Add Chat App Button Security & Risk Analysis
wordpress.org/plugins/add-whatsapp-buttonAdd Chat App Button enables adding a customizeable click-to-chat button that opens a chat on WhatsApp. This plugin is not affiliated with WhatsApp or …
Is Add Chat App Button Safe to Use in 2026?
Generally Safe
Score 99/100Add Chat App Button has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The 'add-whatsapp-button' plugin v2.1.8 demonstrates a generally strong security posture, particularly concerning its handling of SQL queries, lack of external HTTP requests, and file operations. The plugin adheres to good practices by utilizing prepared statements for all SQL queries and has a small, protected attack surface with a single AJAX handler that appears to have nonce checks, although capability checks are notably absent. However, a significant concern is the 25% of output that is not properly escaped, indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities. This is further underscored by the plugin's vulnerability history, which includes a medium-severity XSS vulnerability as its last recorded CVE. While currently no CVEs are unpatched, the pattern of XSS vulnerabilities suggests that output sanitization needs to be improved to prevent future exploitations. The absence of capability checks on the AJAX handler, while not explicitly showing an issue in the static analysis, represents a potential weakness that could be exploited if other security layers are bypassed.
Key Concerns
- Unescaped output detected
- Missing capability checks on AJAX handler
- Previous XSS vulnerabilities
Add Chat App Button Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Add Chat App Button <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Add Chat App Button Release Timeline
Add Chat App Button Code Analysis
Output Escaping
Add Chat App Button Attack Surface
AJAX Handlers 1
WordPress Hooks 17
Maintenance & Trust
Add Chat App Button Maintenance & Trust
Maintenance Signals
Community Trust
Add Chat App Button Alternatives
Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist
bit-assist
Floating sticky chat button for WhatsApp Chat, Facebook Messenger, Telegram, Instagram, SMS, Call, Discord chat, TikTok, Line & 30+ channels
Cresta Help Chat
cresta-whatsapp-chat
Allow your users and customers to contact you via WhatsApp with a single click.
WP Sticky Button – Click to Chat
wa-sticky-button
Display the beautiful WhatsApp Sticky Button on the WordPress frontend.
Button
button
Create beautiful buttons and social icons. Button plugin is powerful and easy to use. You can create any types of buttons such as css3 & 3D Buttons.
Click to Call or Chat Buttons
click-to-call-or-chat-buttons
This plugin adds Phone Call and WhatsApp button on your webpage.
Add Chat App Button Developer Profile
1 plugin · 2K total installs
How We Detect Add Chat App Button
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/add-whatsapp-button/css/frontend.css/wp-content/plugins/add-whatsapp-button/css/admin.css/wp-content/plugins/add-whatsapp-button/js/frontend.js/wp-content/plugins/add-whatsapp-button/js/admin.js/wp-content/plugins/add-whatsapp-button/css/style-templates/wab-icon-styled.css/wp-content/plugins/add-whatsapp-button/css/style-templates/wab-icon-plain.css/wp-content/plugins/add-whatsapp-button/css/style-templates/wab-side-rectangle.css/wp-content/plugins/add-whatsapp-button/css/style-templates/wab-side-chat.css+9 more/wp-content/plugins/add-whatsapp-button/js/frontend.js/wp-content/plugins/add-whatsapp-button/js/admin.jsadd-whatsapp-button/css/frontend.css?ver=add-whatsapp-button/css/admin.css?ver=add-whatsapp-button/js/frontend.js?ver=add-whatsapp-button/js/admin.js?ver=add-whatsapp-button/css/style-templates/wab-icon-styled.css?ver=add-whatsapp-button/css/style-templates/wab-icon-plain.css?ver=add-whatsapp-button/css/style-templates/wab-side-rectangle.css?ver=add-whatsapp-button/css/style-templates/wab-side-chat.css?ver=add-whatsapp-button/css/style-templates/wab-side-classic.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-red.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-black.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-white.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-circle.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-circle-red.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-circle-black.css?ver=add-whatsapp-button/css/style-templates/wab-side-minimal-circle-white.css?ver=HTML / DOM Fingerprints
awb-hideawb-displaynoneawb-preview-wrapperwab-icon-plainwab-icon-styledwab-side-rectanglewab-side-chatwab-side-classic+8 more<!-- Main wrapper start --><!-- The preview button --><!-- The settings form -->data-awb-button-typedata-awb-button-textdata-awb-button-urldata-awb-icon-sizedata-awb-button-bg-colordata-awb-button-text-color+17 morewindow.awb_frontend_scriptswindow.awb_admin_scripts[add_whatsapp_button]