Does Chatbot for WordPress by Collect.chat ⚡️ have any unpatched vulnerabilities?

No. All known vulnerabilities in Chatbot for WordPress by Collect.chat ⚡️ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Chatbot for WordPress by Collect.chat ⚡️ compatible with WordPress 6.9.4?

According to WordPress.org data, Chatbot for WordPress by Collect.chat ⚡️ 2.4.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Chatbot for WordPress by Collect.chat ⚡️ updated?

Chatbot for WordPress by Collect.chat ⚡️ was last updated on Feb 13, 2026. Frequent updates are generally a positive security signal.

What is Chatbot for WordPress by Collect.chat ⚡️'s security score?

Chatbot for WordPress by Collect.chat ⚡️ has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Chatbot for WordPress by Collect.chat ⚡️ Security & Risk Analysis

wordpress.org/plugins/collectchat

Chatbots without AI are the easiest way to collect leads & data from visitors. Create a free chatbot without coding using Collect.chat.

7K active installs v2.4.9 PHP + WP 4.5.0+ Updated Feb 13, 2026

botchat-botchat-widgetchatbotlead-generation

A · Safe

CVEs total4

Unpatched0

Last CVEFeb 13, 2026

Plugin page Download

Safety Verdict

Is Chatbot for WordPress by Collect.chat ⚡️ Safe to Use in 2026?

Generally Safe

Score 95/100

Chatbot for WordPress by Collect.chat ⚡️ has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 13, 2026Updated 1mo ago

Risk Assessment

The static analysis of collectchat v2.4.9 reveals a generally good security posture with several positive indicators. The plugin utilizes prepared statements for all SQL queries, has a high percentage of properly escaped output, and implements nonce and capability checks on entry points. There are no observed dangerous functions, file operations, or critical taint flows. This suggests the developers are following many secure coding practices.

However, the plugin's vulnerability history is a significant concern. With 4 known medium severity CVEs, all of which are related to Cross-Site Scripting (XSS), this indicates a recurring pattern of input sanitization issues. While there are currently no unpatched vulnerabilities, the historical prevalence of XSS warrants caution, as similar issues could re-emerge in future versions if not rigorously addressed. The presence of an external HTTP request also represents a potential attack vector, though its specific context and security measures are not detailed in the provided data.

In conclusion, collectchat v2.4.9 demonstrates strengths in its modern coding practices regarding SQL and output handling. Nonetheless, the historical pattern of medium severity XSS vulnerabilities is a notable weakness that requires ongoing vigilance from users. The plugin's limited attack surface and generally good internal checks are positive, but the past vulnerability trend necessitates a cautious approach to its deployment.

Key Concerns

Multiple medium severity XSS vulnerabilities in history
External HTTP request present

Vulnerabilities

Chatbot for WordPress by Collect.chat ⚡️ Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2026-0736medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field

Feb 13, 2026 Patched in 2.4.9 (3d)

CVE-2024-6498medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 15, 2024 Patched in 2.4.4 (26d)

CVE-2024-30436medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

collectchat <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 2.4.2 (7d)

CVE-2023-5691medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chatbot for WordPress <= 2.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 24, 2023 Patched in 2.4.0 (60d)

Code Analysis

Analyzed Mar 16, 2026

Chatbot for WordPress by Collect.chat ⚡️ Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped38 total outputs

Attack Surface

Chatbot for WordPress by Collect.chat ⚡️ Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_collectchat_submit_uninstall_reason_actiondeactivation-feedback\feedback-form.php:396

Shortcodes 1

[collect-chat] collect.php:88

WordPress Hooks 11

actionplugins_loadedcollect.php:30

actionadmin_initcollect.php:32

actionadmin_menucollect.php:36

actionwp_headcollect.php:40

actionplugins_loadedcollect.php:44

actionadmin_noticescollect.php:54

actionactivated_plugincollect.php:58

actionadmin_noticescollect.php:64

actionadmin_initcollect.php:65

actionsave_postcollect.php:239

actionadmin_enqueue_scriptsdeactivation-feedback\register.php:31

Maintenance & Trust

Chatbot for WordPress by Collect.chat ⚡️ Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 13, 2026

PHP min version

Downloads231K

Community Trust

Rating88/100

Number of ratings38

Active installs7K

Alternatives

Chatbot for WordPress by Collect.chat ⚡️ Alternatives

MicroChat – Live Chat, Chatbots

microchat

Chatbots are the most convenient approach to collect leads and information from website visitors. MicroChat.io allows you to make a free chatbot witho …

0 No CVEs

Chatbot to boost conversions by Joonbot

joonbot

Chatbot to boost conversions. Improve your conversion rate and grow revenue in minutes with our no-code chatbot builder. Start with our 14 days trial …

60 No CVEs

Formito — Chatbot and Chat-style Form Builder

formito

Shortcode, oEmbed, and configurations for Formito.

10 No CVEs

First Contact Chatbots

first-contact-chatbots

100

First Contact Chatbots keeps your valuable time away from configuring and setting up a working chatbot. Just put your company information in forms and …

0 No CVEs

LiveChat – Live Chat Plugin for WP Websites

wp-live-chat-software-for-wordpress

Best live chat and help desk plugin for WordPress websites. Add the LiveChat widget to engage visitors and provide real‑time customer support! 🚀

10K 2 CVEs

Developer Profile

Chatbot for WordPress by Collect.chat ⚡️ Developer Profile

collectchat

1 plugin · 7K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

24 days

View full developer profile

Detection Fingerprints

How We Detect Chatbot for WordPress by Collect.chat ⚡️

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/collectchat/css/collectchat.css/wp-content/plugins/collectchat/js/collectchat.js

Script Paths

https://collect.chat/widget/v2/collect.chat.js

Version Parameters

collectchat/css/collectchat.css?ver=collectchat/js/collectchat.js?ver=

HTML / DOM Fingerprints

CSS Classes

collectchat-buttoncollectchat-widgetcollect-chat-main-container

HTML Comments

Data Attributes

data-collectchat-iddata-collectchat-widget-url

JS Globals

CollectChatWidgetCollectChatConfig

REST Endpoints

/wp-json/collectchat/v1/settings/wp-json/collectchat/v1/send_message

Shortcode Output

<iframe src="https://links.collect.chat/

FAQ