Does HK Button Contact have any unpatched vulnerabilities?

No. All known vulnerabilities in HK Button Contact have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HK Button Contact compatible with WordPress 5.7.15?

According to WordPress.org data, HK Button Contact 1.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is HK Button Contact updated?

HK Button Contact was last updated on Unknown. Frequent updates are generally a positive security signal.

What is HK Button Contact's security score?

HK Button Contact has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HK Button Contact Security & Risk Analysis

wordpress.org/plugins/hk-button-contact

HK Button Contact

30 active installs v1.1 PHP + WP 4.9+ Updated Unknown

button-contactbutton-messagesbutton-phonebutton-zalo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HK Button Contact Safe to Use in 2026?

Generally Safe

Score 100/100

HK Button Contact has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "hk-button-contact" plugin v1.1 exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface vectors such as AJAX handlers, REST API routes, shortcodes, or cron events is a significant positive. Furthermore, the code signals indicate robust development practices, with no dangerous functions or file operations present, and all SQL queries utilizing prepared statements. The lack of external HTTP requests also minimizes potential risks from compromised external services. However, the analysis does reveal a weakness in output escaping, with 40% of outputs not being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if the unescaped data originates from user input. The vulnerability history is also clean, with no known CVEs, which is a very positive indicator of the plugin's security track record.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

HK Button Contact Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

HK Button Contact Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped20 total outputs

Attack Surface

HK Button Contact Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionwp_footerinclude\class.button.php:2

actionadmin_menuinclude\class.hk-contact-button-option.php:5

actionadmin_initinclude\class.hk-contact-button-option.php:6

Maintenance & Trust

HK Button Contact Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

HK Button Contact Alternatives

Contact Zalo Report SW

button-chat-zalo-report-sw

Contact Zalo Report

900 No CVEs

Developer Profile

HK Button Contact Developer Profile

Huy Kira

6 plugins · 100 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HK Button Contact

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hk-button-contact/css/button-contact.css

Version Parameters

hk-button-contact/css/button-contact.css?ver=1.0

HTML / DOM Fingerprints

CSS Classes

hk-option-button-contactbutton-hk-contactzalophonemessageshotline-phone-ring-circlehotline-phone-ring-circle-fill

FAQ