WP-Safety

Zontact – Lightweight Floating Contact Button Security & Risk Analysis

wordpress.org/plugins/zontact

A simple floating contact button for WordPress fast, accessible, and clutter-free.

0 active installs v1.1.1 PHP 7.4+ WP 6.0+ Updated Unknown
accessiblecontact-formfloating-contact-buttonlightweightmodal
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Zontact – Lightweight Floating Contact Button Safe to Use in 2026?

Generally Safe

Score 100/100

Zontact – Lightweight Floating Contact Button has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "zontact" plugin version 1.1.1 demonstrates a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and a complete reliance on prepared statements for all SQL queries are significant strengths. Furthermore, the plugin correctly implements nonce and capability checks for its two AJAX entry points, and the high percentage of properly escaped output suggests a solid effort to prevent cross-site scripting vulnerabilities. The zero recorded CVEs and no history of vulnerabilities further reinforce this positive outlook.

While the static analysis reveals no critical or high-severity vulnerabilities, and the taint analysis found no unsanitized paths, the absence of analysis in these areas (0 flows analyzed) means we cannot definitively rule out such issues. The attack surface is small with only two entry points, both of which are secured with authentication checks, which is excellent. However, a more thorough code review and dynamic analysis would be beneficial to confirm the absence of any latent vulnerabilities, especially in areas not covered by the current analysis scope.

Vulnerabilities
None known

Zontact – Lightweight Floating Contact Button Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Zontact – Lightweight Floating Contact Button Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
4
140 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

97% escaped144 total outputs
Attack Surface

Zontact – Lightweight Floating Contact Button Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_zontact_submitincludes\Ajax.php:27
noprivwp_ajax_zontact_submitincludes\Ajax.php:28
WordPress Hooks 10
actionwp_enqueue_scriptsincludes\Assets.php:25
actionwp_enqueue_scriptsincludes\Assets.php:26
actionwp_footerincludes\Frontend.php:23
filterwp_mail_content_typeincludes\Mail\EmailService.php:90
actioninitincludes\Plugin.php:59
actioninitincludes\Plugin.php:60
actionadmin_menuincludes\Plugin.php:63
actionadmin_menuincludes\Plugin.php:64
actionadmin_initincludes\Plugin.php:65
actionplugins_loadedzontact.php:42
Maintenance & Trust

Zontact – Lightweight Floating Contact Button Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads242

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Zontact – Lightweight Floating Contact Button Alternatives

Popup addon for Ninja Forms

Popup addon for Ninja Forms

popup-addon-for-ninja-forms

A
98

Popup/Modal addon for Ninja Forms. Create beautiful popups using Ninja Forms for newsletters, login, registration forms.

1K 2 CVEs
Lightweight Contact Form

Lightweight Contact Form

lightweight-contact-form

A
85

The most lightweight Contact Form plugin for WordPress. No CSS files, no overhead, no SPAM. The goal is fastest page speed.

100 No CVEs
Ajax Contact Form

Ajax Contact Form

fws-ajax-contact-form

A
99

An easy to use contact form plugin with multiple inbuilt features to prevent contact form spam.

20 1 CVE
Result Popups for CF7

Result Popups for CF7

result-popups-for-cf7

A
100

Modernize your Contact Form 7 messages with clean, customizable SweetAlert2 popups. No config needed. Just activate and enjoy.

20 No CVEs
Emberly Popups

Emberly Popups

emberly-popups

A
100

Lightweight, accessible popups for WordPress—made by developers, for developers.

10 No CVEs
Developer Profile

Zontact – Lightweight Floating Contact Button Developer Profile

38zo

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Zontact – Lightweight Floating Contact Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/zontact/assets/css/zontact.css/wp-content/plugins/zontact/assets/js/zontact.js
Script Paths
/wp-content/plugins/zontact/assets/js/zontact.js
Version Parameters
zontact/assets/css/zontact.css?ver=zontact/assets/js/zontact.js?ver=

HTML / DOM Fingerprints

CSS Classes
zontact-rootzontact-leftzontact-rightzontact-buttonzontact-button-size-zontact-button-mode-zontact-button-iconzontact-button-label+15 more
Data Attributes
data-accentdata-button-bgdata-button-textdata-button-radius
JS Globals
zontact
REST Endpoints
/wp-json/zontact/v1/submit
FAQ

Frequently Asked Questions about Zontact – Lightweight Floating Contact Button