WP-Safety

Joinchat Security & Risk Analysis

wordpress.org/plugins/creame-whatsapp-me

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K active installs v6.1.3 PHP 7.0+ WP 4.9.6+ Updated Apr 15, 2026
chatfacebook-messengerfloating-buttontelegramwhatsapp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Joinchat Safe to Use in 2026?

Generally Safe

Score 100/100

Joinchat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "creame-whatsapp-me" plugin v6.0.10 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and generally escaping output effectively (90%). The absence of known historical vulnerabilities and critical taint flows is also encouraging. However, significant concerns arise from its attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks. This creates a substantial risk of unauthorized actions being performed by unauthenticated users. While there are nonce and capability checks present, their effectiveness is negated if the entry points themselves are not protected by authorization mechanisms.

The lack of historical vulnerabilities could indicate either a history of good security practices or simply a lack of past scrutiny. Given the current findings of unprotected AJAX handlers, it's crucial to assume the latter until further review. The primary weakness lies in the exposed AJAX endpoints, which represent a direct path for attackers to potentially exploit. The plugin's strengths in SQL and output handling are overshadowed by this critical oversight in its entry point security.

Key Concerns

  • AJAX handlers without auth checks
  • Large attack surface without auth
Vulnerabilities
None known

Joinchat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Joinchat Release Timeline

v6.1.3Current
v6.1.2
v6.1.1
v6.1.0
v6.0.10
v6.0.9
v6.0.8
v6.0.7
v6.0.6
v6.0.5
v6.0.4
v6.0.3
v6.0.2
v6.0.1
v6.0.0
v5.2.4
v5.2.3
v5.2.2
v5.2.1
v5.2.0
Code Analysis
Analyzed Mar 16, 2026

Joinchat Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
18
155 escaped
Nonce Checks
3
Capability Checks
3
File Operations
5
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

90% escaped173 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
save (admin\class-joinchat-admin-onboard.php:234)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Joinchat Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_joinchat_notice_dismissincludes\class-joinchat.php:179
authwp_ajax_joinchat_onboardincludes\class-joinchat.php:204
WordPress Hooks 114
actionadmin_enqueue_scriptsadmin\class-joinchat-admin-onboard.php:72
actionin_admin_headeradmin\class-joinchat-admin-onboard.php:73
filteradmin_titleadmin\class-joinchat-admin-onboard.php:75
filtersubmenu_fileadmin\class-joinchat-admin-onboard.php:76
actionadmin_enqueue_scriptsadmin\class-joinchat-admin-page.php:123
actionin_admin_headeradmin\class-joinchat-admin-page.php:124
filteradmin_titleadmin\class-joinchat-admin-page.php:126
filteradmin_footer_textadmin\class-joinchat-admin-page.php:127
filterteeny_mce_pluginsadmin\class-joinchat-admin-page.php:581
filterteeny_mce_buttonsadmin\class-joinchat-admin-page.php:585
filterjoinchat_custom_post_typesadmin\class-joinchat-elementor-admin.php:29
filterjoinchat_post_types_meta_boxadmin\class-joinchat-elementor-admin.php:30
filterjoinchat_extra_settingsadmin\class-joinchat-woo-admin.php:29
filterjoinchat_settings_validateadmin\class-joinchat-woo-admin.php:30
filterjoinchat_settings_i18nadmin\class-joinchat-woo-admin.php:31
filterjoinchat_admin_tabsadmin\class-joinchat-woo-admin.php:32
filterjoinchat_taxonomies_meta_boxadmin\class-joinchat-woo-admin.php:33
filterjoinchat_tab_visibility_sectionsadmin\class-joinchat-woo-admin.php:34
filterjoinchat_tab_woocommerce_sectionsadmin\class-joinchat-woo-admin.php:35
filterjoinchat_vars_helpadmin\class-joinchat-woo-admin.php:36
filterjoinchat_section_outputadmin\class-joinchat-woo-admin.php:37
filterjoinchat_field_outputadmin\class-joinchat-woo-admin.php:38
filterjoinchat_visibility_inheritanceadmin\class-joinchat-woo-admin.php:39
filterjoinchat_help_tab_styles_and_varsadmin\class-joinchat-woo-admin.php:40
filterjoinchat_metabox_varsadmin\class-joinchat-woo-admin.php:41
filterjoinchat_metabox_placeholdersadmin\class-joinchat-woo-admin.php:42
filterjoinchat_term_metabox_outputadmin\class-joinchat-woo-admin.php:45
filtersanitize_post_meta__joinchatgutenberg\class-joinchat-gutenberg.php:198
actionupdated_postmetagutenberg\class-joinchat-gutenberg.php:199
actionadmin_initincludes\class-joinchat-common.php:81
actionwpincludes\class-joinchat-common.php:82
filterjoinchat_format_replacementsincludes\class-joinchat-formatter.php:51
filterjoinchat_format_replacementsincludes\class-joinchat-formatter.php:52
actionadmin_noticesincludes\class-joinchat-i18n.php:32
actionjoinchat_settings_validationincludes\class-joinchat-i18n.php:33
filterjoinchat_get_settings_siteincludes\class-joinchat-i18n.php:34
actionjoinchat_register_translationsincludes\class-joinchat-i18n.php:37
filterjoinchat_load_translationsincludes\class-joinchat-i18n.php:38
filterjoinchat_showincludes\class-joinchat-integrations.php:29
actionjoinchat_run_preincludes\class-joinchat-integrations.php:41
actionjoinchat_run_preincludes\class-joinchat-integrations.php:48
filterjoinchat_elementor_finder_itemsincludes\class-joinchat-integrations.php:52
actionjoinchat_run_preincludes\class-joinchat-integrations.php:65
filterrocket_rucss_external_exclusionsincludes\class-joinchat-integrations.php:77
filterlitespeed_buffer_afterincludes\class-joinchat-integrations.php:82
filtertcb_lp_strip_css_whitelistincludes\class-joinchat-integrations.php:87
filterhivepress/v1/scriptsincludes\class-joinchat-integrations.php:95
filterhivepress/v1/stylesincludes\class-joinchat-integrations.php:96
filtersanitize_text_fieldincludes\class-joinchat-util.php:33
filterpre_get_document_titleincludes\class-joinchat-util.php:371
filterdocument_title_partsincludes\class-joinchat-util.php:372
actionadmin_noticesincludes\class-joinchat-util.php:591
actionjoinchat_run_preincludes\class-joinchat.php:56
actioninitincludes\class-joinchat.php:104
actionplugins_loadedincludes\class-joinchat.php:121
actioninitincludes\class-joinchat.php:143
actioninitincludes\class-joinchat.php:144
actionadmin_initincludes\class-joinchat.php:146
actionenqueue_block_editor_assetsincludes\class-joinchat.php:147
actionwp_footerincludes\class-joinchat.php:149
filteroption_page_capability_joinchatincludes\class-joinchat.php:171
actionadmin_initincludes\class-joinchat.php:175
actionadmin_enqueue_scriptsincludes\class-joinchat.php:176
actionadmin_enqueue_scriptsincludes\class-joinchat.php:177
actionadmin_noticesincludes\class-joinchat.php:178
actionadd_meta_boxesincludes\class-joinchat.php:181
actionsave_postincludes\class-joinchat.php:182
actionload-term.phpincludes\class-joinchat.php:184
actionload-edit-tags.phpincludes\class-joinchat.php:185
actionupdate_option_joinchatincludes\class-joinchat.php:186
filterplugin_row_metaincludes\class-joinchat.php:189
actionadmin_initincludes\class-joinchat.php:191
actionadmin_menuincludes\class-joinchat.php:195
actionadmin_initincludes\class-joinchat.php:196
actionload_joinchat_settings_pageincludes\class-joinchat.php:197
actionadmin_menuincludes\class-joinchat.php:201
actionadmin_headincludes\class-joinchat.php:202
actionload_joinchat_onboard_pageincludes\class-joinchat.php:203
filterjoinchat_settingsincludes\class-joinchat.php:229
actionwpincludes\class-joinchat.php:230
actionwp_enqueue_scriptsincludes\class-joinchat.php:231
actionwp_enqueue_scriptsincludes\class-joinchat.php:232
actionwp_print_stylesincludes\class-joinchat.php:233
actionwp_footerincludes\class-joinchat.php:234
actionwp_footerincludes\class-joinchat.php:235
actionwp_footerincludes\class-joinchat.php:236
actionjoinchat_preview_footerincludes\class-joinchat.php:239
actionjoinchat_preview_footerincludes\class-joinchat.php:240
filtertemplate_includeincludes\class-joinchat.php:267
filterget_post_metadataincludes\class-joinchat.php:268
filtershow_admin_barincludes\class-joinchat.php:269
filterjoinchat_showincludes\class-joinchat.php:270
filterjoinchat_classesincludes\class-joinchat.php:271
filterjoinchat_templateincludes\class-joinchat.php:272
filterjoinchat_inline_styleincludes\class-joinchat.php:273
actionwp_print_scriptsincludes\class-joinchat.php:275
actionwp_print_stylesincludes\class-joinchat.php:276
actionjoinchat_preview_headerincludes\class-joinchat.php:277
filterjoinchat_admin_tabsincludes\class-joinchat.php:299
filterjoinchat_tab_premium_sectionsincludes\class-joinchat.php:300
filterjoinchat_section_outputincludes\class-joinchat.php:301
actionjoinchat_admin_headerincludes\class-joinchat.php:303
actioninitjoinchat.php:56
filterjoinchat_extra_settingspublic\class-joinchat-woo-public.php:38
filterjoinchat_settings_i18npublic\class-joinchat-woo-public.php:39
filterjoinchat_get_settings_sitepublic\class-joinchat-woo-public.php:40
filterjoinchat_get_settingspublic\class-joinchat-woo-public.php:41
filterjoinchat_visibilitypublic\class-joinchat-woo-public.php:42
filterjoinchat_variable_replacementspublic\class-joinchat-woo-public.php:43
filterjoinchat_excluded_fieldspublic\class-joinchat-woo-public.php:44
filterjoinchat_script_lite_fieldspublic\class-joinchat-woo-public.php:45
filterstorefront_handheld_footer_bar_linkspublic\class-joinchat-woo-public.php:47
actionwp_footerpublic\class-joinchat-woo-public.php:49
filterjoinchat_classespublic\class-joinchat-woo-public.php:349
Maintenance & Trust

Joinchat Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 15, 2026
PHP min version7.0
Downloads16.5M

Community Trust

Rating94/100
Number of ratings189
Active installs700K
Alternatives

Joinchat Alternatives

Floating Contact Button for MAX and Telegram

Floating Contact Button for MAX and Telegram

floating-contact-button-for-max-and-telegram

A
100

A lightweight floating contact button for WordPress with support for Telegram, WhatsApp, Facebook Messenger and MAX.

900 No CVEs
SmartLink Chatbox

SmartLink Chatbox

smartlink-chatbox

A
100

Add floating chat buttons for WhatsApp, Telegram, Phone, and custom links. Fully customizable, lightweight, and responsive.

20 No CVEs
Scriptriz Smart Chat

Scriptriz Smart Chat

scriptriz-smart-chat

A
100

Adds a floating WhatsApp and Telegram chat button to your WordPress website.

0 No CVEs
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

A
92

WhatsApp chat, Facebook Messenger, Telegram, TikTok, Instagram, Email, Line, WeChat Phone call, SMS, 20+ live chat icons & WhatsApp chat pop up 💬

400K 11 CVEs
Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist

bit-assist

A
95

Floating sticky chat button for WhatsApp Chat, Facebook Messenger, Telegram, Instagram, SMS, Call, Discord chat, TikTok, Line & 30+ channels

10K 7 CVEs
Developer Profile

Joinchat Developer Profile

Creame

3 plugins · 701K total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Joinchat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/creame-whatsapp-me/admin/css/joinchat-onboard.css/wp-content/plugins/creame-whatsapp-me/admin/css/joinchat-onboard.min.css/wp-content/plugins/creame-whatsapp-me/admin/js/joinchat-onboard.js/wp-content/plugins/creame-whatsapp-me/admin/js/joinchat-onboard.min.js/wp-content/plugins/creame-whatsapp-me/admin/img/joinchat.svg
Script Paths
/wp-content/plugins/creame-whatsapp-me/admin/js/joinchat-onboard.js/wp-content/plugins/creame-whatsapp-me/admin/js/joinchat-onboard.min.js
Version Parameters
creame-whatsapp-me/admin/css/joinchat-onboard.css?ver=creame-whatsapp-me/admin/css/joinchat-onboard.min.css?ver=creame-whatsapp-me/admin/js/joinchat-onboard.js?ver=creame-whatsapp-me/admin/js/joinchat-onboard.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
joinchat__dialogjoinchat-headerjcadminbar
HTML Comments
<!-- phpcs:ignore -->
Data Attributes
clipPathdefspath
JS Globals
JOINCHAT_VERSIONJOINCHAT_SLUGJOINCHAT_FILEJOINCHAT_DIRJOINCHAT_BASENAMEjc_common
FAQ

Frequently Asked Questions about Joinchat