WP-Safety

Focus SiteCall Lite Security & Risk Analysis

wordpress.org/plugins/focus-sitecall-lite

SiteCall Lite is a simple widget for a callback on your website

0 active installs v1.0.1 PHP 5.6+ WP 4.9+ Updated Mar 13, 2019
conversion-optimizationlead-generationlivechatpopupsales
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Focus SiteCall Lite Safe to Use in 2026?

Generally Safe

Score 85/100

Focus SiteCall Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "focus-sitecall-lite" plugin v1.0.1 presents a moderate security risk, primarily due to its unprotected entry points and concerning output sanitization practices. While the plugin demonstrates good practices in avoiding dangerous functions, raw SQL queries, and external HTTP requests, the presence of two AJAX handlers lacking authentication checks creates a significant attack surface. This means any user, even an unauthenticated one, could potentially interact with these handlers, leading to unintended consequences or further exploitation if vulnerabilities exist within them.

The taint analysis, while not revealing critical or high severity issues, did find all analyzed flows with unsanitized paths. This, combined with only 46% of output escaping being properly done, suggests a high probability of cross-site scripting (XSS) vulnerabilities. The plugin also fails to implement any nonce or capability checks, further exacerbating the risk associated with the unprotected AJAX handlers.

Fortunately, the plugin has no recorded vulnerability history, which is a positive sign. However, this could be due to a lack of thorough security auditing or simply good fortune. The absence of past vulnerabilities should not be seen as a guarantee of future safety, especially given the identified code-level weaknesses. The overall security posture is therefore a mixed bag; strengths in certain areas are overshadowed by critical oversights in input validation and output escaping, making it a target for attackers looking for easy entry points.

Key Concerns

  • Unprotected AJAX handlers
  • All analyzed flows have unsanitized paths
  • Low percentage of properly escaped output
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Focus SiteCall Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Focus SiteCall Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
17 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

46% escaped37 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
assign_sitecalls (class.focussitecalllite-admin-post-controller.php:17)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Focus SiteCall Lite Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_focussitecalllite-callbackclass.focussitecalllite-provider.php:17
authwp_ajax_focussitecalllite-callbackclass.focussitecalllite-provider.php:18
WordPress Hooks 11
actionadd_meta_boxesclass.focussitecalllite-add-widget.php:9
actionsave_postclass.focussitecalllite-add-widget.php:10
actionwp_footerclass.focussitecalllite-add-widget.php:168
actionadmin_post_focussitecalllite_assign_sitecallsclass.focussitecalllite-admin-post-controller.php:11
actionadmin_post_focussitecalllite_update_credentialsclass.focussitecalllite-admin-post-controller.php:12
actionadmin_post_focussitecalllite_save_sitecallclass.focussitecalllite-admin-post-controller.php:13
actionadmin_post_focussitecalllite_actions_on_sitecallsclass.focussitecalllite-admin-post-controller.php:14
actionadmin_menuclass.focussitecalllite-admin-settings-page.php:20
actionadmin_initclass.focussitecalllite-admin-settings-page.php:21
filterwp_mail_fromclass.focussitecalllite-provider.php:27
actioninitfocussitecalllite.php:24
Maintenance & Trust

Focus SiteCall Lite Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedMar 13, 2019
PHP min version5.6
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Focus SiteCall Lite Alternatives

Focus SiteCall Pro

Focus SiteCall Pro

focus-sitecall-pro

A
100

SiteCall Pro is a simple widget for a callback on your website.

0 No CVEs
CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

cartflows

A
97

1 WordPress funnel builder & WooCommerce checkout plugin. Boost AOV with one-click upsells, order bumps & high-converting checkout pages.

200K 6 CVEs
Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content

Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content

brave-popup-builder

A
92

The best drag-and-drop Popup Builder for WordPress. Create Popups, exit-intent popups, slide-ins, and lead generation forms & Woocommerce popups i …

20K 5 CVEs
Zoho SalesIQ – Live chat, chatbots, and visitor tracking

Zoho SalesIQ – Live chat, chatbots, and visitor tracking

zoho-salesiq

A
97

Identify, engage and convert website visitors with live chat and visitor analytics.

20K 4 CVEs
Leadpages

Leadpages

leadpages

A
99

Easily publish your Leadpages landing pages to your WordPress site. Promote your lead magnets, events, promotions, and more.

10K 1 CVE
Developer Profile

Focus SiteCall Lite Developer Profile

focustelecom

2 plugins · 0 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Focus SiteCall Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/focus-sitecall-lite/css/admin-tabs.css/wp-content/plugins/focus-sitecall-lite/css/main.css/wp-content/plugins/focus-sitecall-lite/js/admin-tabs.js
Script Paths
/wp-content/plugins/focus-sitecall-lite/public/widget.js
Version Parameters
focus-sitecall-lite/style.css?ver=focus-sitecall-lite/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
FocusSitecallLite_widget_dropdown
Data Attributes
name="sitecalllite_widget"FocusSiteCallLite_widget_dropdown
JS Globals
FocusSitecallLite
FAQ

Frequently Asked Questions about Focus SiteCall Lite