WP-Safety

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Security & Risk Analysis

wordpress.org/plugins/bit-assist

Floating sticky chat button for WhatsApp Chat, Facebook Messenger, Telegram, Instagram, SMS, Call, Discord chat, TikTok, Line & 30+ channels

10K active installs v1.7.0 PHP 7.4+ WP 5.1+ Updated Mar 14, 2026
chatchat-widgetfacebook-messengerwhatsapp-buttonwhatsapp-chat
95
A · Safe
CVEs total7
Unpatched0
Last CVEDec 19, 2025
Plugin page Download
Safety Verdict

Is Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Safe to Use in 2026?

Generally Safe

Score 95/100

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Dec 19, 2025Updated 20d ago
Risk Assessment

The static analysis of bit-assist v1.7.0 reveals a generally strong focus on secure coding practices. The plugin demonstrates a positive commitment to using prepared statements for all SQL queries and a high percentage of properly escaped output, minimizing risks of SQL injection and cross-site scripting originating from standard output operations. The absence of a significant attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events is also a positive sign, reducing potential entry points for attackers. However, the historical vulnerability data presents a significant concern. The plugin has a history of 7 medium-severity CVEs, with common types including missing authorization, path traversal, and SQL injection. This indicates a pattern of recurring security flaws, even if they are currently patched. The existence of these past vulnerabilities, particularly those related to authorization and path manipulation, suggests potential weaknesses in how user input is validated and how access controls are implemented, despite the static analysis not identifying explicit unhandled entry points or dangerous functions in this specific version.

Key Concerns

  • History of 7 medium severity CVEs
  • 0 capability checks found
  • 1 nonce check found (potentially insufficient)
  • 19% of outputs not properly escaped
Vulnerabilities
7

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
5 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
7

7 total CVEs

CVE-2025-68596medium · 5.3Missing Authorization

Bit Assist <= 1.5.11 - Missing Authorization

Dec 19, 2025 Patched in 1.6.0 (19d)
CVE-2025-30834medium · 5.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Bit Assist <= 1.5.4 - Unauthenticated Path Traversal

Mar 28, 2025 Patched in 1.5.5 (7d)
CVE-2025-0822medium · 6.5Relative Path Traversal

Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter

Feb 14, 2025 Patched in 1.5.3 (1d)
CVE-2024-13791medium · 4.9Relative Path Traversal

Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function

Feb 13, 2025 Patched in 1.5.3 (1d)
CVE-2025-0821medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter

Feb 13, 2025 Patched in 1.5.3 (1d)
CVE-2023-51371medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 18, 2023 Patched in 1.2 (127d)
CVE-2023-3667medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bit Assist <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 27, 2023 Patched in 1.1.9 (180d)
Code Analysis
Analyzed Mar 16, 2026

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
6
26 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

81% escaped32 total outputs
Attack Surface

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
filterwp_mail_content_typebackend\app\HTTP\Controllers\ResponseController.php:81
actionadmin_noticesbackend\bootstrap.php:9
Maintenance & Trust

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version7.4
Downloads124K

Community Trust

Rating98/100
Number of ratings110
Active installs10K
Alternatives

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Alternatives

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

A
92

WhatsApp chat, Facebook Messenger, Telegram, TikTok, Instagram, Email, Line, WeChat Phone call, SMS, 20+ live chat icons & WhatsApp chat pop up 💬

400K 11 CVEs
Cresta Help Chat

Cresta Help Chat

cresta-whatsapp-chat

A
100

Allow your users and customers to contact you via WhatsApp with a single click.

10K No CVEs
Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons

Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons

sticky-chat-widget

A
100

Social chat buttons with WhatsApp, Messenger, WeChat, Telegram, Instagram, TikTok, Zalo & more — plus SMS, Call button, Contact form, and 20+ icons.

10K 1 CVE
Social Chat Widget (⚡ by Callbell)

Social Chat Widget (⚡ by Callbell)

callbell-chat-widget

A
85

WhatsApp free live chat button to connect and communicate with your website visitors

700 No CVEs
Widget Click to Chat

Widget Click to Chat

widgetwhats-app

A
85

100% FREE Responsive WhatsApp Chat Widget with page targeting and floating button style. Fully Customizable!

600 No CVEs
Developer Profile

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist Developer Profile

Bit Apps

5 plugins · 39K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
43 days
View full developer profile
Detection Fingerprints

How We Detect Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bit-assist/iframe/assets/index.css/wp-content/plugins/bit-assist/iframe/assets/index.js
Script Paths
https://fonts.googleapis.com/css2?family=Outfit:wght@200;300;400;500;600;700&display=swap
Version Parameters
bit-assist/iframe/assets/index.css?ver=bit-assist/iframe/assets/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
hide
Data Attributes
id="widgetWrapper"id="contentWrapper"id="widgetBubbleRow"id="widgetBubbleWrapper"id="widgetBubble"id="widget-img"+1 more
JS Globals
window.bitapps_assist
FAQ

Frequently Asked Questions about Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist