Does Chat Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Chat Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Chat Forms compatible with WordPress 5.2.24?

According to WordPress.org data, Chat Forms 1.0.2 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Chat Forms compatible with PHP 5.2+?

Chat Forms requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Chat Forms updated?

Chat Forms was last updated on Oct 1, 2019. Frequent updates are generally a positive security signal.

What is Chat Forms's security score?

Chat Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Chat Forms Security & Risk Analysis

wordpress.org/plugins/chat-forms

Embeds a Chat Form, in a WordPress post, page, or widget.

0 active installs v1.0.2 PHP 5.2+ WP 4.0+ Updated Oct 1, 2019

chat-formsgooglegoogle-docsgoogle-formsspreadsheet

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Chat Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Chat Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "chat-forms" plugin v1.0.2 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a generally secure development approach and diligent maintenance.

However, significant concerns arise from the static analysis. The presence of one AJAX handler without authentication checks represents a critical entry point that could be exploited by unauthenticated users. While the plugin has a low total number of entry points, this single unprotected handler is a notable weakness. Furthermore, a low percentage (18%) of output escaping is a substantial risk, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed.

The absence of any taint analysis results or known CVEs is positive but should be viewed in context with the identified code signals. The plugin's strengths lie in its clean SQL handling and lack of historical vulnerabilities. Its weaknesses are concentrated in the lack of robust access control on its AJAX endpoint and insufficient output sanitization.

Key Concerns

AJAX handler without authentication
Low percentage of output escaping

Vulnerabilities

None known

Chat Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Chat Forms Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

18% escaped84 total outputs

Attack Surface

1 unprotected

Chat Forms Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_wpcform_save_chat_form_idwpcform-core.php:184

Shortcodes 2

[cform] wpcform-core.php:103

[wpcform] wpcform-core.php:104

WordPress Hooks 28

actioninitindex.php:37

actionadmin_menuindex.php:40

actionadmin_initindex.php:43

filteruse_fsockopen_transportwpcform-core.php:54

filteruse_streams_transportwpcform-core.php:58

filteruse_curl_transportwpcform-core.php:62

filterhttps_local_ssl_verifywpcform-core.php:66

filterhttps_ssl_verifywpcform-core.php:70

filterhttp_request_timeoutwpcform-core.php:77

filterwidget_textwpcform-core.php:108

actionwp_enqueue_scriptswpcform-core.php:113

actionwp_footerwpcform-core.php:114

filterget_the_termswpcform-core.php:144

filterget_post_metadatawpcform-core.php:145

filterthe_previewwpcform-core.php:150

filterwidget_textwpcform-core.php:357

actionadmin_noticeswpcform-core.php:933

actioninitwpcform-post-type.php:24

actionadmin_menuwpcform-post-type.php:244

actionquick_edit_custom_boxwpcform-post-type.php:478

actionadmin_noticeswpcform-post-type.php:628

actionpost_edit_form_tagwpcform-post-type.php:636

filtermanage_edit-wpcform_columnswpcform-post-type.php:639

actionmanage_posts_custom_columnwpcform-post-type.php:680

filtermanage_edit-wpcform_sortable_columnswpcform-post-type.php:694

actionadmin_footerwpcform-post-type.php:740

filterenter_title_herewpcform-post-type.php:743

actionadmin_headwpcform-post-type.php:768

Maintenance & Trust

Chat Forms Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedOct 1, 2019

PHP min version5.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Chat Forms Alternatives

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

embedpress

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K 27 CVEs

Document Embedder Addons for Elementor – Embed Documents in Elementor Websites

document-embedder-addons-for-elementor

100

Document Embedder Addons for Elementor makes it simple to embed PDFs, Word docs, and others into your pages, no downloads or redirects needed.

6K No CVEs

Connector for Gravity Forms and Google Sheets

wp-gravity-forms-spreadsheets

Gravity Forms Google Sheets Connector sends Gravity forms entries to Google Sheets.

3K 4 CVEs

WPGSI: Spreadsheet Integration

wpgsi

Google sheet two-way sync 🔄 WordPress | WooCommerce | Contact form 7 | DB table | Google sheet as a Table.

2K 5 CVEs

FormFacade – Embed Google Forms in your website

formfacade

Embed Google Forms™ in your wordpress site

1K 1 unpatched

Developer Profile

Chat Forms Developer Profile

Chat-Forms

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Chat Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chat-forms/css/chat-forms.css/wp-content/plugins/chat-forms/js/chat-forms.js

Script Paths

/wp-content/plugins/chat-forms/js/chat-forms.js

Version Parameters

chat-forms/css/chat-forms.css?ver=chat-forms/js/chat-forms.js?ver=

HTML / DOM Fingerprints

CSS Classes

chat-forms-container

HTML Comments

Data Attributes

data-chat-form-id

JS Globals

ChatForms

REST Endpoints

/wp-json/chat-forms/v1/submit

Shortcode Output

[cform[wpcform

FAQ