WP-Safety

Click To Dial – Wp Click To Call Support Security & Risk Analysis

wordpress.org/plugins/click-to-dial

Easily add a "Call Now" bubble to your WordPress site—let visitors call you in 3 clicks with customizable buttons, forms, and time-based availability.

100 active installs v1.2.11 PHP + WP 5.0+ Updated Mar 12, 2026
agentcall-now-buttoncall-plugincall-to-actionclick-to-call
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Click To Dial – Wp Click To Call Support Safe to Use in 2026?

Generally Safe

Score 100/100

Click To Dial – Wp Click To Call Support has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "click-to-dial" plugin version 1.2.11 demonstrates a generally good security posture based on the provided static analysis. A significant positive is the absence of any recorded vulnerabilities (CVEs), suggesting a history of stable and secure development. The plugin also shows strengths in implementing security features, with a decent number of nonce and capability checks, and a majority of SQL queries using prepared statements, and a high percentage of properly escaped outputs. The attack surface, while present, is entirely protected by authentication, and there are no critical or high severity taint flows identified, which are strong indicators of responsible coding practices.

However, there are a few areas that warrant attention. The presence of the `unserialize` function is a potential concern, as it can be a vector for deserialization vulnerabilities if not handled with extreme caution and sanitization. While no immediate issues were found in taint analysis, this function inherently carries risk. Additionally, while most SQL queries are prepared, the 33% that are not could pose a risk if they involve user-supplied input without proper sanitization, though the static analysis did not flag specific instances of this.

In conclusion, the "click-to-dial" plugin appears to be relatively secure. Its lack of historical vulnerabilities and protected entry points are major strengths. The primary area for improvement and vigilance is the use of `unserialize`, which, despite not currently showing exploitable flows, remains a function to monitor. The plugin's overall security is good, but a cautious approach to the identified `unserialize` function is advised.

Key Concerns

  • Use of unserialize function
  • SQL queries not using prepared statements
Vulnerabilities
None known

Click To Dial – Wp Click To Call Support Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Click To Dial – Wp Click To Call Support Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
2 prepared
Unescaped Output
247
663 escaped
Nonce Checks
10
Capability Checks
5
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize($response['body']);admin\HelpPage\Help.php:139

SQL Query Safety

67% prepared3 total queries

Output Escaping

73% escaped910 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
csf_export (admin\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Click To Dial – Wp Click To Call Support Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 7

authwp_ajax_csf-get-iconsadmin\functions\actions.php:50
authwp_ajax_csf-exportadmin\functions\actions.php:87
authwp_ajax_csf-importadmin\functions\actions.php:123
authwp_ajax_csf-resetadmin\functions\actions.php:150
authwp_ajax_csf-chosenadmin\functions\actions.php:189
authwp_ajax_ctd-never-show-review-noticeadmin\HelpPage\ReviewNotice.php:28
authwp_ajax_themeatelier_dismiss_offer_bannerHelpers\ThemeAtelier_Offer_Banner.php:35

Shortcodes 1

[ctd] view\shortcodes\custom-shortcode.php:12
WordPress Hooks 37
actionadmin_footeradmin\appsero\Insights.php:122
actionadmin_noticesadmin\appsero\Insights.php:141
actionadmin_initadmin\appsero\Insights.php:144
filtercron_schedulesadmin\appsero\Insights.php:150
actionwp_enqueue_scriptsadmin\classes\abstract.class.php:20
actionadmin_menuadmin\classes\admin-options.class.php:107
actionadmin_bar_menuadmin\classes\admin-options.class.php:108
actionnetwork_admin_menuadmin\classes\admin-options.class.php:112
filteradmin_footer_textadmin\classes\admin-options.class.php:432
actionafter_setup_themeadmin\classes\setup.class.php:73
actioninitadmin\classes\setup.class.php:74
actionswitch_themeadmin\classes\setup.class.php:75
actionadmin_enqueue_scriptsadmin\classes\setup.class.php:76
actionwp_enqueue_scriptsadmin\classes\setup.class.php:77
actionwp_headadmin\classes\setup.class.php:78
filteradmin_body_classadmin\classes\setup.class.php:79
actionadmin_footeradmin\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsadmin\fields\icon\icon.php:42
actionadmin_print_footer_scriptsadmin\fields\link\link.php:65
actionprint_default_editor_scriptsadmin\fields\wp_editor\wp_editor.php:62
actionadmin_noticesadmin\HelpPage\ReviewNotice.php:27
actionplugins_loadedclick-to-dial.php:48
actioninitclick-to-dial.php:75
actionblock_categories_allclick-to-dial.php:91
actionadmin_menuclick-to-dial.php:93
actionafter_setup_themeclick-to-dial.php:122
actionadmin_noticesHelpers\ThemeAtelier_Offer_Banner.php:34
actionwp_enqueue_scriptsinc\class-enqueue.php:20
actionadmin_enqueue_scriptsinc\class-enqueue.php:21
actionwp_footerview\chat-bubbles\chat-bubbles.php:2
actioninitview\elementor-widgets\elementor-widget.php:153
actionadmin_noticesview\elementor-widgets\elementor-widget.php:178
actionadmin_noticesview\elementor-widgets\elementor-widget.php:185
actionelementor/elements/categories_registeredview\elementor-widgets\elementor-widget.php:190
actionelementor/widgets/widgets_registeredview\elementor-widgets\elementor-widget.php:194
actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:197
actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:359
Maintenance & Trust

Click To Dial – Wp Click To Call Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Click To Dial – Wp Click To Call Support Alternatives

Floating Click to Contact Buttons

Floating Click to Contact Buttons

floating-click-to-contact-buttons

A
85

Tạo các nút gọi, nút chat Zalo, nút Chat messenger, nút để lại thông tin để tư vấn, nút chỉ đường. Trình bày các nút đẹp mắt ở góc phải dưới màn hình, …

2K No CVEs
Call Now Button – The #1 Click to Call Button for WordPress

Call Now Button – The #1 Click to Call Button for WordPress

call-now-button

A
95

The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.

200K 5 CVEs
Really Simple Click To Call Bar

Really Simple Click To Call Bar

really-simple-click-to-call

A
85

A simple plugin that adds a click to call bar/call now button for mobile visitors.

8K No CVEs
Click to Call or Chat Buttons

Click to Call or Chat Buttons

click-to-call-or-chat-buttons

A
92

This plugin adds Phone Call and WhatsApp button on your webpage.

1K 1 CVE
Click to call button

Click to call button

click-to-call-button

A
85

Shows a Click to Call / Call Now Button to your visitors and turns your website into a phone with call recording, voicemail and SMS.

100 No CVEs
Developer Profile

Click To Dial – Wp Click To Call Support Developer Profile

Foysal Imran

7 plugins · 710 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
21 days
View full developer profile
Detection Fingerprints

How We Detect Click To Dial – Wp Click To Call Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/click-to-dial/admin/css/click-to-dial-admin.css/wp-content/plugins/click-to-dial/admin/js/click-to-dial-admin.js/wp-content/plugins/click-to-dial/assets/css/click-to-dial-style.css/wp-content/plugins/click-to-dial/assets/js/click-to-dial.js/wp-content/plugins/click-to-dial/assets/js/frontend.js/wp-content/plugins/click-to-dial/assets/js/frontend.min.js/wp-content/plugins/click-to-dial/inc/css/custom-css.css/wp-content/plugins/click-to-dial/inc/css/custom-css.min.css+1 more
Script Paths
/wp-content/plugins/click-to-dial/admin/js/click-to-dial-admin.js/wp-content/plugins/click-to-dial/assets/js/click-to-dial.js/wp-content/plugins/click-to-dial/assets/js/frontend.js/wp-content/plugins/click-to-dial/assets/js/frontend.min.js
Version Parameters
click-to-dial/admin/css/click-to-dial-admin.css?ver=click-to-dial/admin/js/click-to-dial-admin.js?ver=click-to-dial/assets/css/click-to-dial-style.css?ver=click-to-dial/assets/js/click-to-dial.js?ver=click-to-dial/assets/js/frontend.js?ver=click-to-dial/assets/js/frontend.min.js?ver=click-to-dial/inc/css/custom-css.css?ver=click-to-dial/inc/css/custom-css.min.css?ver=click-to-dial/view/elementor-widgets/assets/css/elementor-widget.css?ver=

HTML / DOM Fingerprints

CSS Classes
ctd-click-to-dial-bubblectd-click-to-dial-buttonctd-click-to-dial-blockctd-get-pro-btn
HTML Comments
<!-- Block Direct access --><!-- click to dial version --><!-- Define constants for plugin directory path. --><!-- Define constants for view directory path. -->+23 more
Data Attributes
data-ctd-phonedata-ctd-textdata-ctd-icon
JS Globals
window.ctd_object
FAQ

Frequently Asked Questions about Click To Dial – Wp Click To Call Support