Does ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form have any unpatched vulnerabilities?

No. All known vulnerabilities in ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form compatible with WordPress 6.9.4?

According to WordPress.org data, ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form 3.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Security & Risk Analysis

wordpress.org/plugins/chat-help

Add WhatsApp click to chat with floating chat button, chat to order for WooCommerce, and chat forms to convert visitors into customers.

1K active installs v3.2.3 PHP 7.0+ WP 5.0+ Updated Mar 13, 2026

click-to-chatwhatsappwhatsapp-businesswhatsapp-chatwoocommerce-whatsapp

A · Safe

CVEs total2

Unpatched0

Last CVENov 18, 2025

Plugin page Download

Safety Verdict

Is ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Safe to Use in 2026?

Generally Safe

Score 96/100

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 18, 2025Updated 21d ago

Risk Assessment

The chat-help plugin v3.2.3 exhibits a generally good security posture with a significant majority of outputs properly escaped and all identified entry points protected by authentication checks. The static analysis reveals no critical or high severity taint flows with unsanitized paths, and file operations are absent. However, the presence of the dangerous `unserialize` function, even if not immediately exploitable based on the provided taint analysis, warrants careful monitoring as it can be a vector for deserialization vulnerabilities if user-controlled data is ever processed by it.

The vulnerability history shows a concerning pattern with two previously recorded CVEs, including one high-severity vulnerability. While there are currently no unpatched vulnerabilities, the historical prevalence of "Missing Authorization" as a common vulnerability type suggests a past weakness in access control mechanisms. This, combined with the potentially dangerous function (`unserialize`), indicates that while current static analysis doesn't reveal immediate exploitable flaws, past issues and specific code patterns warrant a cautious approach.

In conclusion, the plugin demonstrates strong adherence to many security best practices, particularly in input sanitization and output escaping. The protection of its attack surface is also a positive indicator. Nevertheless, the historical presence of vulnerabilities, especially high-severity ones, and the inclusion of `unserialize` introduce residual risks that should not be ignored. Further investigation into how `unserialize` is used and rigorous testing for authorization bypasses on any future updates would be prudent.

Key Concerns

Dangerous function: unserialize found
2 known CVEs, 1 high severity (historical)
SQL queries: 50% not using prepared statements

Vulnerabilities

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

WF-91654765-6631-4eb4-9971-32b7db7933e1-chat-helphigh · 7.5Missing Authorization

Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

Nov 18, 2025 Patched in 3.1.4 (0d)

CVE-2025-66099medium · 5.3Missing Authorization

Chat Help <= 3.1.3 - Missing Authorization

Nov 11, 2025 Patched in 3.1.4 (15d)

Code Analysis

Analyzed Mar 16, 2026

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

123

1709 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize($response['body']);src\Admin\HelpPage\Help.php:148

unserialize$unserialized = @unserialize($row['field']);src\Admin\Leads.php:191

unserialize$unserialized = @unserialize($row['meta']);src\Admin\Leads.php:197

SQL Query Safety

50% prepared4 total queries

Output Escaping

93% escaped1832 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

chat_help_export (src\Admin\Framework\functions\actions.php:64)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Attack Surface

Entry Points13

Unprotected0

AJAX Handlers 9

authwp_ajax_chat-help-get-iconssrc\Admin\Framework\functions\actions.php:52

authwp_ajax_chat-help-exportsrc\Admin\Framework\functions\actions.php:89

authwp_ajax_chat-help-importsrc\Admin\Framework\functions\actions.php:125

authwp_ajax_chat-help-resetsrc\Admin\Framework\functions\actions.php:152

authwp_ajax_chat-help-chosensrc\Admin\Framework\functions\actions.php:191

authwp_ajax_chat-help-never-show-review-noticesrc\Admin\ReviewNotice\ReviewNotice.php:32

authwp_ajax_themeatelier_dismiss_offer_bannersrc\Admin\ReviewNotice\ThemeAtelier_Offer_Banner.php:38

authwp_ajax_handle_form_submissionsrc\Frontend\Frontend.php:67

noprivwp_ajax_handle_form_submissionsrc\Frontend\Frontend.php:68

REST API Routes 2

GET/wp-json/chat-help/v1/leadssrc\Admin\Leads.php:149

GET/wp-json/chat-help/v1/leads/(?P<id>\d+)src\Admin\Leads.php:160

Shortcodes 2

[ctw] src\Includes\ChatHelp.php:189

[chat_help] src\Includes\ChatHelp.php:190

WordPress Hooks 55

actioninitchat-whatsapp.php:81

actionblock_categories_allchat-whatsapp.php:96

actionadmin_menusrc\Admin\Admin.php:72

actionafter_setup_themesrc\Admin\Admin.php:73

filteradmin_footer_textsrc\Admin\Admin.php:74

filterplugin_row_metasrc\Admin\Admin.php:89

actionadmin_initsrc\Admin\DBUpdates.php:42

actionwp_enqueue_scriptssrc\Admin\Framework\Classes\abstract.class.php:22

actionafter_setup_themesrc\Admin\Framework\Classes\Chat_Help.php:80

actioninitsrc\Admin\Framework\Classes\Chat_Help.php:81

actionswitch_themesrc\Admin\Framework\Classes\Chat_Help.php:82

actionadmin_enqueue_scriptssrc\Admin\Framework\Classes\Chat_Help.php:83

actionwp_enqueue_scriptssrc\Admin\Framework\Classes\Chat_Help.php:84

actionwp_headsrc\Admin\Framework\Classes\Chat_Help.php:85

filteradmin_body_classsrc\Admin\Framework\Classes\Chat_Help.php:86

actionadd_meta_boxessrc\Admin\Framework\Classes\Chat_Help_Metabox.php:53

actionsave_postsrc\Admin\Framework\Classes\Chat_Help_Metabox.php:54

actionedit_attachmentsrc\Admin\Framework\Classes\Chat_Help_Metabox.php:55

actionadmin_menusrc\Admin\Framework\Classes\Chat_Help_Options.php:115

actionadmin_bar_menusrc\Admin\Framework\Classes\Chat_Help_Options.php:116

actionnetwork_admin_menusrc\Admin\Framework\Classes\Chat_Help_Options.php:120

filteradmin_footer_textsrc\Admin\Framework\Classes\Chat_Help_Options.php:455

actionadmin_footersrc\Admin\Framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptssrc\Admin\Framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptssrc\Admin\Framework\fields\link\link.php:65

actionprint_default_editor_scriptssrc\Admin\Framework\fields\wp_editor\wp_editor.php:62

actionchat_help_recommended_page_menusrc\Admin\Leads.php:39

actionadmin_headsrc\Admin\Leads.php:40

actionadmin_enqueue_scriptssrc\Admin\Leads.php:41

actionrest_api_initsrc\Admin\Leads.php:42

actionadmin_print_scriptssrc\Admin\Leads.php:128

actionadmin_noticessrc\Admin\ReviewNotice\ReviewNotice.php:31

actionadmin_noticessrc\Admin\ReviewNotice\ThemeAtelier_Offer_Banner.php:37

actionwp_footersrc\Frontend\Frontend.php:66

filterkses_allowed_protocolssrc\Frontend\Frontend.php:70

actionwp_headsrc\Frontend\Frontend.php:71

actionlogin_headsrc\Frontend\Frontend.php:72

actionregister_headsrc\Frontend\Frontend.php:73

filterkses_allowed_protocolssrc\Frontend\Helpers\Helpers.php:48

filterdocument_title_separatorsrc\Frontend\Helpers\Helpers.php:485

actionwp_headsrc\Frontend\WooCommerce.php:52

actionwp_headsrc\Frontend\WooCommerce.php:67

actionwoocommerce_proceed_to_checkoutsrc\Frontend\WooCommerce.php:76

actionwoocommerce_after_shop_loop_itemsrc\Frontend\WooCommerce.php:104

filterwoocommerce_short_descriptionsrc\Frontend\WooCommerce.php:128

actionwoocommerce_proceed_to_checkoutsrc\Frontend\WooCommerce.php:159

actionwoocommerce_thankyou_order_received_textsrc\Frontend\WooCommerce.php:194

actionplugins_loadedsrc\Includes\ChatHelp.php:77

actionplugin_loadedsrc\Includes\ChatHelp.php:78

actionactivated_pluginsrc\Includes\ChatHelp.php:79

actionelementor/widgets/registersrc\Includes\ChatHelp.php:81

actionwp_loadedsrc\Includes\ChatHelp.php:187

actionwp_enqueue_scriptssrc\Includes\ChatHelp.php:188

actionwp_loadedsrc\Includes\ChatHelp.php:204

actionadmin_enqueue_scriptssrc\Includes\ChatHelp.php:205

Maintenance & Trust

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.0

Downloads49K

Community Trust

Rating88/100

Number of ratings9

Active installs1K

Alternatives

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Alternatives

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs

Social Chat – Click To Chat App Button

wp-whatsapp-chat

100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE

WP Chat App

wp-whatsapp

Integrate WhatsApp experience directly into your WordPress website.

100K 6 CVEs

Contact Form to Chat Apps | Click to Chat to Order – FormyChat

social-contact-form

100

Connect contact forms and WooCommerce to WhatsApp by live click to chat. Send form data to WhatsApp Business for instant customer engagement

3K No CVEs

Watso – Basic Help Chat Button

watso-basic-chat

100

Lightweight and blazing-fast WhatsApp chat button for WordPress with full customization, UTM tracking, multi-agent support, and scheduling.

100 No CVEs

Developer Profile

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form Developer Profile

ThemeAtelier

7 plugins · 4K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chat-help/src/Frontend/assets/css/style.css/wp-content/plugins/chat-help/src/Frontend/assets/js/script.js/wp-content/plugins/chat-help/src/Frontend/assets/css/responsive.css

Script Paths

/wp-content/plugins/chat-help/src/Frontend/assets/js/script.js

Version Parameters

chat-help/src/Frontend/assets/css/style.css?ver=chat-help/src/Frontend/assets/js/script.js?ver=chat-help/src/Frontend/assets/css/responsive.css?ver=

HTML / DOM Fingerprints

CSS Classes

chat-help-wrapchat-help-floatingchat-help-whatsapp-chat

HTML Comments

+1 more

Data Attributes

data-chat-help-iddata-chat-help-name

JS Globals

chat_help_params

Shortcode Output

[chat_help[chat-help

FAQ