WP-Safety

Hellodialog Security & Risk Analysis

wordpress.org/plugins/hellodialog

Wordpress plugin to include opt-in forms for Hellodialog's email marketing application.

20 active installs v1.7.15 PHP + WP 4.8+ Updated Nov 28, 2025
api-connectautomationemailmarketinghellodialognewsletter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hellodialog Safe to Use in 2026?

Generally Safe

Score 100/100

Hellodialog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "hellodialog" plugin version 1.7.15 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and including nonce checks for its entry points. The plugin also has no recorded vulnerabilities in its history and no external HTTP requests, which are positive indicators for overall security. However, there are significant concerns arising from the static analysis. The presence of the `unserialize` function is a high-risk signal, especially when not accompanied by clear sanitization or permission checks for the data being unserialized. Furthermore, a substantial portion (61%) of the plugin's output is not properly escaped, creating a risk of Cross-Site Scripting (XSS) vulnerabilities. While the attack surface is relatively small and currently appears to have no unprotected entry points, the identified code signals like `unserialize` and poor output escaping are serious weaknesses that require immediate attention.

Key Concerns

  • Dangerous function unserialize present
  • Significant portion of output unescaped
Vulnerabilities
None known

Hellodialog Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Hellodialog Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
46
30 escaped
Nonce Checks
2
Capability Checks
0
File Operations
8
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$input = unserialize($serinput);shortcodes\shortcode.php:34

Output Escaping

39% escaped76 total outputs
Attack Surface

Hellodialog Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_saveContactindex.php:68
noprivwp_ajax_saveContactindex.php:69

Shortcodes 1

[hellodialog] index.php:210
WordPress Hooks 18
actionadmin_menuindex.php:59
actionadmin_initindex.php:60
actionadmin_enqueue_scriptsindex.php:61
actioninitindex.php:62
actioninitindex.php:63
actionplugins_loadedindex.php:64
actionload-post.phpindex.php:65
actionload-post-new.phpindex.php:66
actionsave_postindex.php:67
actionwp_enqueue_scriptsindex.php:70
filterwidget_textindex.php:77
filterwoocommerce_checkout_fieldsindex.php:85
actionwoocommerce_checkout_update_order_metaindex.php:86
actionwoocommerce_checkout_order_processedindex.php:87
filterdefault_checkout_news_checkindex.php:88
actionwoocommerce_admin_order_data_after_billing_addressindex.php:89
actionadmin_noticesindex.php:260
actionadd_meta_boxesindex.php:322
Maintenance & Trust

Hellodialog Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 28, 2025
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Hellodialog Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 11 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Developer Profile

Hellodialog Developer Profile

Webreact

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hellodialog

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hellodialog/assets/css/hellodialog.css/wp-content/plugins/hellodialog/assets/css/bootstrap.min.css/wp-content/plugins/hellodialog/assets/css/bootstrap-multiselect.css/wp-content/plugins/hellodialog/assets/css/hellodialog_frontend.css
Script Paths
/wp-content/plugins/hellodialog/assets/js/bootstrap-multiselect.js/wp-content/plugins/hellodialog/assets/js/ajax.js

HTML / DOM Fingerprints

CSS Classes
hellodialogbootstrap-multiselect
Data Attributes
data-toggledata-target
JS Globals
jQueryPopperbootstrap
Shortcode Output
<form id="hellodialog-form"
FAQ

Frequently Asked Questions about Hellodialog