Does Quick Contact and Call back widget have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Quick Contact and Call back widget compatible with WordPress 4.7.33?

According to WordPress.org data, Quick Contact and Call back widget 3.4.1 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Quick Contact and Call back widget updated?

Quick Contact and Call back widget was last updated on Apr 1, 2017. Frequent updates are generally a positive security signal.

What is Quick Contact and Call back widget's security score?

Quick Contact and Call back widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quick Contact and Call back widget Security & Risk Analysis

wordpress.org/plugins/wp-call-me-back

WP Call Back, gives you the ability to quickly add a call back widget to the sidebar of your website.

30 active installs v3.4.1 PHP + WP 4.3+ Updated Apr 1, 2017

arrange-call-backcall-backcall-back-widgetquick-contact

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Quick Contact and Call back widget Safe to Use in 2026?

Generally Safe

Score 85/100

Quick Contact and Call back widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "wp-call-me-back" v3.4.1 plugin exhibits a mixed security posture. On the positive side, the plugin has no known historical vulnerabilities (CVEs), suggesting a generally stable and well-maintained codebase. Furthermore, the static analysis reveals a seemingly small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without proper authentication checks. This is a strong indicator of good practice regarding access control.

Key Concerns

11 dangerous functions found (unserialize)
50% SQL queries not using prepared statements
Only 17% of outputs properly escaped
0 Nonce checks found
0 Capability checks found
12 flows with unsanitized paths
3 High severity taint flows found

Vulnerabilities

None known

Quick Contact and Call back widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Quick Contact and Call back widget Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Quick Contact and Call back widget Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

119

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$get_option_details = unserialize(get_option('rcb_settings_options'));wp-callmeback.php:32

unserialize$get_recaptcha_details = unserialize(get_option('rcb_recaptcha_options'));wp-callmeback.php:33

unserialize$get_option_details = unserialize(get_option('rcb_settings_options'));wp-callmeback.php:649

unserialize$get_recaptcha_details = unserialize(get_option('rcb_recaptcha_options'));wp-callmeback.php:650

unserialize$get_option_details = unserialize(get_option('rcb_recaptcha_options'));wp-callmeback.php:907

unserialize$get_option_details = unserialize(get_option('rcb_settings_options'));wp-callmeback.php:989

unserialize$get_recaptcha_details = unserialize(get_option('rcb_recaptcha_options'));wp-callmeback.php:990

unserialize$get_color_picker = unserialize(get_option('rcb_settings_options_picker'));wp-callmeback.php:991

unserialize$get_option_details = unserialize(get_option('rcb_recaptcha_options'));wp-callmeback.php:1410

unserialize$get_option_details = unserialize(get_option('rcb_settings_options_picker'));wp-callmeback.php:1460

unserialize$get_recaptcha_details = unserialize(get_option('rcb_recaptcha_options'));wp-callmeback.php:1461

SQL Query Safety

50% prepared22 total queries

Output Escaping

17% escaped144 total outputs

Data Flows · Security

12 unsanitized

Data Flow Analysis

12 flows12 with unsanitized paths

search_box (class\class-wp-list-table-copy.php:282)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Quick Contact and Call back widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionadmin_footerclass\class-wp-list-table-copy.php:115

actionadmin_headclass\class-wpg-besttime-list-table.php:44

actionadmin_headclass\class-wpg-callback-list-table.php:49

actionadmin_headclass\class-wpg-dropdownoptions-list-table.php:44

actionadmin_menuwp-callmeback.php:137

actionwp_enqueue_scriptswp-callmeback.php:138

actionadmin_enqueue_scriptswp-callmeback.php:139

actionadmin_post_submit-callback-settings-formwp-callmeback.php:140

actionadmin_post_submit-callback-settings-optionswp-callmeback.php:141

actionadmin_post_submit-besttime-formwp-callmeback.php:142

actionadmin_post_submit-dropdownoptions-formwp-callmeback.php:143

actionadmin_post_submit-recaptcha-formwp-callmeback.php:144

actionwidgets_initwp-callmeback.php:563

Maintenance & Trust

Quick Contact and Call back widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedApr 1, 2017

PHP min version

Downloads23K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Quick Contact and Call back widget Alternatives

Free Call Me Back Widget

quiits-call-me-back-widget

Increase Your Website Conversion Up To 60% by enabling them to Request a Call back. Activate Call me back widget on your website in less than 30 secon …

10 No CVEs

Bazz CallBack widget

bazz-callback-widget

This plugin makes a simple widget for callback on your website.

4K No CVEs

ZVI CallBack widget

zvi-callback-widget

100

This plugin makes a simple widget for callback on your website.

100 No CVEs

Call Leads WordPress Plugin

call-leads

The easiest way to get more call leads, turn leads to customers.

20 No CVEs

Сallback Samlab widget

allback-samlab

Плагин предназначен для легкого создания виджета контактной формы для Вашео сайта. Этот виджет будет выполнять функцию "обратного звонка".

10 No CVEs

Developer Profile

Quick Contact and Call back widget Developer Profile

hosting.io

3 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quick Contact and Call back widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-call-me-back/css/wp-callmeback.css/wp-content/plugins/wp-call-me-back/css/colpick.css/wp-content/plugins/wp-call-me-back/js/colpick.js/wp-content/plugins/wp-call-me-back/style.css

Script Paths

/wp-content/plugins/wp-call-me-back/js/colpick.js

Version Parameters

wp-call-me-back/style.css?ver=wp-callmeback-stylewpgcallmeback-style

HTML / DOM Fingerprints

CSS Classes

nav-tab-wrappernav-tabnav-tab-active

Data Attributes

data-sitekey

JS Globals

grecaptcha

FAQ