Contact Zalo Report SW Security & Risk Analysis
wordpress.org/plugins/button-chat-zalo-report-swContact Zalo Report
Is Contact Zalo Report SW Safe to Use in 2026?
Generally Safe
Score 85/100Contact Zalo Report SW has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "button-chat-zalo-report-sw" v1.0.0 presents a mixed security posture. While it demonstrates good practices in output escaping and avoids dangerous functions and file operations, significant concerns arise from its attack surface and lack of authentication checks.
The analysis reveals two AJAX handlers that lack any authentication checks, creating a direct entry point for potential attackers. Furthermore, a taint analysis identified a flow with an unsanitized path, classified as high severity, indicating a potential for vulnerabilities related to how user-supplied data is handled and processed. The absence of nonce checks on these AJAX handlers exacerbates this risk, making Cross-Site Request Forgery (CSRF) attacks more feasible.
Despite the clean vulnerability history with no recorded CVEs, this historical data should not be the sole basis for security assessment. The current static analysis findings, particularly the unprotected AJAX endpoints and the high-severity taint flow, highlight immediate and actionable risks. The plugin's strengths lie in its proper output escaping and lack of vulnerable bundled libraries, but these are overshadowed by the critical need for robust access control on its entry points.
Key Concerns
- AJAX handlers without authentication checks
- High severity taint flow with unsanitized paths
- AJAX handlers without nonce checks
Contact Zalo Report SW Security Vulnerabilities
Contact Zalo Report SW Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Contact Zalo Report SW Attack Surface
AJAX Handlers 2
WordPress Hooks 5
Maintenance & Trust
Contact Zalo Report SW Maintenance & Trust
Maintenance Signals
Community Trust
Contact Zalo Report SW Alternatives
MainWP Child Reports
mainwp-child-reports
The MainWP Child Report plugin tracks changes to Child sites for the Pro Reports Extension.
SlimStat Analytics
wp-slimstat
The leading web analytics plugin for WordPress
Solid Central – Site Management, Backups, Security, and Reporting
ithemes-sync
Manage multiple WordPress sites from one dashboard.
Error Log Monitor
error-log-monitor
Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.
Metorik – Reports & Email Automation for WooCommerce
metorik-helper
The Metorik Helper helps provide your WooCommerce store with powerful analytics, reports, and tools.
Contact Zalo Report SW Developer Profile
2 plugins · 940 total installs
How We Detect Contact Zalo Report SW
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/button-chat-zalo-report-sw/assets/phonecall.css/wp-content/plugins/button-chat-zalo-report-sw/assets/customzal_adcss.css/wp-content/plugins/button-chat-zalo-report-sw/js/main.js/wp-content/plugins/button-chat-zalo-report-sw/js/jscolorpk.js/wp-content/plugins/button-chat-zalo-report-sw/assets/phone-ring.png/wp-content/plugins/button-chat-zalo-report-sw/js/main.js/wp-content/plugins/button-chat-zalo-report-sw/js/jscolorpk.jsbutton-chat-zalo-report-sw/assets/phonecall.css?ver=button-chat-zalo-report-sw/js/main.js?ver=button-chat-zalo-report-sw/assets/customzal_adcss.css?ver=button-chat-zalo-report-sw/js/jscolorpk.js?ver=HTML / DOM Fingerprints
fix_chatZalobtn_chatZalofix_telring-alo-phonering-alo-greenring-alo-showring-alo-ph-circlering-alo-ph-circle-fill+3 morezalo_obj