WP-Safety

Click To Email – Chat Bubble & Mail Button for WP Security & Risk Analysis

wordpress.org/plugins/click-to-mail

Add a "Click to Mail" bubble to your site—let visitors email you in 3 clicks with custom subject, body, CC/BCC, and timezone-based availability.

100 active installs v1.2.10 PHP + WP 5.0+ Updated Mar 12, 2026
chat-boxclick-to-emailconnectemailmailto
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Click To Email – Chat Bubble & Mail Button for WP Safe to Use in 2026?

Generally Safe

Score 100/100

Click To Email – Chat Bubble & Mail Button for WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "click-to-mail" plugin v1.2.10 exhibits a generally good security posture, with all identified entry points (AJAX handlers and shortcodes) having proper authentication and permission checks. The code analysis shows a low number of SQL queries, with a majority utilizing prepared statements, and a high percentage of properly escaped outputs, indicating good defensive coding practices. The absence of file operations and external HTTP requests also reduces the potential attack surface. Furthermore, the plugin has no recorded vulnerabilities or CVEs, suggesting a history of stable and secure development.

Despite the positive indicators, a single critical "dangerous function" identified in the code analysis (unserialize) warrants attention. While no taint flows directly exploit this function in the provided analysis, its presence introduces a theoretical risk. If user-supplied data is ever passed to `unserialize` without strict validation, it could lead to object injection vulnerabilities. The plugin's lack of vulnerability history is reassuring but does not completely negate the inherent risks associated with potentially insecure functions. Overall, the plugin is reasonably secure, but the `unserialize` function represents a potential area for improvement and closer monitoring.

Key Concerns

  • Presence of unserialize function
Vulnerabilities
None known

Click To Email – Chat Bubble & Mail Button for WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Click To Email – Chat Bubble & Mail Button for WP Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
2 prepared
Unescaped Output
247
681 escaped
Nonce Checks
10
Capability Checks
5
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize($response['body']);admin\HelpPage\Help.php:139

SQL Query Safety

67% prepared3 total queries

Output Escaping

73% escaped928 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
csf_export (admin\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Click To Email – Chat Bubble & Mail Button for WP Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 7

authwp_ajax_csf-get-iconsadmin\functions\actions.php:50
authwp_ajax_csf-exportadmin\functions\actions.php:87
authwp_ajax_csf-importadmin\functions\actions.php:123
authwp_ajax_csf-resetadmin\functions\actions.php:150
authwp_ajax_csf-chosenadmin\functions\actions.php:189
authwp_ajax_ctm-never-show-review-noticeadmin\HelpPage\ReviewNotice.php:28
authwp_ajax_themeatelier_dismiss_offer_bannerHelpers\ThemeAtelier_Offer_Banner.php:35

Shortcodes 1

[ctm] view\shortcodes\custom-shortcode.php:12
WordPress Hooks 37
actionadmin_footeradmin\appsero\Insights.php:122
actionadmin_noticesadmin\appsero\Insights.php:141
actionadmin_initadmin\appsero\Insights.php:144
filtercron_schedulesadmin\appsero\Insights.php:150
actionwp_enqueue_scriptsadmin\classes\abstract.class.php:20
actionadmin_menuadmin\classes\admin-options.class.php:107
actionadmin_bar_menuadmin\classes\admin-options.class.php:108
actionnetwork_admin_menuadmin\classes\admin-options.class.php:112
filteradmin_footer_textadmin\classes\admin-options.class.php:432
actionafter_setup_themeadmin\classes\setup.class.php:73
actioninitadmin\classes\setup.class.php:74
actionswitch_themeadmin\classes\setup.class.php:75
actionadmin_enqueue_scriptsadmin\classes\setup.class.php:76
actionwp_enqueue_scriptsadmin\classes\setup.class.php:77
actionwp_headadmin\classes\setup.class.php:78
filteradmin_body_classadmin\classes\setup.class.php:79
actionadmin_footeradmin\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsadmin\fields\icon\icon.php:42
actionadmin_print_footer_scriptsadmin\fields\link\link.php:65
actionprint_default_editor_scriptsadmin\fields\wp_editor\wp_editor.php:62
actionadmin_noticesadmin\HelpPage\ReviewNotice.php:27
actionplugins_loadedclick-to-mail.php:49
actioninitclick-to-mail.php:76
actionblock_categories_allclick-to-mail.php:93
actionadmin_menuclick-to-mail.php:95
actionafter_setup_themeclick-to-mail.php:127
actionadmin_noticesHelpers\ThemeAtelier_Offer_Banner.php:34
actionwp_enqueue_scriptsinc\class-enqueue.php:20
actionadmin_enqueue_scriptsinc\class-enqueue.php:21
actionwp_footerview\chat-bubbles\chat-bubbles.php:3
actioninitview\elementor-widgets\elementor-widget.php:153
actionadmin_noticesview\elementor-widgets\elementor-widget.php:178
actionadmin_noticesview\elementor-widgets\elementor-widget.php:185
actionelementor/elements/categories_registeredview\elementor-widgets\elementor-widget.php:190
actionelementor/widgets/widgets_registeredview\elementor-widgets\elementor-widget.php:194
actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:197
actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:359
Maintenance & Trust

Click To Email – Chat Bubble & Mail Button for WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version
Downloads9K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Click To Email – Chat Bubble & Mail Button for WP Alternatives

WP Mailto Links – Protect Email Addresses

WP Mailto Links – Protect Email Addresses

wp-mailto-links

C
62

Protect & encode email addresses safely from spambots & spamming. Easy to use - encodes emails out-of-the-box.

9K 1 unpatched
Contact Form 7 to Mailjet

Contact Form 7 to Mailjet

cf7-to-mailjet

A
85

Link Contact Form 7 with Mailjet contact list

600 No CVEs
DBD Mailto Encoder

DBD Mailto Encoder

dbd-mailto-encoder

A
85

Spam is one of the most frustrating things about the internet.

100 No CVEs
wk-email-antibot

wk-email-antibot

wk-email-antibot

A
85

Simply enables WordPress shortcode for easily letting you camouflage an email address, hiding it from crawling spiders and bots.

40 No CVEs
Hellodialog

Hellodialog

hellodialog

A
100

Wordpress plugin to include opt-in forms for Hellodialog's email marketing application.

20 No CVEs
Developer Profile

Click To Email – Chat Bubble & Mail Button for WP Developer Profile

Foysal Imran

7 plugins · 710 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
21 days
View full developer profile
Detection Fingerprints

How We Detect Click To Email – Chat Bubble & Mail Button for WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/click-to-mail/assets/css/style.css/wp-content/plugins/click-to-mail/assets/js/click-to-mail.js/wp-content/plugins/click-to-mail/view/blocks/build/index.js/wp-content/plugins/click-to-mail/view/blocks/build/index.asset.php
Script Paths
/wp-content/plugins/click-to-mail/assets/js/click-to-mail.js/wp-content/plugins/click-to-mail/view/blocks/build/index.js
Version Parameters
click-to-mail/assets/css/style.css?ver=click-to-mail/assets/js/click-to-mail.js?ver=click-to-mail/view/blocks/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
ctm-chat-bubblectm-chat-bodyctm-chat-inputctm-chat-send-btnctm-chat-avatarctm-chat-messagectm-chat-responsectm-chat-user+2 more
Data Attributes
data-ctm-iddata-ctm-typedata-ctm-textdata-ctm-emaildata-ctm-subjectdata-ctm-body+3 more
JS Globals
ctm_init_chat_bubbles
Shortcode Output
[click_to_mail_chat_bubble][click_to_mail_button]
FAQ

Frequently Asked Questions about Click To Email – Chat Bubble & Mail Button for WP