Does WP Call Me have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Call Me have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Call Me compatible with WordPress 4.4.34?

According to WordPress.org data, WP Call Me 1.7 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is WP Call Me updated?

WP Call Me was last updated on Oct 12, 2016. Frequent updates are generally a positive security signal.

What is WP Call Me's security score?

WP Call Me has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Call Me Security & Risk Analysis

wordpress.org/plugins/wp-call-me

Take calls from your website with an easy to install click to call button.

10 active installs v1.7 PHP + WP 3.3+ Updated Oct 12, 2016

callclick-2-callclick-to-callclick2calliphone

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Call Me Safe to Use in 2026?

Generally Safe

Score 85/100

WP Call Me has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The wp-call-me plugin v1.7 exhibits a concerning security posture primarily due to a lack of proper authorization checks on its entry points and insecure handling of serialized data. The static analysis reveals two AJAX handlers, both of which are exposed without any authentication or capability checks, creating a significant attack surface. Furthermore, the presence of the 'unserialize' function without clear sanitization or validation indicates a potential for deserialization vulnerabilities, especially when combined with unsanitized input from the identified taint flows. While the plugin has no recorded vulnerability history, this absence should not be interpreted as a guarantee of current security. The lack of reported vulnerabilities might simply mean they haven't been discovered or publicly disclosed yet. The plugin's strengths lie in its use of prepared statements for SQL queries and the absence of file operations or external HTTP requests, which reduces some common attack vectors. However, the critical issues of unprotected AJAX endpoints and the 'unserialize' function heavily outweigh these positives, demanding immediate attention.

Key Concerns

AJAX handlers without authentication
Unescaped output detected
Dangerous function 'unserialize' used
Taint flows with unsanitized paths
Missing nonce checks on AJAX
Missing capability checks on AJAX

Vulnerabilities

None known

WP Call Me Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Call Me Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$wp_phone_options=unserialize($wp_phone_options);wp-call-me.php:86

Output Escaping

0% escaped13 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

wp_phone_save_user_settings (wp-call-me.php:403)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP Call Me Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wp_phone_save_user_datawp-call-me.php:400

authwp_ajax_wp_phone_save_user_settingswp-call-me.php:401

WordPress Hooks 4

actionadmin_initwp-call-me.php:33

actionadmin_menuwp-call-me.php:37

actionadmin_footerwp-call-me.php:43

filterthe_contentwp-call-me.php:453

Maintenance & Trust

WP Call Me Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedOct 12, 2016

PHP min version

Downloads9K

Community Trust

Rating60/100

Number of ratings4

Active installs10

Alternatives

WP Call Me Alternatives

Excitel – Click to call

excitel-click-to-call

Excitel helps your customers make calls from your site over Internet (free) using WebRTC, RTMP and SIP protocols.

20 No CVEs

Easy Caller with Mocean

easy-caller-with-moceanapi

Easy Caller uses Mocean Voice API to connect calls with you and your customers both easily and efficiently.

0 No CVEs

Call Now Button – The #1 Click to Call Button for WordPress

call-now-button

The web's #1 click to call button for your website! A simple and powerful plugin that adds a Call Now Button to your website.

200K 5 CVEs

Really Simple Click To Call Bar

really-simple-click-to-call

A simple plugin that adds a click to call bar/call now button for mobile visitors.

8K No CVEs

Floating Click to Contact Buttons

floating-click-to-contact-buttons

Tạo các nút gọi, nút chat Zalo, nút Chat messenger, nút để lại thông tin để tư vấn, nút chỉ đường. Trình bày các nút đẹp mắt ở góc phải dưới màn hình, …

2K No CVEs

Developer Profile

WP Call Me Developer Profile

TaylorHawkes

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Call Me

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-call-me/js/intlTelInput.js/wp-content/plugins/wp-call-me/js/signup.js

Script Paths

js/intlTelInput.jsjs/signup.js

HTML / DOM Fingerprints

CSS Classes

wp_phone_form_tablewp_phone_default_number_shortcode

HTML Comments

Data Attributes

id="wp_phone_holder"id="wp_call_me_user_settings"id="wp_click_to_call_not_supported"id="wp_click_to_call_color_theme"

JS Globals

intlTelInputsignup

Shortcode Output

[wp_phone_clicktocall][wp_phone_number]

FAQ