Does Broadcast – WordPress Call to Actions have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Broadcast – WordPress Call to Actions compatible with WordPress 4.7.33?

According to WordPress.org data, Broadcast – WordPress Call to Actions 1.0 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Broadcast – WordPress Call to Actions updated?

Broadcast – WordPress Call to Actions was last updated on Apr 7, 2017. Frequent updates are generally a positive security signal.

What is Broadcast – WordPress Call to Actions's security score?

Broadcast – WordPress Call to Actions has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Broadcast – WordPress Call to Actions Security & Risk Analysis

wordpress.org/plugins/broadcast-call-to-actions

Broadcast is a call to action (CTA) management plugin that allows you to easy manage and display CTAs within your WordPress content.

10 active installs v1.0 PHP + WP 3.6+ Updated Apr 7, 2017

actionannouncementbroadcastcall-to-actioncta

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Broadcast – WordPress Call to Actions Safe to Use in 2026?

Generally Safe

Score 85/100

Broadcast – WordPress Call to Actions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "broadcast-call-to-actions" plugin v1.0 exhibits a generally positive security posture due to robust implementation of security best practices such as nonce and capability checks. The static analysis reveals no critical or high severity taint flows, and the absence of known vulnerabilities in its history further strengthens this assessment. All identified entry points, including AJAX handlers and shortcodes, appear to have appropriate authentication and permission checks, which is commendable.

However, a significant concern arises from the handling of SQL queries. The single detected SQL query is not being prepared, presenting a potential risk for SQL injection vulnerabilities if user-supplied data is ever incorporated into this query without proper sanitization. Additionally, the plugin's output escaping is only at 33%, indicating a substantial risk of cross-site scripting (XSS) vulnerabilities if any output is not properly sanitized. While the current attack surface is protected, the lack of preparedness in SQL and insufficient output escaping are notable weaknesses.

In conclusion, the plugin demonstrates a solid foundation with good authentication and authorization practices. The lack of past vulnerabilities is a positive indicator. Nevertheless, the unescaped output and the unprepared SQL query represent significant avenues for potential exploitation that require immediate attention to fully secure the plugin.

Key Concerns

Raw SQL query without prepared statements
Low percentage of properly escaped output

Vulnerabilities

None known

Broadcast – WordPress Call to Actions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Broadcast – WordPress Call to Actions Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Broadcast – WordPress Call to Actions Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

0% prepared1 total queries

Output Escaping

33% escaped52 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

broadcast_create_layout (admin\admin.php:37)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Broadcast – WordPress Call to Actions Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 5

authwp_ajax_broadcast_create_layoutadmin\admin.php:5

authwp_ajax_broadcast_save_layoutadmin\admin.php:6

authwp_ajax_broadcast_delete_layoutadmin\admin.php:7

authwp_ajax_broadcast_view_layoutadmin\admin.php:8

authwp_ajax_broadcast_lightboxadmin\editor\editor.php:6

Shortcodes 1

[broadcast] broadcast.php:56

WordPress Hooks 17

actionadmin_enqueue_scriptsadmin\admin.php:9

filteradmin_footer_textadmin\admin.php:10

actionadmin_headadmin\editor\editor.php:17

filtermce_external_pluginsadmin\editor\editor.php:33

filtermce_buttonsadmin\editor\editor.php:34

actionadmin_menuadmin\functions\menu.php:58

filterpost_row_actionsadmin\functions\menu.php:86

actionadmin_headadmin\functions\menu.php:97

actionadmin_enqueue_scriptsadmin\functions\scripts.php:62

actionadmin_initadmin\functions\settings.php:4

filtermanage_broadcast_posts_columnsadmin\functions.php:39

actionmanage_broadcast_posts_custom_columnadmin\functions.php:69

filterwidget_textbroadcast.php:57

actionadd_meta_boxesbroadcast.php:58

actionsave_postbroadcast.php:59

actionwp_enqueue_scriptsbroadcast.php:60

actionafter_setup_themebroadcast.php:62

Maintenance & Trust

Broadcast – WordPress Call to Actions Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedApr 7, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Broadcast – WordPress Call to Actions Alternatives

Mobile Contact Bar

mobile-contact-bar

Allow your visitors to contact you via mobile phones, or access your site's pages instantly.

10K 1 CVE

WP CTA – Call Now Button, Sticky Button & Call to Action Builder

easy-sticky-sidebar

WordPress Call To Action builder that creates sticky buttons, call now buttons and CTAs to boost clicks, increase sales and generate leads.

2K 5 CVEs

TopBar Call To Action

topbar-call-to-action

100

Allow user to add upsales or any call to actions with TopBar Call To Action.

2K No CVEs

Call to Action Block by WPPOOL

call-to-action-block-wppool

100

Add a stunning call to action (CTA) block to your WordPress post or page using 10+ prebuilt call to action layouts for Gutenberg.

1K No CVEs

CTA Button Styler

cta-button-styler

100

Increase engagement with reusable CTA buttons, styled your way with hover effects and optional animations. Clean and efficient.

400 No CVEs

Developer Profile

Broadcast – WordPress Call to Actions Developer Profile

connekthq

3 plugins · 200K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

467 days

View full developer profile

Detection Fingerprints

How We Detect Broadcast – WordPress Call to Actions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/broadcast-call-to-actions/core/classes/class.enqueue.php/wp-content/plugins/broadcast-call-to-actions/core/classes/class.shortcode.php/wp-content/plugins/broadcast-call-to-actions/functions/functions.php/wp-content/plugins/broadcast-call-to-actions/functions/post_types.php

Script Paths

HTML / DOM Fingerprints

CSS Classes

broadcast-meta-callout

HTML Comments

+2 more

Data Attributes

name="broadcast_label"id="broadcast_label"name="broadcast_url"id="broadcast_url"name="broadcast_target"id="broadcast_target"

Shortcode Output

[broadcast][broadcast][broadcast][broadcast]

FAQ