Chat & Forms Integration for OkoCRM (Unofficial) Security & Risk Analysis

wordpress.org/plugins/chat-and-forms-integration-for-okocrm

Unofficial WordPress integration providing a simple way to embed OkoCRM chat and form widgets.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Dec 18, 2025
chatcrmformsintegrationwidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Chat & Forms Integration for OkoCRM (Unofficial) Safe to Use in 2026?

Generally Safe

Score 100/100

Chat & Forms Integration for OkoCRM (Unofficial) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The plugin 'chat-and-forms-integration-for-okocrm' version 1.0.0 exhibits a very strong security posture based on the provided static analysis. All identified entry points, including AJAX handlers and REST API routes, appear to have proper authentication and permission checks. The code also demonstrates excellent practices regarding SQL queries, exclusively using prepared statements, and ensuring all output is properly escaped. The absence of file operations, external HTTP requests, and critical or high-severity taint flows further strengthens this positive assessment.

The vulnerability history is equally reassuring, showing no known CVEs, which suggests a well-maintained and secure codebase. The complete lack of recorded vulnerabilities and the absence of common vulnerability types indicate a proactive approach to security by the developers. While the attack surface is small, the fact that none of it is unprotected is a significant strength.

Overall, this plugin appears to be exceptionally secure. The only minor point of consideration is the presence of a single nonce check and a single capability check, which are good practices, but their presence implies an awareness of potential vulnerabilities that could be addressed by more comprehensive checks if the plugin were to grow in complexity. However, based on the current data, there are no immediate or significant security risks identified.

Vulnerabilities
None known

Chat & Forms Integration for OkoCRM (Unofficial) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Chat & Forms Integration for OkoCRM (Unofficial) Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Chat & Forms Integration for OkoCRM (Unofficial) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
59 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped59 total outputs
Attack Surface

Chat & Forms Integration for OkoCRM (Unofficial) Attack Surface

Entry Points6
Unprotected0

REST API Routes 5

POST/wp-json/cfio/v1chat/saveadmin/class-cfio-rest.php:21
POST/wp-json/cfio/v1chat/deleteadmin/class-cfio-rest.php:31
GET/wp-json/cfio/v1forms/listadmin/class-cfio-rest.php:41
POST/wp-json/cfio/v1forms/createadmin/class-cfio-rest.php:51
POST/wp-json/cfio/v1forms/deleteadmin/class-cfio-rest.php:61

Shortcodes 1

[cfio_form] public/class-cfio-public.php:83
WordPress Hooks 7
actionplugins_loadedchat-and-forms-integration-for-okocrm.php:57
actionadmin_enqueue_scriptsincludes/class-cfio-plugin.php:104
actionadmin_enqueue_scriptsincludes/class-cfio-plugin.php:105
actionadmin_menuincludes/class-cfio-plugin.php:106
actionrest_api_initincludes/class-cfio-plugin.php:109
actionwp_enqueue_scriptsincludes/class-cfio-plugin.php:123
actioninitincludes/class-cfio-plugin.php:125
Maintenance & Trust

Chat & Forms Integration for OkoCRM (Unofficial) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 18, 2025
PHP min version7.4
Downloads155

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Chat & Forms Integration for OkoCRM (Unofficial) Developer Profile

maccoy

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Chat & Forms Integration for OkoCRM (Unofficial)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chat-and-forms-integration-for-okocrm/admin/css/cfio-admin.css/wp-content/plugins/chat-and-forms-integration-for-okocrm/admin/css/cfio-admin.min.css/wp-content/plugins/chat-and-forms-integration-for-okocrm/admin/js/cfio-admin.js/wp-content/plugins/chat-and-forms-integration-for-okocrm/admin/js/cfio-admin.min.js
Script Paths
https://chat.okocrm.com/widget/js/https://forms.okocrm.com/
Version Parameters
chat-and-forms-integration-for-okocrm/admin/css/cfio-admin.css?ver=chat-and-forms-integration-for-okocrm/admin/js/cfio-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Chat & Forms Integration for OkoCRM (Unofficial) --><!-- This plugin is not affiliated with, endorsed by, or sponsored by OkoCRM. -->
Data Attributes
data-cfio-chat-iddata-cfio-form-id
JS Globals
cfioAjaxcfioI18n
REST Endpoints
/cfio/v1/chat/save/cfio/v1/chat/delete/cfio/v1/forms/list/cfio/v1/forms/create/cfio/v1/forms/delete
Shortcode Output
[cfio_chat][cfio_form]
FAQ

Frequently Asked Questions about Chat & Forms Integration for OkoCRM (Unofficial)