Mobile Contact Buttons Security & Risk Analysis
wordpress.org/plugins/mobile-contact-buttonsAdds Call, Email and SMS buttons on bottom of website. Only for Mobile View of website.
Is Mobile Contact Buttons Safe to Use in 2026?
Generally Safe
Score 85/100Mobile Contact Buttons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "mobile-contact-buttons" plugin version 1.3 exhibits a generally positive security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is a strong indicator of good security practices. The plugin also utilizes prepared statements for all SQL queries, which mitigates the risk of SQL injection vulnerabilities.
However, a significant concern arises from the output escaping. With 100% of outputs not being properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by the plugin, if not inherently safe, could be exploited by attackers to inject malicious scripts into users' browsers. The lack of nonce and capability checks, while not directly leading to an attack surface given the current analysis, could become a weakness if new entry points are introduced in future versions without proper authorization controls.
The vulnerability history is also a positive sign, showing no known CVEs. This suggests a history of stable and secure development. In conclusion, while the plugin demonstrates a strong foundation in preventing common web vulnerabilities like SQL injection and has a clean vulnerability record, the pervasive issue of unescaped output represents a critical oversight that must be addressed to ensure user security.
Key Concerns
- All outputs are unescaped
- No nonce checks
- No capability checks
Mobile Contact Buttons Security Vulnerabilities
Mobile Contact Buttons Code Analysis
Output Escaping
Mobile Contact Buttons Attack Surface
WordPress Hooks 3
Maintenance & Trust
Mobile Contact Buttons Maintenance & Trust
Maintenance Signals
Community Trust
Mobile Contact Buttons Alternatives
Call Now Button – The #1 Click to Call Button for WordPress
call-now-button
The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.
WP Call Button – Easy Click to Call Button for WordPress
wp-call-button
The best WordPress call now button plugin. We help you add a clickable phone link (quick call button), so people can easily call your business phone.
Really Simple Click To Call Bar
really-simple-click-to-call
A simple plugin that adds a click to call bar/call now button for mobile visitors.
Button Generator – Easily Create Custom Buttons with Icons and Analytics
button-generation
Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.
Floating Button – Easily Create Sticky, Fixed & Floating Buttons
floating-button
Floating Buttons let you easily create sticky, fixed, and floating action buttons
Mobile Contact Buttons Developer Profile
1 plugin · 100 total installs
How We Detect Mobile Contact Buttons
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/mobile-contact-buttons/css/cubm-style.cssmobile-contact-buttons/css/cubm-style.css?ver=HTML / DOM Fingerprints
mobile_contact_buttons_callmobile_contact_buttons_emailmobile_contact_buttons_smsmobile_contact_buttons_call2mobile_contact_buttons_email2id="mobile_contact_buttons_container"id="mobile_contact_buttons"id="mobile_contact_buttons2"