Does Firmao CallBack have any unpatched vulnerabilities?

No. All known vulnerabilities in Firmao CallBack have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Firmao CallBack compatible with WordPress 6.8.5?

According to WordPress.org data, Firmao CallBack 1.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Firmao CallBack compatible with PHP 5.2.4+?

Firmao CallBack requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Firmao CallBack updated?

Firmao CallBack was last updated on Jun 3, 2025. Frequent updates are generally a positive security signal.

What is Firmao CallBack's security score?

Firmao CallBack has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Firmao CallBack Security & Risk Analysis

wordpress.org/plugins/firmao-callback

(OFFICIAL Firmao plugin) Manage call requests from visitors on your website via Firmao CallBack.

10 active installs v1.0.3 PHP 5.2.4+ WP 2.7+ Updated Jun 3, 2025

call-onlinecallbackcrmphone-callphone-for-web

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Firmao CallBack Safe to Use in 2026?

Generally Safe

Score 100/100

Firmao CallBack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The 'firmao-callback' plugin v1.0.3 exhibits an excellent security posture based on the provided static analysis. The absence of any identified attack surface, such as AJAX handlers, REST API routes, or shortcodes, significantly reduces the potential for external exploitation. Furthermore, the code demonstrates strong secure coding practices with 100% of SQL queries using prepared statements and all output properly escaped. The lack of dangerous functions, file operations, external HTTP requests, and the absence of any identified taint flows further contribute to a robust security profile. The plugin also has no recorded vulnerability history, indicating a history of secure development or diligent patching of any past issues.

While the static analysis reveals no immediate vulnerabilities, the complete absence of nonce and capability checks across all entry points (which are reported as zero) is a significant concern if any entry points are discovered or added in future versions. The report indicates zero entry points, which is ideal, but any future development introducing even a single entry point without proper authentication and authorization would immediately become a critical security risk. Therefore, the current assessment is highly positive due to the lack of exploitable code and history, but a cautious approach is warranted regarding potential future development.

Key Concerns

No nonce checks on any entry points (if they existed)
No capability checks on any entry points (if they existed)

Vulnerabilities

None known

Firmao CallBack Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Firmao CallBack Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped7 total outputs

Attack Surface

Firmao CallBack Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwp_footerfirmao_callback.php:13

filterscript_loader_tagfirmao_callback.php:20

actioninitfirmao_callback.php:39

actionadmin_menufirmao_callback.php:45

actionadmin_initfirmao_callback.php:53

Maintenance & Trust

Firmao CallBack Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 3, 2025

PHP min version5.2.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Firmao CallBack Alternatives

Bitrix24

integration-with-bitrix24

This free Bitrix24 widget lets you insert live chat, call back request and various web forms into your website.

600 No CVEs

TeleCube Ringy

telecube-ringy

100

This plugin is used in conjunction with TeleCube's RINGY services, as described at: https://www.telecube.pl/callback-RINGY/ The goal of this plug …

10 No CVEs

Flamingo

flamingo

100

A trustworthy message storage plugin for Contact Form 7.

800K 1 CVE

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 2 CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Developer Profile

Firmao CallBack Developer Profile

Firmao

2 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Firmao CallBack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/firmao-callback/languages/

Script Paths

https://system.firmao.pl:8443/js/callBackPlugin/CallBackPlugin.js

HTML / DOM Fingerprints

Data Attributes

data-org-identifierid="firmao_call_back"

FAQ