WP-Safety

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Security & Risk Analysis

wordpress.org/plugins/experto-cta-widget

A lightweight plugin to create floating CTA bubble widgets with contact forms, custom buttons, and analytics to boost website conversions.

80 active installs v1.2.1 PHP 7.4+ WP 5.5.4+ Updated Mar 27, 2026
call-to-actionfloating-buttonlead-generationpopupsticky-cta
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 15, 2025
Plugin page Download
Safety Verdict

Is Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 15, 2025Updated 1mo ago
Risk Assessment

The "experto-cta-widget" v1.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and a very high rate of output escaping, several concerning areas exist. The primary weakness lies in its attack surface, with 4 out of 5 AJAX handlers lacking authorization checks. This creates a significant vulnerability if these handlers perform sensitive operations that can be triggered by unauthenticated users. The taint analysis, though small in scope, did reveal two flows with unsanitized paths, which could potentially be exploited if they interact with sensitive data or operations, although no critical or high severity issues were found in this area.

The vulnerability history shows one past CVE, which was of medium severity and is now patched. The common vulnerability type being 'Missing Authorization' is a direct red flag that aligns with the static analysis findings of unprotected AJAX handlers. This history suggests a recurring issue with access control within the plugin's development, underscoring the importance of thoroughly securing all entry points. In conclusion, the plugin has strengths in data handling and output sanitization, but the significant number of unprotected AJAX endpoints and the historical pattern of authorization flaws represent considerable risks that need immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Past medium severity vulnerability
Vulnerabilities
1 published

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-47529medium · 5.3Missing Authorization

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Missing Authorization to Unauthenticated Settings Update

May 15, 2025 Patched in 1.2.1 (8d)
Version History

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Release Timeline

v1.2.1Current
Code Analysis
Analyzed Mar 16, 2026

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
327 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped330 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
esc_admin_side_ajax_function (admin\class-esc-admin.php:704)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_esc_admin_side_actionadmin\class-esc-admin.php:28
authwp_ajax_esc_public_actionpublic\class-esc-public.php:24
noprivwp_ajax_esc_public_actionpublic\class-esc-public.php:25
authwp_ajax_esc_cta_click_actionpublic\class-esc-public.php:26
noprivwp_ajax_esc_cta_click_actionpublic\class-esc-public.php:27
WordPress Hooks 11
actionadmin_headadmin\class-esc-admin.php:24
actionwp_dashboard_setupadmin\class-esc-admin.php:25
actionadmin_menuadmin\class-esc-admin.php:26
actionadmin_initadmin\class-esc-admin.php:27
actionadmin_noticesadmin\class-esc-admin.php:29
actionadmin_noticesadmin\partials\esc-admin-settings.php:22
actionadmin_enqueue_scriptsincludes\class-esc.php:66
actionadmin_enqueue_scriptsincludes\class-esc.php:67
actionwp_enqueue_scriptsincludes\class-esc.php:76
actionwp_enqueue_scriptsincludes\class-esc.php:77
actionwp_footerpublic\class-esc-public.php:23
Maintenance & Trust

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 27, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs80
Alternatives

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Alternatives

MkWebTech CTA Studio

MkWebTech CTA Studio

mkwebtech-cta-studio

A
100

Create inline, sticky, and popup call-to-action boxes in WordPress to boost engagement and conversions without coding.

0 No CVEs
Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content

brave-popup-builder

A
92

The best drag-and-drop Popup Builder for WordPress. Create Popups, exit-intent popups, slide-ins, and lead generation forms & Woocommerce popups i &hellip;

20K 5 CVEs
Icegram Engage – Popups, Optins, CTAs & Lead Generation

Icegram Engage – Popups, Optins, CTAs & Lead Generation

icegram

A
92

Create high-converting popups, email optins, and CTAs in minutes. Capture leads, grow your email list, and convert visitors into customers—without cod &hellip;

10K 18 CVEs
iConvert Promoter

iConvert Promoter

iconvert-promoter

A
100

🚀 A powerful and dynamic WordPress popup toolkit to grow your email list, retain customers, and boost conversions.

1K No CVEs
WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation

WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation

optin

C
68

Create stunning popups and newsletter forms with WowOptin. Boost your lead generation and sales with advanced targeting and Canva-like flexibility.

1K 1 unpatched
Developer Profile

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Developer Profile

UX Design Experts

4 plugins · 220 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/experto-cta-widget/css/esc-admin.css/wp-content/plugins/experto-cta-widget/js/esc-admin.js
Version Parameters
experto-cta-widget/css/esc-admin.css?ver=experto-cta-widget/js/esc-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
review-noticereview-top-barreview-inneresc-col100esc-col-innerstarfa-starreview-btn
Data Attributes
id="escstyle"id="esc_box_primary_color"id="esc_box_secondary_color"id="esc_box_text_color"id="esc_box_icon_color"id="esc_box_footer_icon_color"
JS Globals
EscURLS
FAQ

Frequently Asked Questions about Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin