Does Buttonizer – Live Chat, AI Chatbot, & Chat Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in Buttonizer – Live Chat, AI Chatbot, & Chat Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Buttonizer – Live Chat, AI Chatbot, & Chat Widgets compatible with WordPress 6.9.4?

According to WordPress.org data, Buttonizer – Live Chat, AI Chatbot, & Chat Widgets 5.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Buttonizer – Live Chat, AI Chatbot, & Chat Widgets compatible with PHP 7.0+?

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Buttonizer – Live Chat, AI Chatbot, & Chat Widgets updated?

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is Buttonizer – Live Chat, AI Chatbot, & Chat Widgets's security score?

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Security & Risk Analysis

wordpress.org/plugins/button-contact-vr

Powerful platform with Live Chat, AI Chatbots, and Real-Time Visitor Monitoring! Also, create Call, Email, SMS, & Contact buttons to increase conv …

60K active installs v5.0.6 PHP 7.0+ WP 4.7+ Updated Mar 2, 2026

ai-chatchatchatbotlive-chatwhatsapp

A · Safe

CVEs total3

Unpatched0

Last CVEOct 24, 2024

Plugin page Download

Safety Verdict

Is Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Safe to Use in 2026?

Generally Safe

Score 98/100

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 24, 2024Updated 1mo ago

Risk Assessment

The "button-contact-vr" plugin, version 5.0.6, exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, a significant concern arises from its attack surface. With 10 total entry points, a disproportionate 9 are found to be unprotected, meaning they lack proper authorization checks. This creates a substantial risk, as unauthenticated users could potentially interact with these endpoints.

The static analysis also reveals taint flows with unsanitized paths, indicating a potential for vulnerabilities where user-supplied data could be mishandled. Although no critical or high severity taint flows were found, and the plugin has no currently unpatched CVEs, the history of 3 medium severity CVEs, all related to Cross-site Scripting (XSS), is a worrying pattern. This suggests a recurring issue with how user input is processed, even if recent versions have addressed specific instances.

In conclusion, the plugin has strengths in secure coding for SQL and output handling. However, the high number of unprotected REST API routes and the historical XSS vulnerabilities represent significant weaknesses that require attention to mitigate potential risks.

Key Concerns

High number of unprotected REST API routes
Taint flows with unsanitized paths found
History of medium severity XSS CVEs

Vulnerabilities

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-50414medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Button contact VR <= 4.7.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 4.7.10 (8d)

CVE-2024-43347medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Button contact VR <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 16, 2024 Patched in 4.7.8 (20d)

CVE-2024-2220medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Button contact VR <= 4.7 - Authenticated (Admin+) Stored Cross-Site Scripting

May 2, 2024 Patched in 4.7.2 (68d)

Code Analysis

Analyzed Mar 16, 2026

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

180 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped182 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

bz_button_contact_redirect_to_page (init.php:48)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Attack Surface

Entry Points10

Unprotected9

REST API Routes 9

GET/wp-json/bz_contact_button/analytics/overviewapp\Api\Analytics\Overview.php:32

GET/wp-json/bz_contact_button/connectapp\Api\Connection\Connect.php:35

GET/wp-json/bz_contact_button/disconnectapp\Api\Connection\Disconnect.php:37

GET/wp-json/bz_contact_button/editor_start_sessionapp\Api\Connection\StartEditorSession.php:33

GET/wp-json/bz_contact_button/syncapp\Api\Connection\Sync.php:34

GET/wp-json/bz_contact_button/migrateapp\Api\Settings\MigrateToStandalone.php:34

GET/wp-json/bz_contact_button/settingsapp\Api\Settings\UpdateSettings.php:33

GET/wp-json/bz_contact_button/delete_legacy_backupapp\Api\Utils\DeleteLegacyBackup.php:33

GET/wp-json/bz_contact_button/revert_to_legacyapp\Api\Utils\RevertToLegacy.php:31

Shortcodes 1

[buttonizer] init.php:181

WordPress Hooks 19

actionadmin_menuapp\Admin\Admin.php:36

actionadmin_enqueue_scriptsapp\Admin\Admin.php:39

filterscript_loader_tagapp\Admin\Admin.php:42

actionadmin_initapp\Admin\Admin.php:56

actionadmin_noticesapp\Admin\Admin.php:64

actiontemplate_redirectinit.php:97

actionwp_headinit.php:103

actionwp_footerinit.php:135

actioninitinit.php:185

actionadmin_bar_menuinit.php:188

actionrest_api_initinit.php:195

actionplugins_loadedlegacy\inc\button-contact.php:18

actionwp_footerlegacy\inc\button-contact.php:23

actionwp_enqueue_scriptslegacy\inc\button-contact.php:24

actionadmin_enqueue_scriptslegacy\inc\button-contact.php:25

actionadmin_initlegacy\plugin.php:174

actionadmin_menulegacy\plugin.php:182

actionadmin_initlegacy\plugin.php:206

actionadmin_enqueue_scriptslegacy\plugin.php:225

Maintenance & Trust

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.0

Downloads403K

Community Trust

Rating100/100

Number of ratings23

Active installs60K

Alternatives

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Alternatives

Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

chatway-live-chat

100

AI chatbot & live chat for customer support, FAQ, chat buttons including WhatsApp with Chatway live chat. iOS & Android apps available 💬

30K No CVEs

Lime Connect (formerly Userlike) – WordPress Live Chat plugin

userlike

100

Free live chat plugin to chat with the visitors of your website. Integrate a beautiful and fully customizable chat box. Hosted in Europe.

1K 1 CVE

Live Chat & AI Chatbots – onWebChat

onwebchat

Enhance customer service with instant 24/7 AI-powered replies. Now with WooCommerce integration, so your chatbot understands your products and helps c …

800 1 CVE

AI Chatbot for WordPress by Customerly

customerly

AI Chatbot to support customers, create engaging messages and send automated emails.

400 No CVEs

Social Intents – Live Chat

live-chat-support-by-social-intents

AI Chatbot & Live Chat plugin for WordPress. Chat with visitors using ChatGPT, Claude, Gemini, Slack, Teams, and Google Chat.

400 1 unpatched

Developer Profile

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets Developer Profile

Buttonizer

3 plugins · 190K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

155 days

View full developer profile

Detection Fingerprints

How We Detect Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/button-contact-vr/assets/app/index.css/wp-content/plugins/button-contact-vr/assets/app/index.js

Script Paths

/wp-content/plugins/button-contact-vr/app/autoloader.php

Version Parameters

button-contact-vr/style.css?ver=button-contact-vr/script.js?ver=button-contact-vr/assets/app/index.css?ver=button-contact-vr/assets/app/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

bz-buttonizer-pro-dialogbz-editor-containerbz-settings-containerbz-support-container

Data Attributes

data-editor-framedata-buttonizer-action

JS Globals

buttonizer_adminBZContactButton

REST Endpoints

/wp-json/buttonizer/v1/settings/wp-json/buttonizer/v1/buttons

FAQ