Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Security & Risk Analysis

wordpress.org/plugins/chat-viber

Unlimited customer support tool that allows visitors to engage using Viber.

300 active installs v1.7.10 PHP + WP 5.0+ Updated Mar 12, 2026

chatcustomermessagingsupportviber

A · Safe

CVEs total1

Unpatched0

Last CVEJan 6, 2025

Plugin page Download

Safety Verdict

Is Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Safe to Use in 2026?

Generally Safe

Score 99/100

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 22d ago

Risk Assessment

The 'chat-viber' plugin version 1.7.10 demonstrates a generally good security posture with robust implementation of access controls and output sanitization. The static analysis reveals a significant number of capability checks and nonce checks, indicating a proactive approach to securing entry points. The high percentage of properly escaped outputs further mitigates the risk of Cross-Site Scripting (XSS) vulnerabilities. Taint analysis shows no identified flows with unsanitized paths, which is a very positive sign regarding the handling of potentially malicious input.

However, the presence of the `unserialize` function is a notable concern. While not directly flagged as vulnerable in the static or taint analysis, `unserialize` is inherently risky when processing untrusted data, as it can lead to object injection vulnerabilities if not handled with extreme care. The plugin's history includes one medium-severity CVE related to XSS, which, although currently patched, highlights a past weakness in input sanitization or output encoding. The fact that the last vulnerability was in early 2025 suggests it's a relatively recent issue and might indicate a pattern of previously overlooked vulnerabilities.

Overall, the plugin has a strong foundation in security best practices. The primary area of caution lies in the `unserialize` function, which should be carefully reviewed for potential misuse. The historical CVE, while patched, serves as a reminder to maintain vigilance, especially concerning input handling and output escaping.

Key Concerns

Presence of 'unserialize' function
One past medium CVE (XSS)

Vulnerabilities

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12457medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.7.4 (11d)

Code Analysis

Analyzed Mar 16, 2026

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

1040 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize($response['body']);admin\HelpPage\Help.php:139

SQL Query Safety

67% prepared3 total queries

Output Escaping

92% escaped1126 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

csf_export (admin\csf\functions\actions.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 7

authwp_ajax_csf-get-iconsadmin\csf\functions\actions.php:50

authwp_ajax_csf-exportadmin\csf\functions\actions.php:87

authwp_ajax_csf-importadmin\csf\functions\actions.php:123

authwp_ajax_csf-resetadmin\csf\functions\actions.php:150

authwp_ajax_csf-chosenadmin\csf\functions\actions.php:189

authwp_ajax_themeatelier_dismiss_offer_banneradmin\Helpers\ThemeAtelier_Offer_Banner.php:37

authwp_ajax_vchat-never-show-review-noticeadmin\HelpPage\ReviewNotice.php:28

Shortcodes 1

[vchat] view\shortcodes\custom-shortcode.php:13

WordPress Hooks 53

actionadmin_footeradmin\appsero\Insights.php:122

actionadmin_noticesadmin\appsero\Insights.php:141

actionadmin_initadmin\appsero\Insights.php:144

filtercron_schedulesadmin\appsero\Insights.php:150

actionwp_enqueue_scriptsadmin\csf\classes\abstract.class.php:20

actionadmin_menuadmin\csf\classes\admin-options.class.php:111

actionadmin_bar_menuadmin\csf\classes\admin-options.class.php:112

actionnetwork_admin_menuadmin\csf\classes\admin-options.class.php:116

filteradmin_footer_textadmin\csf\classes\admin-options.class.php:481

actioncustomize_registeradmin\csf\classes\customize-options.class.php:44

actioncustomize_save_afteradmin\csf\classes\customize-options.class.php:45

actionwp_enqueue_scriptsadmin\csf\classes\customize-options.class.php:49

actionadd_meta_boxesadmin\csf\classes\metabox-options.class.php:50

actionsave_postadmin\csf\classes\metabox-options.class.php:51

actionedit_attachmentadmin\csf\classes\metabox-options.class.php:52

actionafter_setup_themeadmin\csf\classes\setup.class.php:73

actioninitadmin\csf\classes\setup.class.php:74

actionswitch_themeadmin\csf\classes\setup.class.php:75

actionadmin_enqueue_scriptsadmin\csf\classes\setup.class.php:76

actionwp_enqueue_scriptsadmin\csf\classes\setup.class.php:77

actionwp_headadmin\csf\classes\setup.class.php:78

filteradmin_body_classadmin\csf\classes\setup.class.php:79

actionadmin_footeradmin\csf\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsadmin\csf\fields\icon\icon.php:42

actionadmin_print_footer_scriptsadmin\csf\fields\link\link.php:65

actionprint_default_editor_scriptsadmin\csf\fields\wp_editor\wp_editor.php:62

actionadmin_menuadmin\csf\views\welcome.php:19

filterplugin_action_linksadmin\csf\views\welcome.php:20

filterplugin_row_metaadmin\csf\views\welcome.php:21

actionadmin_noticesadmin\Helpers\ThemeAtelier_Offer_Banner.php:36

actionadmin_noticesadmin\HelpPage\ReviewNotice.php:27

actionadmin_enqueue_scriptsadmin\TADiscountPage\TADiscountNotice.php:7

actionadmin_noticesadmin\TADiscountPage\TADiscountNotice.php:8

actionadmin_initadmin\TADiscountPage\TADiscountNotice.php:9

actionadmin_enqueue_scriptsadmin\TADiscountPage\TADiscountPageWithMenu.php:7

actionadmin_noticesadmin\TADiscountPage\TADiscountPageWithMenu.php:8

actionadmin_initadmin\TADiscountPage\TADiscountPageWithMenu.php:9

actionplugins_loadedchat-viber-lite.php:46

filterkses_allowed_protocolschat-viber-lite.php:60

actioninitchat-viber-lite.php:71

actionblock_categories_allchat-viber-lite.php:88

actionafter_setup_themechat-viber-lite.php:100

actionadmin_menuchat-viber-lite.php:145

actionwp_enqueue_scriptsinc\class-enqueue.php:22

actionadmin_enqueue_scriptsinc\class-enqueue.php:23

actioninitview\elementor-widgets\elementor-widget.php:153

actionadmin_noticesview\elementor-widgets\elementor-widget.php:178

actionadmin_noticesview\elementor-widgets\elementor-widget.php:185

actionelementor/elements/categories_registeredview\elementor-widgets\elementor-widget.php:190

actionelementor/widgets/widgets_registeredview\elementor-widgets\elementor-widget.php:194

actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:197

actionwp_enqueue_scriptsview\elementor-widgets\elementor-widget.php:360

actionwp_footerview\single-chat-bubble\single-chat-bubble.php:11

Maintenance & Trust

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Alternatives

Chat Floating Button BY XD

chat-floating-button-by-xd

100

Floating button for chatting with your visitors via WhatsApp.

300 No CVEs

TalkJS

talkjs

Launch production-ready chat in minutes with a powerful API, feature-rich SDKs, and a fully customizable design.

40 1 CVE

Paldesk – Live Chat & Helpdesk

paldesk-live-chat-helpdesk

Powerful live chat & helpdesk plugin made for your WordPress website. Convert leads to sales & help customers in real time - it's free!

30 No CVEs

Simple Chat Bot

simple-chat-bot

100

A user-friendly chatbot plugin for WordPress that enables seamless communication with your visitors via WhatsApp.

0 No CVEs

Simple Contact Button

simple-contact-button

100

Simple Contact Button: Add a customizable contact button to your website, allowing visitors to connect with you instantly and easily.

0 No CVEs

Developer Profile

Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode Developer Profile

Foysal Imran

7 plugins · 710 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

21 days

View full developer profile

Detection Fingerprints

How We Detect Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chat-viber/admin/assets/css/style.css/wp-content/plugins/chat-viber/admin/assets/js/script.js/wp-content/plugins/chat-viber/inc/assets/css/chat-viber-style.css/wp-content/plugins/chat-viber/inc/assets/js/chat-viber.js

Script Paths

/wp-content/plugins/chat-viber/admin/assets/js/script.js/wp-content/plugins/chat-viber/inc/assets/js/chat-viber.js

Version Parameters

chat-viber/inc/assets/css/chat-viber-style.css?ver=chat-viber/inc/assets/js/chat-viber.js?ver=chat-viber/admin/assets/css/style.css?ver=chat-viber/admin/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

viber-chat-supportchat-viber-get-pro-text

HTML Comments

Cannot access directly.

Data Attributes

data-viber-chat-support

FAQ