WP-Safety

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Security & Risk Analysis

wordpress.org/plugins/experto-cta-widget

Experto CTA Widget is a lightweight, easy-to-use plugin that comes with lots of customization options and create a popup widget with some contact form …

80 active installs v1.2.1 PHP 7.4+ WP 5.5.4+ Updated May 5, 2025
call-to-actioncustomizablefloating-contentpop-upwidget
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 15, 2025
Plugin page Download
Safety Verdict

Is Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 15, 2025Updated 11mo ago
Risk Assessment

The "experto-cta-widget" v1.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and a very high rate of output escaping, several concerning areas exist. The primary weakness lies in its attack surface, with 4 out of 5 AJAX handlers lacking authorization checks. This creates a significant vulnerability if these handlers perform sensitive operations that can be triggered by unauthenticated users. The taint analysis, though small in scope, did reveal two flows with unsanitized paths, which could potentially be exploited if they interact with sensitive data or operations, although no critical or high severity issues were found in this area.

The vulnerability history shows one past CVE, which was of medium severity and is now patched. The common vulnerability type being 'Missing Authorization' is a direct red flag that aligns with the static analysis findings of unprotected AJAX handlers. This history suggests a recurring issue with access control within the plugin's development, underscoring the importance of thoroughly securing all entry points. In conclusion, the plugin has strengths in data handling and output sanitization, but the significant number of unprotected AJAX endpoints and the historical pattern of authorization flaws represent considerable risks that need immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Past medium severity vulnerability
Vulnerabilities
1

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-47529medium · 5.3Missing Authorization

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Missing Authorization to Unauthenticated Settings Update

May 15, 2025 Patched in 1.2.1 (8d)
Code Analysis
Analyzed Mar 16, 2026

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
327 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped330 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
esc_admin_side_ajax_function (admin\class-esc-admin.php:704)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_esc_admin_side_actionadmin\class-esc-admin.php:28
authwp_ajax_esc_public_actionpublic\class-esc-public.php:24
noprivwp_ajax_esc_public_actionpublic\class-esc-public.php:25
authwp_ajax_esc_cta_click_actionpublic\class-esc-public.php:26
noprivwp_ajax_esc_cta_click_actionpublic\class-esc-public.php:27
WordPress Hooks 11
actionadmin_headadmin\class-esc-admin.php:24
actionwp_dashboard_setupadmin\class-esc-admin.php:25
actionadmin_menuadmin\class-esc-admin.php:26
actionadmin_initadmin\class-esc-admin.php:27
actionadmin_noticesadmin\class-esc-admin.php:29
actionadmin_noticesadmin\partials\esc-admin-settings.php:22
actionadmin_enqueue_scriptsincludes\class-esc.php:66
actionadmin_enqueue_scriptsincludes\class-esc.php:67
actionwp_enqueue_scriptsincludes\class-esc.php:76
actionwp_enqueue_scriptsincludes\class-esc.php:77
actionwp_footerpublic\class-esc-public.php:23
Maintenance & Trust

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 5, 2025
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings4
Active installs80
Alternatives

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Alternatives

Boxzilla – Pop-Ups for WordPress

Boxzilla – Pop-Ups for WordPress

boxzilla

A
100

Flexible pop-ups or slide-ins, showing up at just the right time.

20K No CVEs
Widget Pack

Widget Pack

ts-widget-pack

A
85

Widget Pack is a WordPress plugin that enables essential, yet powerful features for your website.

300 No CVEs
Button Widget

Button Widget

button-widget

A
85

A simple customizable button widget for your sidebars.

200 No CVEs
Call to Action Widget

Call to Action Widget

call-to-action-widget

A
85

A simple text widget with Title, Image URL, A text/html area, Link Text and Link URL. This simple widget is often used for a call to action widget.

200 No CVEs
PopPop

PopPop

poppop

A
85

Easily display your widgets inside modal and popup windows.

80 No CVEs
Developer Profile

Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin Developer Profile

UX Design Experts

4 plugins · 170 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/experto-cta-widget/css/esc-admin.css/wp-content/plugins/experto-cta-widget/js/esc-admin.js
Version Parameters
experto-cta-widget/css/esc-admin.css?ver=experto-cta-widget/js/esc-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
review-noticereview-top-barreview-inneresc-col100esc-col-innerstarfa-starreview-btn
Data Attributes
id="escstyle"id="esc_box_primary_color"id="esc_box_secondary_color"id="esc_box_text_color"id="esc_box_icon_color"id="esc_box_footer_icon_color"
JS Globals
EscURLS
FAQ

Frequently Asked Questions about Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin