Does 3CX Webinars have any unpatched vulnerabilities?

No. All known vulnerabilities in 3CX Webinars have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 3CX Webinars compatible with WordPress 6.3.8?

According to WordPress.org data, 3CX Webinars 18.2.4 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is 3CX Webinars compatible with PHP 7.2.0+?

3CX Webinars requires PHP 7.2.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 3CX Webinars updated?

3CX Webinars was last updated on Aug 16, 2023. Frequent updates are generally a positive security signal.

What is 3CX Webinars's security score?

3CX Webinars has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

3CX Webinars Security & Risk Analysis

wordpress.org/plugins/3cx-webinars

The 3CX Webinars plugin provides free Webinars functionality to website visitors through 3CX.

200 active installs v18.2.4 PHP 7.2.0+ WP 4.8+ Updated Aug 16, 2023

3cxvideo-conferencingweb-conferenceweb-meetingwebinar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is 3CX Webinars Safe to Use in 2026?

Generally Safe

Score 85/100

3CX Webinars has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 3cx-webinars plugin version 18.2.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, avoiding dangerous functions, and performing a significant number of capability checks and nonce checks. The absence of any recorded vulnerabilities in its history also suggests a reasonably secure development process.

However, concerns arise from the static analysis. The presence of one REST API route without a permission callback represents a direct unprotected entry point into the application, posing a moderate risk. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity, still indicate potential weaknesses that could be exploited if combined with other factors or if the severity classification is overly conservative.

While the plugin's vulnerability history is clean, this cannot entirely negate the risks identified in the static and taint analysis. The unprotected REST API route is a concrete area for potential attack, and the unsanitized paths warrant further investigation. Overall, the plugin has strengths in its adherence to secure coding practices for SQL and general checks, but the identified entry points and unsanitized flows are weaknesses that need to be addressed.

Key Concerns

Unprotected REST API route
Flows with unsanitized paths
Output escaping only 70% proper

Vulnerabilities

None known

3CX Webinars Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

3CX Webinars Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

143 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

70% escaped204 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

wp3cxw_editor_box_config (admin\includes\editor.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

3CX Webinars Attack Surface

Entry Points3

Unprotected1

REST API Routes 1

POST/wp-json/3cx-webinar/subscribesettings.php:80

Shortcodes 2

[3cx-webinar] settings.php:49

[webinar-form] settings.php:50

WordPress Hooks 14

actionadmin_initadmin\admin.php:7

actionadmin_menuadmin\admin.php:13

filterset-screen-optionadmin\admin.php:44

actionadmin_enqueue_scriptsadmin\admin.php:270

actionwp3cxw_admin_noticesadmin\admin.php:384

actionwp3cxw_admin_warningsadmin\admin.php:417

actionwp3cxw_admin_warningsadmin\admin.php:438

filtermap_meta_capincludes\capabilities.php:3

filterwidget_textincludes\controller.php:3

actionwp_enqueue_scriptsincludes\controller.php:17

actionplugins_loadedsettings.php:43

actioninitsettings.php:53

actionadmin_initsettings.php:60

actionrest_api_initsettings.php:85

Maintenance & Trust

3CX Webinars Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedAug 16, 2023

PHP min version7.2.0

Downloads11K

Community Trust

Rating60/100

Number of ratings4

Active installs200

Alternatives

3CX Webinars Alternatives

Sequel

sequel

Turn your WordPress website into a virtual or hybrid live engagement platform, powered by Sequel.io

40 1 CVE

WeMeet for Webex

wemeet

100

Seamlessly integrate Webex Meetings into your WordPress site — schedule, manage, and join Webex video meetings directly from your WordPress dashboard.

0 No CVEs