"file":158,"line":256,"context":193},216,[],[],{"summary":260,"deductions":261},"The 'atp-call-now' plugin, version 1.0.3, presents a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. Furthermore, the plugin demonstrates good practice by using prepared statements for all its SQL queries and not performing file operations or external HTTP requests. However, a significant concern arises from the extremely low percentage of properly escaped output (3%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on any entry points, coupled with zero taint analysis flows, is concerning. While the static analysis reports no immediate critical or high-severity issues in the current code, the historical vulnerability data, including one unpatched medium-severity CVE related to XSS, strongly suggests a pattern of insecurity and a need for diligent patching. The plugin's past issues and current output escaping deficiencies create a risk of XSS attacks, despite the lack of a large, immediately exploitable attack surface in this version.",[262,265,267,269],{"reason":263,"points":264},"Unpatched CVE found",15,{"reason":266,"points":264},"Very low output escaping percentage",{"reason":268,"points":81},"No nonce checks on entry points",{"reason":270,"points":81},"No capability checks on entry points","2026-03-16T19:16:29.619Z",{"wat":273,"direct":282},{"assetPaths":274,"generatorPatterns":277,"scriptPaths":278,"versionParams":279},[275,276],"\u002Fwp-content\u002Fplugins\u002Fatp-call-now\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fatp-call-now\u002Fjs\u002Fscript.js",[],[276],[280,281],"atp-call-now\u002Fstyle.css?ver=","atp-call-now\u002Fjs\u002Fscript.js?ver=",{"cssClasses":283,"htmlComments":284,"htmlAttributes":285,"restEndpoints":287,"jsGlobals":288,"shortcodeOutput":302},[4],[],[286],"id=\"atpcn_upload_button\"",[],[289,290,291,292,293,294,295,296,297,298,299,300,301],"atpcn_page_id","atpcn_link","atpcn_text","atpcn_left_right","atpcn_bottom_top","atpcn_hide_pc","atpcn_hide_mb","atpcn_image_url","atpcn_size","atpcn_long","atpcn_color","atpcn_color_bg","atpcn_color_text",[]]