WP-Safety

MediaHawk Call Tracking Integration Security & Risk Analysis

wordpress.org/plugins/mediahawk-call-tracking

Plugin adds Mediahawk call tracking software to website. To make numbers changing you have to add class to number wrap element.

10 active installs v2.0 PHP + WP + Updated Aug 18, 2017
calltrackingmediahawk
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MediaHawk Call Tracking Integration Safe to Use in 2026?

Generally Safe

Score 85/100

MediaHawk Call Tracking Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The mediahawk-call-tracking plugin v2.0 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and SQL queries not using prepared statements are strong indicators of secure coding practices. Furthermore, the plugin boasts a small attack surface with no identified AJAX handlers or REST API routes that lack proper authorization checks, and no known historical vulnerabilities further bolster its security reputation. However, the presence of a shortcode as an entry point, while not inherently vulnerable in this analysis, represents a potential area for future concern if not carefully managed. The lack of nonce and capability checks on this shortcode, while currently showing no exploitable flows, is a notable omission that could become a risk if the shortcode's functionality is expanded or if indirect vulnerabilities are discovered.

Key Concerns

  • Shortcode entry point without explicit auth checks
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • Minor unescaped output identified
Vulnerabilities
None known

MediaHawk Call Tracking Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

MediaHawk Call Tracking Integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

86% escaped7 total outputs
Attack Surface

MediaHawk Call Tracking Integration Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[mediahawk_number] mediahawk-call-tracking.php:108
WordPress Hooks 3
actionadmin_initmediahawk-call-tracking.php:14
actionadmin_menumediahawk-call-tracking.php:15
actionwp_footermediahawk-call-tracking.php:16
Maintenance & Trust

MediaHawk Call Tracking Integration Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedAug 18, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

MediaHawk Call Tracking Integration Alternatives

MAGNETIS Call-tracking

MAGNETIS Call-tracking

magnetis-call-tracking

A
92

Suivez et optimisez l'origine de vos appels entrants avec le Call-tracking Magnétis en intégrant des numéros trackés dans WordPress.

10 No CVEs
Developer Profile

MediaHawk Call Tracking Integration Developer Profile

lslominski

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MediaHawk Call Tracking Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
//www.dynamicnumbers.mediahawk.co.uk/mhct.min.js

HTML / DOM Fingerprints

CSS Classes
mediahawk-wrapmediahawk-labelsmediahawk-sidebarmediahawk-improve-sitemediahawk-support
Data Attributes
data-mhct-campaignid
JS Globals
_mhct
Shortcode Output
[mediahawk_number
FAQ

Frequently Asked Questions about MediaHawk Call Tracking Integration