Does WP Request Callback have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Request Callback have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Request Callback compatible with WordPress 5.2.24?

According to WordPress.org data, WP Request Callback 0.1.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is WP Request Callback compatible with PHP 7.0+?

WP Request Callback requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Request Callback updated?

WP Request Callback was last updated on Sep 30, 2019. Frequent updates are generally a positive security signal.

What is WP Request Callback's security score?

WP Request Callback has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Request Callback Security & Risk Analysis

wordpress.org/plugins/wp-request-callback

Capture callback requests from potential clients on your site. Use our built in forms or create your own. Simple, customisable, and easy to use.

10 active installs v0.1.0 PHP 7.0+ WP 5.0+ Updated Sep 30, 2019

callbackcallback-requestphonephone-backrequest

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Request Callback Safe to Use in 2026?

Generally Safe

Score 85/100

WP Request Callback has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The wp-request-callback v0.1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and performing capability checks on at least one entry point. There are no recorded vulnerabilities or CVEs, which is a strong indicator of a history of secure development. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface in these areas.

However, there are significant concerns that detract from its overall security. The plugin exposes a REST API route without proper permission callbacks, creating an unprotected entry point that could be exploited. Furthermore, it lacks nonce checks on its AJAX handlers, a critical security measure that can prevent Cross-Site Request Forgery (CSRF) attacks. While taint analysis showed no issues, this might be due to the limited scope of the analysis or the absence of complex data flows in this early version. The plugin's small attack surface is somewhat mitigated by the unprotected REST API route and the missing nonce checks, which represent the most immediate risks.

In conclusion, while the plugin has a clean vulnerability history and uses prepared statements, the unprotected REST API route and the absence of nonce checks on AJAX handlers are serious security weaknesses that require immediate attention. These issues create exploitable pathways that could compromise user data or site integrity. Addressing these specific concerns should be the priority for improving the plugin's security.

Key Concerns

REST API route without permission callbacks
Missing nonce checks on AJAX handlers
Low output escaping (60%)

Vulnerabilities

None known

WP Request Callback Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Request Callback Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped10 total outputs

Attack Surface

1 unprotected

WP Request Callback Attack Surface

Entry Points2

Unprotected1

REST API Routes 1

POST/wp-json/wprc/v1/callback-requestswp-request-callback.php:162

Shortcodes 1

[wprc] wp-request-callback.php:292

WordPress Hooks 14

actioninitwp-request-callback.php:40

filterpost_row_actionswp-request-callback.php:55

filtermanage_wprc_cb_request_posts_columnswp-request-callback.php:93

filterpost_date_column_statuswp-request-callback.php:95

filterpost_date_column_timewp-request-callback.php:103

actionmanage_wprc_cb_request_posts_custom_columnwp-request-callback.php:111

filterget_meta_sqlwp-request-callback.php:136

filterpre_get_postswp-request-callback.php:152

actionrest_api_initwp-request-callback.php:161

actioninitwp-request-callback.php:295

actionwp_enqueue_scriptswp-request-callback.php:297

actionadmin_menuwp-request-callback.php:320

actionadmin_enqueue_scriptswp-request-callback.php:397

actionadmin_initwp-request-callback.php:399

Maintenance & Trust

WP Request Callback Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedSep 30, 2019

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Request Callback Alternatives

Обратный звонок

call-me-spoot

Плагин добавляет на сайт кнопку и форму заказа обратного звонка.

100 No CVEs

DITS Easy Callback Button

dits-easy-callback-button

100

A simple floating callback button and modal form to request a call back from your clients.

0 No CVEs

Bazz CallBack widget

bazz-callback-widget

This plugin makes a simple widget for callback on your website.

4K No CVEs

CallPage – Callback Widget

callpage

100

Widget for callback in 28 seconds! Gain 75% more leads from your website!

1K No CVEs

ZVI CallBack widget

zvi-callback-widget

100

This plugin makes a simple widget for callback on your website.

100 No CVEs

Developer Profile

WP Request Callback Developer Profile

kiteframe

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Request Callback

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-request-callback/main.css/wp-content/plugins/wp-request-callback/script.js

Script Paths

/wp-content/plugins/wp-request-callback/script.js

Version Parameters

wp-request-callback/main.css?ver=wp-request-callback/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wprc-inputwprc-labelwprc-label-namewprc-label-phonewprc-label-textwprc-label-text-namewprc-label-text-phonewprc-input-phone+8 more

Data Attributes

wprc

REST Endpoints

/wprc/v1/callback-requests

Shortcode Output

<div class="wprc-wrapper">
	<form class="wprc-form">
		<label class="wprc-label wprc-label-name">
		    <span class="wprc-label-text wprc-label-text-name">Name</span>
			<input class="wprc-input wprc-input-phone" name="name" type="text" required/>
		</label>
        <div class="wprc-validation-errors"></div>
        
		<label class="wprc-label wprc-label-phone">
		    <span class="wprc-label-text wprc-label-text-phone">Phone</span>
			<input class="wprc-input wprc-input-phone" name="phone" type="tel" required/>
		</label>
        <div class="wprc-validation-errors"></div>
        
		<div class="wprc-button-wrapper">
		    <button class="wprc-button" type="submit">Submit</button>
        </div>
	</form>
	<div class="wprc-message wprc-success-message" style="display: none">

FAQ