Does Poly Support have any unpatched vulnerabilities?

No. All known vulnerabilities in Poly Support have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Poly Support compatible with WordPress 6.8.5?

According to WordPress.org data, Poly Support 1.4.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Poly Support updated?

Poly Support was last updated on Jun 18, 2025. Frequent updates are generally a positive security signal.

What is Poly Support's security score?

Poly Support has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Poly Support Security & Risk Analysis

wordpress.org/plugins/poly-support

Manage icons and templates with drag-and-drop support for easy placement of icons, stickers, logos, and promotions anywhere on the page.

20 active installs v1.4.0 PHP + WP + Updated Jun 18, 2025

call-buttonchat-buttoncontact-buttonfloating-buttonsticky-button

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Poly Support Safe to Use in 2026?

Generally Safe

Score 100/100

Poly Support has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The 'poly-support' plugin v1.4.0 exhibits a generally strong security posture, with good practices evident in its code. The absence of dangerous functions, SQL injection vulnerabilities through prepared statements, and a near-perfect output escaping rate are all positive indicators. Furthermore, the plugin has no recorded vulnerability history, suggesting a history of secure development or a lack of past targeted attacks. This is a significant strength.

However, the analysis does highlight two potential areas of concern. The presence of two unprotected entry points – one AJAX handler and one REST API route that lack proper authentication or permission checks – presents a clear attack vector. While the taint analysis did not reveal any critical or high-severity vulnerabilities stemming from these, such unprotected endpoints could still be exploited for unauthorized actions or information disclosure if not properly secured by the user or by other plugin/theme layers.

In conclusion, while 'poly-support' v1.4.0 demonstrates a commendable focus on secure coding practices and has a clean vulnerability history, the unprotected entry points represent a weakness that should be addressed. Developers should prioritize implementing appropriate authentication and capability checks for all AJAX handlers and REST API routes to achieve a more robust security profile.

Key Concerns

AJAX handler without auth check
REST API route without permission callback

Vulnerabilities

None known

Poly Support Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Poly Support Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped34 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

save_media_entries (inc\core\media.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Poly Support Attack Surface

Entry Points9

Unprotected2

AJAX Handlers 8

authwp_ajax_fetch_templatesinc\core\apiServices.php:9

authwp_ajax_fetch_mediasinc\core\apiServices.php:10

authwp_ajax_fetch_active_templateinc\core\apiServices.php:11

authwp_ajax_save_media_entriesinc\core\media.php:12

authwp_ajax_delete_media_entryinc\core\media.php:13

authwp_ajax_save_templateinc\core\template.php:11

authwp_ajax_delete_templateinc\core\template.php:12

authwp_ajax_activate_templateinc\core\template.php:13

REST API Routes 1

GET/wp-json/poly-support/v1/active_templateinc\core\api\apiServices.php:12

WordPress Hooks 4

actionrest_api_initinc\core\api\apiServices.php:8

actionadmin_menupoly-support.php:25

actionadmin_enqueue_scriptspoly-support.php:26

actionwp_enqueue_scriptspoly-support.php:29

Maintenance & Trust

Poly Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 18, 2025

PHP min version

Downloads819

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Poly Support Alternatives

Ozinexus Sticky Chat & Call Button

ozinexus-sticky-chat-call-button

100

Lightweight sticky call and chat buttons with triggers, targeting and clean design controls.

0 No CVEs

Button Generator – Easily Create Custom Buttons with Icons and Analytics

button-generation

Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.

5K 8 CVEs

Floating Button – Easily Create Sticky, Fixed & Floating Buttons

floating-button

100

Floating Buttons let you easily create sticky, fixed, and floating action buttons

5K 1 CVE

Sticky Action Buttons – Call, Chat, Navigate and more

sticky-action-buttons-call-chat-navigate-and-more

The ultimate flexible and lightweight responsive sticky floating contact buttons. over 100 different design options.

200 No CVEs

Floating Contact Buttons

degx-floating-buttons

100

Add customizable WhatsApp and Phone floating buttons to your WordPress website.

50 No CVEs

Developer Profile

Poly Support Developer Profile

polyxgo

6 plugins · 170 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Poly Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/poly-support/dist/assets/js/libs/polyjs/polyutilities.min.js/wp-content/plugins/poly-support/dist/assets/js/public/script.min.js/wp-content/plugins/poly-support/dist/assets/css/public/style.min.css/wp-content/plugins/poly-support/dist/assets/css/admin/style.min.css/wp-content/plugins/poly-support/dist/assets/js/libs/sweetalert2/11.4.8/sweetalert2.min.css/wp-content/plugins/poly-support/dist/assets/js/libs/vuejs/3.4.27/vue.global.prod.js/wp-content/plugins/poly-support/dist/assets/js/libs/sweetalert2/11.4.8/sweetalert2.min.js/wp-content/plugins/poly-support/dist/assets/js/libs/sortable/1.15.6/Sortable.min.js+3 more

Script Paths

/wp-content/plugins/poly-support/dist/assets/js/public/script.min.js/wp-content/plugins/poly-support/dist/assets/js/libs/polyjs/polyutilities.min.js/wp-content/plugins/poly-support/dist/assets/js/libs/sweetalert2/11.4.8/sweetalert2.min.js/wp-content/plugins/poly-support/dist/assets/js/libs/vuejs/3.4.27/vue.global.prod.js/wp-content/plugins/poly-support/dist/assets/js/libs/sortable/1.15.6/Sortable.min.js/wp-content/plugins/poly-support/dist/assets/js/admin/media.min.js+2 more

HTML / DOM Fingerprints

JS Globals

posuSettingssupport_data

REST Endpoints

/wp-json/poly-support/v1/active_template

FAQ