Call Response – Turn visitors into phone-leads. Get direct calls from your site Security & Risk Analysis
wordpress.org/plugins/wp-call-responseGet call requests from people with email notification, easily handle the requests with huge options to control the user interface.
Is Call Response – Turn visitors into phone-leads. Get direct calls from your site Safe to Use in 2026?
Generally Safe
Score 85/100Call Response – Turn visitors into phone-leads. Get direct calls from your site has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-call-response plugin version 1.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all its SQL queries and a high percentage of properly escaped outputs. There is also no recorded vulnerability history, suggesting a relatively stable and secure past.
However, significant concerns arise from the attack surface analysis. A substantial portion of the plugin's entry points, specifically 4 out of 5, lack authentication checks. This is particularly worrying as it includes 4 unprotected AJAX handlers, which are common targets for malicious exploitation. While no critical or high severity taint flows were identified, the lack of robust authentication on these entry points could still allow for unauthorized actions if specific vulnerabilities were to be discovered or exploited through other means.
The absence of known CVEs and a clean vulnerability history is a strong positive, indicating that the plugin has not been a source of widespread security issues in the past. Nevertheless, the high number of unprotected AJAX handlers presents a clear and present risk that should be addressed. The plugin's strengths lie in its secure database interaction and output handling, but its weaknesses are evident in its vulnerable entry points.
Key Concerns
- 4 unprotected AJAX handlers
- Large attack surface without auth (4/5 entry points)
- 2 external HTTP requests (potential for SSRF or misconfiguration)
Call Response – Turn visitors into phone-leads. Get direct calls from your site Security Vulnerabilities
Call Response – Turn visitors into phone-leads. Get direct calls from your site Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Call Response – Turn visitors into phone-leads. Get direct calls from your site Attack Surface
AJAX Handlers 4
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Call Response – Turn visitors into phone-leads. Get direct calls from your site Maintenance & Trust
Maintenance Signals
Community Trust
Call Response – Turn visitors into phone-leads. Get direct calls from your site Alternatives
EchBay Phonering Alo
echbay-phonering-alo
Add Phonering Alo button to your website. A very simple yet very effective plugin that adds a Call Now button to your website for every device (mobile …
Lucep Call Now Button
lucep-call-now-button
An award winning "call now" (or click to call) widget that works on all of your pages! Proven to increase sales by over 72% and it's fr …
WP Scarcity Jeet – Powerful scarcity and urgency timer for your landing pages
scarcity-jeet
Scarcity Jeet is a very flexible and powerful timer and banner widget. You can choose between many designs and even put in your own images and e-cove …
Cart Catch for WooCommerce – cart abandonment
cart-catch-for-woocommerce
Allows WooCommerce store owners to recover lost sales, by emailing their customers.
CartFlows – Funnel Builder & Checkout Plugin for WooCommerce
cartflows
1 WordPress funnel builder & WooCommerce checkout plugin. Boost AOV with one-click upsells, order bumps & high-converting checkout pages.
Call Response – Turn visitors into phone-leads. Get direct calls from your site Developer Profile
7 plugins · 60 total installs
How We Detect Call Response – Turn visitors into phone-leads. Get direct calls from your site
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-call-response/shortcodecss/style.css/wp-content/plugins/wp-call-response/asset/bootstrap/css/bootstrap.min.css/wp-content/plugins/wp-call-response/asset/bootstrap/js/popper.min.js/wp-content/plugins/wp-call-response/asset/bootstrap/js/bootstrap.min.js/wp-content/plugins/wp-call-response/asset/fontawesome/css/all.css/wp-content/plugins/wp-call-response/shortcodecss/style.cssHTML / DOM Fingerprints
[CallResponse]