Does Contact Info have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Info compatible with WordPress 5.9.13?

According to WordPress.org data, Contact Info 3.1.8 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Contact Info updated?

Contact Info was last updated on May 14, 2022. Frequent updates are generally a positive security signal.

What is Contact Info's security score?

Contact Info has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Info Security & Risk Analysis

wordpress.org/plugins/contact-info

This plugin will allow you to add contact information from admin panel and show them in frontend. Using shortcodes and functions.

100 active installs v3.1.8 PHP + WP 2.0.2+ Updated May 14, 2022

addresscontactemailphonesecond-mail-option

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Contact Info Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Info has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "contact-info" plugin v3.1.8 demonstrates a generally good security posture based on the provided static analysis. The absence of any known CVEs in its history and the analysis showing no critical or high severity taint flows are positive indicators. Furthermore, the plugin utilizes prepared statements for all its SQL queries, which is a strong defense against SQL injection vulnerabilities. The presence of a nonce check and a limited attack surface with no unprotected entry points are also commendable security practices.

However, there are areas for improvement. A significant concern is the low percentage of properly escaped output (29%). This suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in users' browsers if untrusted data is directly rendered without sufficient sanitization. The lack of capability checks on the single shortcode entry point, while not explicitly a direct vulnerability if the shortcode is deemed benign, could be a weakness if its functionality were to evolve to handle sensitive operations.

In conclusion, while the "contact-info" plugin has avoided historical vulnerabilities and implements some crucial security measures like prepared statements, the substantial output escaping issue represents a notable risk that should be addressed promptly. Strengthening output sanitization would significantly improve the plugin's overall security.

Key Concerns

Low percentage of properly escaped output
No capability checks on entry point

Vulnerabilities

None known

Contact Info Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Contact Info Release Timeline

v3.1.8Current

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1

v3.0

v2.1a

Code Analysis

Analyzed Mar 16, 2026

Contact Info Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

29% escaped31 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

contact_info_save_data (includes\class-settings.php:8)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Contact Info Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ci] contact-info.php:45

WordPress Hooks 6

actionwidgets_initcontact-info.php:47

actionplugins_loadedcontact-info.php:49

actionwp_enqueue_scriptsincludes\class-scripts.php:5

actionadmin_enqueue_scriptsincludes\class-scripts.php:6

actionadmin_menuincludes\class-settings.php:50

actioninitincludes\class-settings.php:51

Maintenance & Trust

Contact Info Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMay 14, 2022

PHP min version

Downloads13K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Contact Info Alternatives

Mobile Contact Line

mobile-contact-line

Simple plugin that allow you add mobile contact line to your wordpress site

1K 1 CVE

Fetchify

clicktoaddress-auto-complete

100

This plugin adds global address auto-complete functionality to the address forms on the front-end in WooCommerce.

600 No CVEs

Contact Widgets For Elementor all the contact links you need in one place

contact-widgets-for-elementor

Contact Widgets For Elementor , Now you can add all the beast ways to contact you: Whatsapp, SMS, Facebook messenger, Email, Phone and Waze.

500 No CVEs

Contact Details

contact-details

Display your contact details with a simple shortcode!

300 No CVEs

Mobile Only Contact Footer

mobile-only-contact-footer

An editable, fixed position div that sticks to the bottom of web page on mobile devices.

30 No CVEs

Developer Profile

Contact Info Developer Profile

aviplugins.com

9 plugins · 8K total installs

trust score

Avg Security Score

77/100

Avg Patch Time

617 days

View full developer profile

Detection Fingerprints

How We Detect Contact Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contact-info/css/contact_info.css

Script Paths

/wp-content/plugins/contact-info/js/ap.cookie.js/wp-content/plugins/contact-info/js/ap-tabs.js

Version Parameters

contact-info/css/contact_info.css?ver=contact-info/js/ap.cookie.js?ver=contact-info/js/ap-tabs.js?ver=

HTML / DOM Fingerprints

CSS Classes

ci-contact-info

HTML Comments

|||||<(`0_0`)>()(afo)() ()-()+3 more

JS Globals

ap_cookieap_tabs

Shortcode Output

[ci]

FAQ