WP-Safety

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Security & Risk Analysis

wordpress.org/plugins/foxtool

Summarize the essential functions for managing a WordPress website

7K active installs v2.5.3 PHP 7.2+ WP + Updated Dec 10, 2025
all-in-onecodefunctionsmailtool
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 11, 2025
Download
Safety Verdict

Is Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Safe to Use in 2026?

Generally Safe

Score 99/100

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2025Updated 3mo ago
Risk Assessment

The foxtool plugin exhibits a generally good security posture with numerous strengths. The plugin has a substantial attack surface of 34 entry points, but importantly, all are protected by authentication checks. The plugin also demonstrates strong practices in nonce checks and capability checks, with a high percentage of SQL queries using prepared statements. However, there are notable concerns regarding output escaping, with only 59% of outputs being properly escaped, leaving potential for Cross-Site Scripting (XSS) vulnerabilities. The taint analysis shows flows with unsanitized paths, which, despite not being classified as critical or high severity in this analysis, indicate areas that could be exploited if malicious input is not handled meticulously.

The vulnerability history shows a single medium-severity CVE in the past, identified as Cross-Site Request Forgery (CSRF). While there are no currently unpatched vulnerabilities, the presence of a past CSRF issue suggests that user input and actions require careful consideration for potential manipulation. The fact that the last vulnerability was in 2025-12-11 implies it is a historical issue and currently patched, but the pattern of past vulnerabilities should still be a point of attention. Overall, foxtool has strong foundational security but needs improvement in output sanitization to mitigate potential XSS risks and careful review of unsanitized paths identified in taint analysis.

Key Concerns

  • Low percentage of properly escaped outputs
  • Flows with unsanitized paths
  • Past medium severity CVE (CSRF)
Vulnerabilities
1

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-13408medium · 4.3Cross-Site Request Forgery (CSRF)

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection

Dec 11, 2025 Patched in 2.5.3 (1d)
Code Analysis
Analyzed Mar 16, 2026

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
9 prepared
Unescaped Output
389
569 escaped
Nonce Checks
25
Capability Checks
36
File Operations
30
External Requests
2
Bundled Libraries
2

Bundled Libraries

Select2TinyMCE

SQL Query Safety

82% prepared11 total queries

Output Escaping

59% escaped958 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths
foxtool_upload_fonts (inc\font.php:155)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Attack Surface

Entry Points34
Unprotected0

AJAX Handlers 24

authwp_ajax_foxtool_delete_revisionsinc\clean.php:18
authwp_ajax_foxtool_delete_auto_draftsinc\clean.php:34
authwp_ajax_foxtool_delete_all_trashed_postsinc\clean.php:50
authwp_ajax_foxtool_del_comenpendinc\clean.php:76
authwp_ajax_foxtool_del_comenspaminc\clean.php:102
authwp_ajax_foxtool_del_comentrashinc\clean.php:128
authwp_ajax_foxtool_del_comenlinkinc\clean.php:160
authwp_ajax_foxtool_delete_mediainc\clean.php:185
authwp_ajax_foxtool_delete_media_thuminc\clean.php:217
authwp_ajax_foxtool_delete_images_by_sizeinc\clean.php:233
authwp_ajax_foxtool_clear_debug_loginc\debug.php:256
authwp_ajax_foxtool_get_debug_loginc\debug.php:275
authwp_ajax_foxtool_upload_fontsinc\font.php:165
noprivwp_ajax_foxtool_upload_fontsinc\font.php:166
authwp_ajax_foxtool_index_now_ajaxinc\gindex.php:148
authwp_ajax_foxtool_index_status_ajaxinc\gindex.php:242
authwp_ajax_foxtool_index_postinc\gindex.php:293
authwp_ajax_foxtool_login_googleinc\goo.php:123
noprivwp_ajax_foxtool_login_googleinc\goo.php:124
authwp_ajax_ft_send_emailinc\mail.php:49
noprivwp_ajax_ft_send_emailinc\mail.php:50
authwp_ajax_toggle_watermarkinc\media.php:868
authwp_ajax_foxtool_json_getinc\search.php:278
authwp_ajax_foxtool_json_delinc\search.php:298

Shortcodes 10

[google-login] inc\goo.php:59
[foxdark] inc\main.php:250
[foxsearch] inc\search.php:387
[vip] inc\shortcode.php:16
[sign] inc\shortcode.php:25
[titday] inc\shortcode.php:39
[titmonth] inc\shortcode.php:50
[tityear] inc\shortcode.php:56
[gget] inc\shortcode.php:94
[foxtoc] inc\toc.php:107
WordPress Hooks 272
actionadmin_headfoxtool.php:36
actionadmin_enqueue_scriptsfoxtool.php:59
actionwp_enqueue_scriptsfoxtool.php:72
filterplugin_action_linksfoxtool.php:83
actionwp_footerinc\ads.php:18
actionwp_enqueue_scriptsinc\ads.php:24
actionwp_headinc\ads.php:34
filterthe_contentinc\ads.php:79
actioninitinc\ads.php:84
actioninitinc\ads.php:85
filterquery_varsinc\ads.php:86
actiontemplate_redirectinc\ads.php:87
actionwp_enqueue_scriptsinc\chat.php:12
actionwp_footerinc\chat.php:403
actioninitinc\chat.php:413
actionwp_headinc\code.php:16
actionwp_headinc\code.php:24
actionwp_body_openinc\code.php:32
actionwp_footerinc\code.php:40
actionlogin_headinc\code.php:47
actionlogin_enqueue_scriptsinc\custom.php:199
actionlogin_headinc\custom.php:216
filteradmin_footer_textinc\custom.php:226
actionwp_dashboard_setupinc\custom.php:251
actionwp_dashboard_setupinc\custom.php:265
actionlogin_initinc\custom.php:279
actionlogin_forminc\custom.php:280
actioninitinc\custom.php:281
filterlostpassword_urlinc\custom.php:282
actionlostpassword_forminc\custom.php:283
filterlostpassword_redirectinc\custom.php:284
filterregister_urlinc\custom.php:285
actionwp_before_admin_bar_renderinc\custom.php:348
actionwp_before_admin_bar_renderinc\custom.php:371
filterwp_check_filetype_and_extinc\font.php:36
filterupload_mimesinc\font.php:44
filterupload_dirinc\font.php:65
actionadmin_headinc\font.php:175
actionwp_enqueue_scriptsinc\font.php:176
actionwp_headinc\font.php:207
filtertiny_mce_before_initinc\font.php:240
actionpre_user_queryinc\foxtool.php:14
actionpre_user_queryinc\foxtool.php:23
actionadmin_menuinc\foxtool.php:32
filterall_pluginsinc\foxtool.php:56
actionadmin_initinc\foxtool.php:212
actionadmin_headinc\foxtool.php:221
actionwp_headinc\foxtool.php:232
actionadmin_initinc\foxtool.php:246
actionplugins_loadedinc\foxtool.php:259
actionadmin_footerinc\gindex.php:333
actionlogin_forminc\goo.php:130
actionwoocommerce_login_forminc\goo.php:138
actionlogin_forminc\goo.php:151
actionlogin_form_middleinc\goo.php:152
actionregister_forminc\goo.php:153
actionwoocommerce_login_forminc\goo.php:155
actionwoocommerce_register_forminc\goo.php:156
filterwp_authenticate_userinc\goo.php:198
filterregistration_errorsinc\goo.php:234
filterwoocommerce_process_registration_errorsinc\goo.php:235
actionlogin_forminc\goo.php:255
actionlogin_form_middleinc\goo.php:256
actionregister_forminc\goo.php:257
actionwoocommerce_login_forminc\goo.php:259
filterwp_authenticate_userinc\goo.php:300
filterregistration_errorsinc\goo.php:336
actionphpmailer_initinc\mail.php:31
actionwp_insert_commentinc\mail.php:61
actioncomment_postinc\mail.php:80
actionuser_registerinc\mail.php:92
actionwp_enqueue_scriptsinc\main.php:11
actionwp_footerinc\main.php:39
actionwp_enqueue_scriptsinc\main.php:72
actionwp_footerinc\main.php:235
actionwp_headinc\main.php:279
filterwp_handle_upload_prefilterinc\media.php:17
filterintermediate_image_sizes_advancedinc\media.php:24
filterintermediate_image_sizes_advancedinc\media.php:36
filterupload_size_limitinc\media.php:81
filterupload_mimesinc\media.php:89
actionadmin_headinc\media.php:100
filterupload_mimesinc\media.php:109
filterwp_handle_upload_prefilterinc\media.php:155
filterwp_handle_upload_prefilterinc\media.php:180
filterwp_handle_uploadinc\media.php:226
filterupload_mimesinc\media.php:236
actionadmin_noticesinc\media.php:248
filterwp_handle_uploadinc\media.php:297
filterwp_handle_upload_prefilterinc\media.php:377
filterwp_generate_attachment_metadatainc\media.php:545
actionadd_attachmentinc\media.php:547
filterwp_generate_attachment_metadatainc\media.php:756
actionadd_attachmentinc\media.php:758
actionadmin_bar_menuinc\media.php:853
actionadmin_footerinc\media.php:926
actionwp_enqueue_scriptsinc\notify.php:12
actionwp_headinc\notify.php:19
actionwp_footerinc\notify.php:44
actionwp_footerinc\notify.php:62
actionwp_enqueue_scriptsinc\notify.php:70
actionwp_footerinc\notify.php:93
actionwp_enqueue_scriptsinc\notify.php:101
actionwp_footerinc\notify.php:163
filtercontent_save_preinc\post.php:7
actionbefore_delete_postinc\post.php:153
actionpublish_postinc\post.php:198
actionadmin_action_duplicate_as_draftinc\post.php:222
filterpost_row_actionsinc\post.php:236
filterpage_row_actionsinc\post.php:237
actionadmin_action_duplicate_postinc\post.php:291
filterterm_linkinc\post.php:303
actioninitinc\post.php:323
actiontemplate_redirectinc\post.php:332
actioncreated_categoryinc\post.php:336
actionedited_categoryinc\post.php:337
actiondelete_categoryinc\post.php:338
filterterm_linkinc\post.php:352
actioninitinc\post.php:373
actiontemplate_redirectinc\post.php:382
actioncreated_post_taginc\post.php:387
actioninitinc\post.php:396
actionadd_attachmentinc\post.php:409
actionwp_footerinc\post.php:416
filterthe_titleinc\post.php:420
filtersingle_post_titleinc\post.php:421
filterwpseo_titleinc\post.php:422
filterwpseo_metadescinc\post.php:423
filterwpseo_opengraph_titleinc\post.php:424
filterwpseo_opengraph_descinc\post.php:425
filterwpseo_opengraph_site_nameinc\post.php:426
filterwpseo_twitter_titleinc\post.php:427
filterwpseo_twitter_descriptioninc\post.php:428
filterthe_excerptinc\post.php:429
actionpre_get_postsinc\post.php:441
actionpre_get_postsinc\post.php:453
actionwp_enqueue_scriptsinc\post.php:464
actionwp_footerinc\post.php:491
filterthe_contentinc\post.php:496
actioninitinc\redirects.php:63
actiontemplate_redirectinc\redirects.php:74
filterrest_authentication_errorsinc\scuri.php:6
filterwp_xmlrpc_server_classinc\scuri.php:18
filterxmlrpc_enabledinc\scuri.php:19
filterpre_update_option_enable_xmlrpcinc\scuri.php:20
filterpre_option_enable_xmlrpcinc\scuri.php:21
actionwp_footerinc\scuri.php:28
filterwp_headersinc\scuri.php:38
actioninitinc\scuri.php:52
actiondo_feedinc\scuri.php:59
actiondo_feed_rdfinc\scuri.php:60
actiondo_feed_rssinc\scuri.php:61
actiondo_feed_atominc\scuri.php:62
actiondo_feed_rss2_commentsinc\scuri.php:63
actiondo_feed_atom_commentsinc\scuri.php:64
filterwp_handle_upload_prefilterinc\scuri.php:85
filterstyle_loader_srcinc\scuri.php:94
filterscript_loader_srcinc\scuri.php:95
filterthe_generatorinc\scuri.php:102
actioninitinc\scuri.php:123
actiondelete_postinc\search.php:24
actionwp_insert_postinc\search.php:133
actionwp_footerinc\search.php:372
actionwp_enqueue_scriptsinc\search.php:378
actionwp_enqueue_scriptsinc\shortcode.php:99
actionwp_headinc\shortcode.php:108
actionwp_default_scriptsinc\speed.php:14
actionwp_enqueue_scriptsinc\speed.php:25
actionwp_enqueue_scriptsinc\speed.php:34
actioninitinc\speed.php:47
filterwp_revisions_to_keepinc\speed.php:60
actionwp_enqueue_scriptsinc\speed.php:74
filterscript_loader_taginc\speed.php:86
actionwp_enqueue_scriptsinc\speed.php:93
actionwp_enqueue_scriptsinc\speed.php:110
actioninitinc\speed.php:178
actionwp_enqueue_scriptsinc\toc.php:17
filterthe_contentinc\toc.php:92
filterthe_contentinc\toc.php:145
actionwp_footerinc\toc.php:187
actionadd_meta_boxesinc\toc.php:196
actionsave_postinc\toc.php:224
filterrank_math/researches/toc_pluginsinc\toc.php:230
filteruse_block_editor_for_postinc\tool.php:6
filtermce_buttonsinc\tool.php:24
filtermce_external_pluginsinc\tool.php:39
filtermce_buttons_2inc\tool.php:53
filtermce_buttons_3inc\tool.php:68
filtertiny_mce_before_initinc\tool.php:76
filterpage_row_actionsinc\tool.php:104
filterpost_row_actionsinc\tool.php:105
actionadmin_footerinc\tool.php:123
filteruse_block_editor_for_post_typeinc\tool.php:126
actionsave_postinc\tool.php:144
filtergutenberg_use_widgets_block_editorinc\tool.php:148
filteruse_widgets_block_editorinc\tool.php:149
actionwp_enqueue_scriptsinc\tool.php:159
actionwp_footerinc\tool.php:189
actionadmin_headinc\tool.php:203
filterauto_update_coreinc\tool.php:210
filterpre_option_update_coreinc\tool.php:211
filterauto_update_translationinc\tool.php:219
filterpre_site_transient_update_languagesinc\tool.php:220
filtersite_transient_update_languagesinc\tool.php:221
filterauto_update_themeinc\tool.php:230
filterpre_site_transient_update_themesinc\tool.php:231
filterauto_update_plugininc\tool.php:242
filterpre_site_transient_update_pluginsinc\tool.php:243
actioninitinc\tool.php:269
filtercategory_edit_form_fieldsinc\tool.php:290
filterproduct_cat_edit_form_fieldsinc\tool.php:291
actionadmin_headinc\tool.php:299
filterparse_queryinc\user.php:14
filterajax_query_attachments_argsinc\user.php:23
actionadmin_initinc\user.php:36
actionafter_setup_themeinc\user.php:50
actionadmin_enqueue_scriptsinc\user.php:58
actionshow_user_profileinc\user.php:89
actionedit_user_profileinc\user.php:90
actionuser_new_forminc\user.php:91
actionpersonal_options_updateinc\user.php:96
actionedit_user_profile_updateinc\user.php:97
filterget_avatarinc\user.php:124
filterget_avatar_urlinc\user.php:150
filtermanage_users_columnsinc\user.php:158
filtermanage_users_custom_columninc\user.php:165
filterwoocommerce_product_single_add_to_cart_textinc\woo.php:11
filterwoocommerce_product_add_to_cart_textinc\woo.php:20
filterwoocommerce_get_price_htmlinc\woo.php:37
filterwoocommerce_get_price_htmlinc\woo.php:49
filterwoocommerce_currency_symbolinc\woo.php:62
actionwoocommerce_checkout_order_processedinc\woo.php:87
actionadmin_menumain\about.php:45
actionadmin_menumain\admin.php:136
actionadmin_initmain\admin.php:140
actionupdate_option_foxtool_settingsmain\admin.php:145
actionadmin_menumain\ads.php:180
actionadmin_initmain\ads.php:184
actionupdate_option_foxtool_ads_settingsmain\ads.php:189
actionadmin_menumain\clean.php:332
actionadmin_menumain\code.php:146
actionadmin_initmain\code.php:150
actionupdate_option_foxtool_code_settingsmain\code.php:155
actionadmin_menumain\debug.php:153
actionadmin_initmain\debug.php:157
actionupdate_option_foxtool_debug_settingsmain\debug.php:162
actionadmin_menumain\export.php:168
actionadmin_menumain\extend.php:273
actionadmin_initmain\extend.php:277
actionupdate_option_foxtool_extend_settingsmain\extend.php:282
actionadmin_menumain\font.php:209
actionadmin_initmain\font.php:213
actionupdate_option_foxtool_fontset_settingsmain\font.php:218
actionadmin_menumain\gindex.php:228
actionadmin_initmain\gindex.php:232
actionupdate_option_foxtool_gindex_settingsmain\gindex.php:237
actionadmin_menumain\notify.php:241
actionadmin_initmain\notify.php:245
actionupdate_option_foxtool_notify_settingsmain\notify.php:250
actionadmin_menumain\redirects.php:207
actionadmin_initmain\redirects.php:211
actionupdate_option_foxtool_redirects_settingsmain\redirects.php:216
actionadmin_menumain\search.php:248
actionadmin_initmain\search.php:252
actionupdate_option_foxtool_search_settingsmain\search.php:257
actionadmin_menumain\shortcode.php:213
actionadmin_initmain\shortcode.php:217
actionupdate_option_foxtool_shortcode_settingsmain\shortcode.php:222
actionadmin_menumain\toc.php:326
actionadmin_initmain\toc.php:330
actionupdate_option_foxtool_toc_settingsmain\toc.php:335
actioninitmodal\modal.php:58
Maintenance & Trust

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.2
Downloads50K

Community Trust

Rating100/100
Number of ratings19
Active installs7K
Alternatives

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Alternatives

Header Footer Code Manager

Header Footer Code Manager

header-footer-code-manager

A
98

Easily add tracking code snippets, conversion pixels, or other scripts required by third party services for analytics, marketing, or chat features.

600K 4 CVEs
MW WP Form

MW WP Form

mw-wp-form

B
81

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, &hellip;

200K 5 CVEs
FluentSnippets – The High-Performance file based Custom Code Snippets Plugin

FluentSnippets – The High-Performance file based Custom Code Snippets Plugin

easy-code-manager

A
99

Add header and footer scripts, PHP Snippets, Custom CSS /JS snippets with advanced conditional logic, and more...

40K 1 CVE
Configure SMTP

Configure SMTP

configure-smtp

A
92

Configure SMTP mailing in WordPress, including support for sending email via SSL/TLS (such as Gmail).

7K 1 CVE
Another Mailchimp Widget

Another Mailchimp Widget

another-mailchimp-widget

A
92

Simple Mailchimp subscription form to your lists and groups.

5K No CVEs
Developer Profile

Foxtool All-in-One: Contact chat button, Custom login, Media optimize images Developer Profile

Fox Theme

2 plugins · 7K total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Foxtool All-in-One: Contact chat button, Custom login, Media optimize images

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/foxtool/font/css/all.css/wp-content/plugins/foxtool/link/ftadmin.css/wp-content/plugins/foxtool/link/ftadmin.js/wp-content/plugins/foxtool/link/color/coloris.css/wp-content/plugins/foxtool/link/color/coloris.js/wp-content/plugins/foxtool/link/codeline/codemirror.css/wp-content/plugins/foxtool/link/codeline/codemirror.js/wp-content/plugins/foxtool/link/codeline/perl.js+10 more
Script Paths
/wp-content/plugins/foxtool/link/index.js/wp-content/plugins/foxtool/link/jquery-modal.js/wp-content/plugins/foxtool/link/ads/foxads.js
Version Parameters
foxtool/font/css/all.css?ver=foxtool/link/ftadmin.css?ver=foxtool/link/ftadmin.js?ver=foxtool/link/color/coloris.css?ver=foxtool/link/color/coloris.js?ver=foxtool/link/codeline/codemirror.css?ver=foxtool/link/codeline/codemirror.js?ver=foxtool/link/codeline/perl.js?ver=foxtool/link/codeline/cobalt.css?ver=foxtool/link/codeline/search.js?ver=foxtool/link/codeline/searchcursor.js?ver=foxtool/link/codeline/dialog.js?ver=foxtool/link/codeline/dialog.css?ver=foxtool/link/select2.js?ver=foxtool/link/select2.css?ver=foxtool/link/index.js?ver=foxtool/link/jquery-modal.js?ver=foxtool/link/ads/foxads.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-adsclickdata-linksdata-minidata-hoursdata-click-target
FAQ

Frequently Asked Questions about Foxtool All-in-One: Contact chat button, Custom login, Media optimize images