Does Callweb have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Callweb compatible with WordPress 5.9.13?

According to WordPress.org data, Callweb 1.0.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Callweb updated?

Callweb was last updated on Mar 11, 2022. Frequent updates are generally a positive security signal.

What is Callweb's security score?

Callweb has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Callweb Security & Risk Analysis

wordpress.org/plugins/callweb

Plugin dodający widget callweb do strony internetowej. Dzięki widgetowi możesz automatycznie oddzwaniać do swoich klientów.

0 active installs v1.0.0 PHP + WP 3.0.1+ Updated Mar 11, 2022

callcall-webcall-widgetcallwebweb

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Callweb Safe to Use in 2026?

Generally Safe

Score 85/100

Callweb has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "callweb" v1.0.0 plugin exhibits a strong security posture based on the provided static analysis data. There are no identified entry points in the attack surface that are unprotected, and all SQL queries utilize prepared statements, indicating good practice for preventing SQL injection. Furthermore, all output is properly escaped and there are no observed file operations or external HTTP requests, which are common vectors for exploitation.

The taint analysis shows no identified flows with unsanitized paths, further reinforcing the lack of exploitable vulnerabilities in the current code. The vulnerability history is also clean, with no recorded CVEs, suggesting the plugin has historically been secure or has had its vulnerabilities promptly addressed. The presence of capability checks, though not explicitly detailed in their implementation, is a positive sign for access control.

However, the complete absence of nonce checks is a notable concern, especially if any future AJAX handlers are introduced without them. While the current attack surface is zero, this lack of defense for potential future entry points is a weakness. The plugin's overall security is good due to its current lack of exploitable code and clean history, but the potential for future issues exists if new functionalities are added without robust security measures like nonce checks.

Key Concerns

No nonce checks implemented

Vulnerabilities

None known

Callweb Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Callweb Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Callweb Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped10 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

callweb_options (inc/menu.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Callweb Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_enqueue_scriptsinc/functions.php:7

actionwp_headinc/functions.php:30

actionadmin_menuinc/menu.php:13

Maintenance & Trust

Callweb Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMar 11, 2022

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Callweb Alternatives

Connect-EZ Click-To-Call

connect-ez-click-to-call

100

Make phone calls directly from your website!

30 No CVEs

LiveSmart Video Chat Live Video Chat

new-dev-livesmart-video-chat

LiveSmart Video Chat Live Video chat plugin for WordPress that allows visitors to establish live video chat in the browser without download.

30 No CVEs

phone2app : formulario de contacto y llamadas

phone2app

phone2app es un formulario de contacto y llamadas. La herramienta de gestión de contactos o leads más avanzada hasta el momento.

30 No CVEs

Paid Videochat Turnkey Site – HTML5 PPV Live Webcams

ppv-live-webcams

Launch a PPV live webcam platform with real-time interaction and robust monetization for performers.

30 4 CVEs

Excitel – Click to call

excitel-click-to-call

Excitel helps your customers make calls from your site over Internet (free) using WebRTC, RTMP and SIP protocols.

20 No CVEs

Developer Profile

Callweb Developer Profile

telestrada

2 plugins · 0 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Callweb

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/callweb/assets/styles/style.css

HTML / DOM Fingerprints

JS Globals

_callweb

FAQ

Callweb Security & Risk Analysis

Is Callweb Safe to Use in 2026?

Generally Safe

Key Concerns

Callweb Security Vulnerabilities

Callweb Release Timeline

Callweb Code Analysis

Output Escaping

Data Flow Analysis

Callweb Attack Surface

Callweb Maintenance & Trust

Maintenance Signals

Community Trust

Callweb Alternatives

Connect-EZ Click-To-Call

LiveSmart Video Chat Live Video Chat

phone2app : formulario de contacto y llamadas

Paid Videochat Turnkey Site – HTML5 PPV Live Webcams

Excitel – Click to call

Callweb Developer Profile

How We Detect Callweb

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Callweb