Does Contact Popover have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Popover have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Popover compatible with WordPress 6.9.4?

According to WordPress.org data, Contact Popover 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Contact Popover compatible with PHP 7.4+?

Contact Popover requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Contact Popover updated?

Contact Popover was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Contact Popover's security score?

Contact Popover has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Popover Security & Risk Analysis

wordpress.org/plugins/contact-popover

A simple plugin to display contact information using a customizable popover button.

0 active installs v1.0.2 PHP 7.4+ WP 5.0+ Updated Nov 28, 2025

contact-buttoncontact-popoverpopoversimple-popover

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Contact Popover Safe to Use in 2026?

Generally Safe

Score 100/100

Contact Popover has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The contact-popover plugin v1.0.2 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code demonstrates excellent practice by not using dangerous functions, ensuring all SQL queries are prepared, and properly escaping all output. The absence of file operations, external HTTP requests, and any critical or high-severity taint flows further contributes to a low-risk profile. The plugin also has no recorded vulnerabilities (CVEs), indicating a history of secure development or effective patching by users.

However, a few areas warrant consideration. The plugin relies heavily on WordPress's built-in security mechanisms for its sole entry point, a shortcode. There are no explicit capability checks or nonce checks implemented for this shortcode, which could be a potential weakness if the shortcode's functionality allows for sensitive actions or data manipulation. While the static analysis indicates zero unprotected entry points, the absence of these common security measures on the shortcode itself leaves it potentially vulnerable to unintended execution or abuse if the shortcode's context is manipulated. Overall, the plugin is well-developed with good secure coding practices, but the lack of explicit authorization on its shortcode is a minor concern that could be addressed.

Key Concerns

Shortcode lacks capability checks
Shortcode lacks nonce checks

Vulnerabilities

None known

Contact Popover Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Contact Popover Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped51 total outputs

Attack Surface

Contact Popover Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[contpo_contact_popover] contact-popover.php:34

WordPress Hooks 3

actionadmin_menucontact-popover.php:32

actionadmin_initcontact-popover.php:33

actionwp_enqueue_scriptscontact-popover.php:35

Maintenance & Trust

Contact Popover Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version7.4

Downloads436

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Contact Popover Alternatives

Call Now Button – The #1 Click to Call Button for WordPress

call-now-button

The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.

200K 5 CVEs

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched

Button Generator – Easily Create Custom Buttons with Icons and Analytics

button-generation

Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.

5K 8 CVEs

Floating Button – Easily Create Sticky, Fixed & Floating Buttons

floating-button

100

Floating Buttons let you easily create sticky, fixed, and floating action buttons

5K 1 CVE

Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress

contact-form-to-db

Save and manage Contact Form messages. Never lose important data.

1K 5 CVEs

Developer Profile

Contact Popover Developer Profile

MD.Muslim

3 plugins · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Contact Popover

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contact-popover/assets/css/contpo-style.css

Version Parameters

contpo-style=1.0

HTML / DOM Fingerprints

CSS Classes

contpo-wrappercontpo-buttoncontpo-pos-topcontpo-pos-rightcontpo-pos-bottomcontpo-pos-leftcontpo-popovercontpo-close-btn

Data Attributes

popovertargetpopover

Shortcode Output

<div class="contpo-wrapper"><button popovertarget="contpoPopover"<div id="contpoPopover" popover class="contpo-popover"><p><strong>Name :</strong>

FAQ