WP-Safety

Mobile Contact Bar Security & Risk Analysis

wordpress.org/plugins/mobile-contact-bar

Allow your visitors to contact you via mobile phones, or access your site's pages instantly.

10K active installs v3.0.5 PHP 5.3+ WP 4.6+ Updated Aug 9, 2025
call-to-actioncta-buttoniconsocial-mediawoocommerce-cart
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 3, 2025
Plugin page Download
Safety Verdict

Is Mobile Contact Bar Safe to Use in 2026?

Generally Safe

Score 99/100

Mobile Contact Bar has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 3, 2025Updated 7mo ago
Risk Assessment

The mobile-contact-bar plugin, version 3.0.5, presents a mixed security posture. While it boasts a small attack surface and no identified critical or high severity taint flows, significant concerns arise from its handling of SQL queries and output escaping. All five SQL queries are executed without prepared statements, indicating a substantial risk of SQL injection vulnerabilities. Furthermore, the 13% of outputs that are not properly escaped introduce a potential for Cross-Site Scripting (XSS) attacks. The vulnerability history, including a past medium-severity XSS vulnerability, reinforces these concerns and suggests a pattern of inadequate input sanitization and output encoding, despite the absence of currently unpatched CVEs. The presence of a nonce check on the sole AJAX handler is a positive sign for that specific entry point, but the lack of capability checks on any entry points means that any user, regardless of role, could potentially interact with the AJAX handler. Overall, the plugin has strengths in its limited attack surface and recent vulnerability patching, but the prevalent use of raw SQL and unescaped output are significant weaknesses that require immediate attention.

Key Concerns

  • All SQL queries use raw SQL without prepared statements
  • Significant percentage of outputs are not properly escaped
  • Past medium severity vulnerability (XSS)
  • No capability checks on entry points
Vulnerabilities
1

Mobile Contact Bar Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-12739medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mobile Contact Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 3.0.5 (88d)
Code Analysis
Analyzed Mar 16, 2026

Mobile Contact Bar Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
0 prepared
Unescaped Output
15
101 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared5 total queries

Output Escaping

87% escaped116 total outputs
Attack Surface

Mobile Contact Bar Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_ajax_add_contactincludes\admin\class-option.php:40
WordPress Hooks 42
actioninitincludes\admin\class-option.php:34
actionadmin_initincludes\admin\class-option.php:35
actionadmin_footerincludes\admin\class-option.php:36
actioninitincludes\admin\class-page.php:96
actionwpmu_new_blogincludes\admin\class-page.php:97
actionadmin_menuincludes\admin\class-page.php:98
actionadd_meta_boxesincludes\admin\class-page.php:99
actionadmin_enqueue_scriptsincludes\admin\class-page.php:100
actioninitincludes\admin\class-updater.php:25
actionadmin_initincludes\admin\class-updater.php:26
actionadmin_noticesincludes\admin\class-updater.php:27
actionadmin_noticesincludes\admin\class-updater.php:28
actionadmin_noticesincludes\admin\class-updater.php:29
actionadmin_noticesincludes\admin\class-updater.php:30
actionadmin_enqueue_scriptsincludes\admin\class-updater.php:31
filtermcb_admin_add_buttonincludes\contacts\class-Custom.php:17
filtermcb_admin_add_contactincludes\contacts\class-Custom.php:18
filtermcb_admin_add_iconincludes\contacts\class-Email.php:19
filtermcb_admin_add_contactincludes\contacts\class-Email.php:20
filtermcb_admin_add_iconincludes\contacts\class-ScrollTop.php:19
filtermcb_admin_add_contactincludes\contacts\class-ScrollTop.php:20
filtermcb_admin_add_iconincludes\contacts\class-Text.php:19
filtermcb_admin_add_contactincludes\contacts\class-Text.php:20
filtermcb_admin_add_iconincludes\contacts\class-WhatsApp.php:19
filtermcb_admin_add_contactincludes\contacts\class-WhatsApp.php:20
filtermcb_admin_add_iconincludes\contacts\class-WooCommerce.php:21
filtermcb_admin_add_contactincludes\contacts\class-WooCommerce.php:22
filterwoocommerce_add_to_cart_fragmentsincludes\contacts\class-WooCommerce.php:27
filteradd_to_cart_fragmentsincludes\contacts\class-WooCommerce.php:31
actionwp_headincludes\public\class-renderer-v1.php:26
actionwp_enqueue_scriptsincludes\public\class-renderer-v1.php:27
actionwp_footerincludes\public\class-renderer-v1.php:28
actionmcb_public_render_htmlincludes\public\class-renderer-v1.php:75
actionwp_headincludes\public\class-renderer.php:44
actionwp_enqueue_scriptsincludes\public\class-renderer.php:45
actionwp_footerincludes\public\class-renderer.php:46
actionmcb_public_render_htmlincludes\public\class-renderer.php:101
actionplugins_loadedmobile-contact-bar.php:68
actionplugins_loadedmobile-contact-bar.php:79
actionplugins_loadedmobile-contact-bar.php:80
actionplugins_loadedmobile-contact-bar.php:94
actionplugins_loadedmobile-contact-bar.php:114
Maintenance & Trust

Mobile Contact Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 9, 2025
PHP min version5.3
Downloads145K

Community Trust

Rating92/100
Number of ratings30
Active installs10K
Alternatives

Mobile Contact Bar Alternatives

AddToAny Share Buttons

AddToAny Share Buttons

add-to-any

A
99

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs
Astra Widgets

Astra Widgets

astra-widgets

A
96

Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.

200K 3 CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Social Media Share Buttons & Social Sharing Icons

Social Media Share Buttons & Social Sharing Icons

ultimate-social-media-icons

A
96

Share buttons and pop up share icons for social media sharing

100K 11 CVEs
Lightweight Social Icons

Lightweight Social Icons

lightweight-social-icons

A
85

Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.

30K No CVEs
Developer Profile

Mobile Contact Bar Developer Profile

Anna Bansaghi

1 plugin · 10K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
88 days
View full developer profile
Detection Fingerprints

How We Detect Mobile Contact Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mobile-contact-bar/assets/css/style.css/wp-content/plugins/mobile-contact-bar/assets/js/app.js
Script Paths
/wp-content/plugins/mobile-contact-bar/assets/js/app.js
Version Parameters
mobile-contact-bar/assets/css/style.css?ver=mobile-contact-bar/assets/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes
mobile-contact-bar
JS Globals
mobile_contact_bar
FAQ

Frequently Asked Questions about Mobile Contact Bar