WP-Safety

Call To Action Builder Security & Risk Analysis

wordpress.org/plugins/cta-builder

Easily create HTML5 call-to-action banners with shortcodes.

0 active installs v1.2 PHP 7.2+ WP 5.2+ Updated Unknown
bannercall-to-actionctaimagespage
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Call To Action Builder Safe to Use in 2026?

Generally Safe

Score 100/100

Call To Action Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin 'cta-builder' v1.2 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code demonstrates excellent adherence to security best practices, with all SQL queries utilizing prepared statements and all output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further mitigates potential attack vectors. Notably, all identified entry points (AJAX handlers and shortcodes) are protected by nonce and capability checks, which is a significant strength.

The taint analysis reveals no unsanitized paths or flows of critical or high severity, indicating that user-supplied data is not being processed in a way that could lead to common vulnerabilities. The vulnerability history is clean, with zero recorded CVEs, suggesting a history of secure development or effective patching by the developers. This lack of historical issues is a positive indicator for ongoing security.

Overall, 'cta-builder' v1.2 appears to be a securely developed plugin. The strengths lie in its robust input validation and output sanitization, comprehensive use of security checks, and a clean vulnerability record. There are no immediate security concerns arising from the static analysis or historical data. The plugin's security is its most prominent feature.

Vulnerabilities
None known

Call To Action Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Call To Action Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
194 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped194 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
trs_cta_validate_post_field (includes\trs_cta_image_properties_render_metabox.php:64)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Call To Action Builder Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 2

authwp_ajax_clickcountincludes\trs_cta_counter.php:66
noprivwp_ajax_clickcountincludes\trs_cta_counter.php:67

Shortcodes 2

[trs_cta_banner] includes\trs_shortcode.php:3
[trs_cta_banner] trs_cta_uninstall.php:8
WordPress Hooks 19
actionadmin_enqueue_scriptsfunctions.php:40
actionwp_enqueue_scriptsfunctions.php:73
filterenter_title_herefunctions.php:91
filtermanage_cta_posts_columnsfunctions.php:115
actionmanage_cta_posts_custom_columnfunctions.php:143
filtermanage_edit-cta_sortable_columnsfunctions.php:158
actionpost_submitbox_misc_actionsfunctions.php:185
filterpost_row_actionsfunctions.php:202
actionadmin_footer_textfunctions.php:230
filterenter_title_hereincludes\functions.php:30
filtermanage_edit-cta_columnsincludes\functions.php:43
actionmanage_cta_posts_custom_columnincludes\functions.php:62
actionadmin_footer_textincludes\functions.php:80
actionadd_meta_boxesincludes\trs_create_meta_boxes.php:46
actionsave_postincludes\trs_cta_banner_sizes_render_metabox.php:83
actionwp_enqueue_scriptsincludes\trs_cta_counter.php:99
actionsave_postincludes\trs_cta_image_properties_render_metabox.php:192
actioninitincludes\trs_cta_post_type.php:61
actionelementor/widgets/registerincludes\trs_cta_register_widget.php:18
Maintenance & Trust

Call To Action Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.2
Downloads941

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Call To Action Builder Alternatives

Advanced Call To Action Block

Advanced Call To Action Block

hazrath-advanced-cta-block

A
100

A sleek, customizable Call to Action block for Gutenberg — perfect for driving clicks, signups, and conversions.

100 No CVEs
Easy Banners Widget

Easy Banners Widget

easy-banners-widget

A
85

Easily build call-to-action banners for your sidebars.

70 No CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 10 CVEs
TinyPNG – JPEG, PNG & WebP image compression

TinyPNG – JPEG, PNG & WebP image compression

tiny-compress-images

A
99

Speed up your website. Optimize your JPEG, PNG, and WebP images automatically with TinyPNG.

100K 1 CVE
Unique Headers

Unique Headers

unique-headers

A
85

Adds the ability to use unique custom header images on individual pages, posts or categories or tags.

20K No CVEs
Developer Profile

Call To Action Builder Developer Profile

The Right Software

5 plugins · 110 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Call To Action Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cta-builder/assets/css/admin-style.css/wp-content/plugins/cta-builder/assets/css/main-style.css/wp-content/plugins/cta-builder/assets/js/ctabanner.js
Script Paths
/wp-content/plugins/cta-builder/assets/js/ctabanner.js
Version Parameters
cta-builder/assets/css/admin-style.css?ver=cta-builder/assets/css/main-style.css?ver=cta-builder/assets/js/ctabanner.js?ver=

HTML / DOM Fingerprints

CSS Classes
trs-cta-footertrs-cta-counter
Data Attributes
data-cta-id
JS Globals
trsCTA
Shortcode Output
[trs_cta_banner id=
FAQ

Frequently Asked Questions about Call To Action Builder