Does Contactus have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Contactus compatible with WordPress 6.9.4?

According to WordPress.org data, Contactus 2.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Contactus compatible with PHP 7.4+?

Contactus requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Contactus updated?

Contactus was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is Contactus's security score?

Contactus has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contactus Security & Risk Analysis

wordpress.org/plugins/contactus

Free website widget for chatting with your visitors via WhatsApp, Facebook Messenger, Viber and Telegram.

500 active installs v2.0.0 PHP 7.4+ WP 6.0+ Updated Mar 7, 2026

contactusfacebook-messengertelegramviberwhatsapp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Contactus Safe to Use in 2026?

Generally Safe

Score 100/100

Contactus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'contactus' plugin v2.0.0 appears to have a strong security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. The code also demonstrates good security practices by utilizing prepared statements for all SQL queries and properly escaping almost all output. The presence of a capability check further strengthens its defenses against unauthorized access.

Despite these strengths, the static analysis reveals a concerning lack of nonce checks. While the plugin doesn't expose obvious entry points that would typically require nonces, this absence could indicate a potential blind spot. The fact that there are no recorded vulnerabilities in its history is a positive sign, suggesting the developers are either very diligent or the plugin's limited functionality has not attracted malicious attention. However, the lack of history does not inherently guarantee future security.

Overall, 'contactus' v2.0.0 presents a low-risk profile due to its minimal attack surface and good coding practices regarding SQL and output escaping. The primary concern is the absence of nonce checks, which, while not directly exploitable given the current analysis, is a standard security measure that is missing.

Key Concerns

Missing Nonce Checks

Vulnerabilities

None known

Contactus Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Contactus Release Timeline

v2.0.0Current

v1.2

v1.1

Code Analysis

Analyzed Mar 16, 2026

Contactus Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

43 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped44 total outputs

Attack Surface

Contactus Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actioninitcontactus.php:40

actionwp_footercontactus.php:55

actionwp_abilities_api_categories_initincludes\class-contactus-abilities.php:20

actionwp_abilities_api_initincludes\class-contactus-abilities.php:21

actionadmin_menuincludes\class-contactus-admin.php:34

actionadmin_initincludes\class-contactus-admin.php:35

actioninitincludes\class-contactus-block.php:26

Maintenance & Trust

Contactus Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version7.4

Downloads7K

Community Trust

Rating100/100

Number of ratings4

Active installs500

Alternatives

Contactus Alternatives

Joinchat

creame-whatsapp-me

100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs

Floating Contact Button for MAX and Telegram

floating-contact-button-for-max-and-telegram

100

A lightweight floating contact button for WordPress with support for Telegram, WhatsApp, Facebook Messenger and MAX.

900 No CVEs

Social Live Chat Helpdesk – MyAlice

myaliceai

Engage customers at every stage of their journey through Live Chat, WhatsApp, Telegram, Line, Viber, Instagram, and Facebook Messenger, and boost sale …

100 1 CVE

VABE / Button – Floating Chat Widget

vabe-button

FREE widget! Chat with your customers via WhatsApp, Facebook Messenger, Telegram, Viber and other apps.

40 No CVEs

Push Anything To Social

phongmy-push-anything-to-social

This's plugins help Owner push order from Woocommerce to Facebook messenger quickly base On CallmeBot API

20 No CVEs

Developer Profile

Contactus Developer Profile

Nikba Creative Studio

1 plugin · 500 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Contactus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contactus/assets/css/contactus.css/wp-content/plugins/contactus/assets/js/contactus-admin.js/wp-content/plugins/contactus/assets/js/contactus-frontend.js

Script Paths

/wp-content/plugins/contactus/assets/js/contactus-admin.js/wp-content/plugins/contactus/assets/js/contactus-frontend.js

Version Parameters

contactus/assets/css/contactus.css?ver=contactus/assets/js/contactus-admin.js?ver=contactus/assets/js/contactus-frontend.js?ver=

HTML / DOM Fingerprints

FAQ