WP-Safety

Crisp – Live Chat and Chatbot Security & Risk Analysis

wordpress.org/plugins/crisp

A Free, one-click-to-install, Live Chat and chatbot plugin. No coding skills are required. Used by more than 30 000 customers on WordPress.

20K active installs v0.48 PHP 5.3+ WP 3.0.1+ Updated Apr 14, 2025
chatbotcrispfree-live-chatlive-chatlivechat
99
A · Safe
CVEs total2
Unpatched0
Last CVEMar 13, 2024
Plugin page Download
Safety Verdict

Is Crisp – Live Chat and Chatbot Safe to Use in 2026?

Generally Safe

Score 99/100

Crisp – Live Chat and Chatbot has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 13, 2024Updated 11mo ago
Risk Assessment

The plugin 'crisp' version 0.48 exhibits a generally good security posture based on static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points indicates a minimal attack surface. The code also demonstrates strong adherence to secure coding practices, with 100% of SQL queries using prepared statements, a high percentage of output escaping, and the presence of nonce and capability checks. The lack of dangerous functions, file operations, and external HTTP requests further bolsters its security. However, the plugin has a history of two known CVEs, one of high and one of medium severity, which were reportedly addressed. While no current unpatched vulnerabilities are listed, this history, along with the past presence of Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, suggests a need for continued vigilance and thorough testing with future updates. The static analysis did not reveal any critical or high-severity taint flows, which is a positive sign. Overall, the current version appears relatively secure, but the historical vulnerability pattern warrants cautious management.

Key Concerns

  • Known high severity vulnerability in history
  • Known medium severity vulnerability in history
  • Some output not properly escaped (11%)
Vulnerabilities
2

Crisp – Live Chat and Chatbot Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-27963medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Crisp <= 0.44 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Mar 13, 2024 Patched in 0.45 (8d)
CVE-2021-43353high · 8.8Cross-Site Request Forgery (CSRF)

Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting

Dec 16, 2021 Patched in 0.32 (768d)
Code Analysis
Analyzed Mar 16, 2026

Crisp – Live Chat and Chatbot Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
17 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

89% escaped19 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
crisp_plugin_settings_page (crisp.php:99)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Crisp – Live Chat and Chatbot Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 10
actionplugins_loadedcrisp.php:16
actionadmin_menucrisp.php:30
actionwp_enqueue_scriptscrisp.php:31
actionscript_loader_tagcrisp.php:32
actionadmin_initcrisp.php:46
actionadmin_initcrisp.php:47
actionadmin_noticescrisp.php:48
actionadmin_enqueue_scriptscrisp.php:49
actionplugins_loadedcrisp.php:50
actionadmin_enqueue_scriptscrisp.php:100
Maintenance & Trust

Crisp – Live Chat and Chatbot Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 14, 2025
PHP min version5.3
Downloads764K

Community Trust

Rating92/100
Number of ratings73
Active installs20K
Alternatives

Crisp – Live Chat and Chatbot Alternatives

Tidio – Live Chat & AI Chatbots

Tidio – Live Chat & AI Chatbots

tidio-live-chat

A
99

Add Tidio Live Chat to your WordPress for free to answer customers’ questions, engage website visitors, generate leads, and increase sales.

80K 2 CVEs
Support Board Cloud

Support Board Cloud

support-board-cloud

A
100

A Free one-click-to-install Live Chat plugin. No coding skills required. Used by more than 2000 customers on WordPress.

200 No CVEs
SaleSmartly – Live Chat & Chat Bot Integrate

SaleSmartly – Live Chat & Chat Bot Integrate

salesmartly-chat

A
100

Smart Sales Human service for your customers

100 No CVEs
Kimiyi AI – AI Chatbot with Digital Human, ChatGPT

Kimiyi AI – AI Chatbot with Digital Human, ChatGPT

kimiyiai-chatbot

A
100

Enhance your WordPress site with Free ChatGPT AI Chatbot. Easily create lifelike digital humans to Answer Questions with Voice, Provide 24/7 Support, &hellip;

0 No CVEs
MsgSmartly By Digidopt

MsgSmartly By Digidopt

msgsmartly-by-digidopt

A
85

A Free one-click-to-install Live Chat plugin. No coding skills required. Used by more than 2000 customers on WordPress.

0 No CVEs
Developer Profile

Crisp – Live Chat and Chatbot Developer Profile

crisp

1 plugin · 20K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
388 days
View full developer profile
Detection Fingerprints

How We Detect Crisp – Live Chat and Chatbot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crisp/assets/stylesheets/style.css/wp-content/plugins/crisp/assets/images/icon-favicon.svg

HTML / DOM Fingerprints

CSS Classes
notice-crisp
JS Globals
crisp
FAQ

Frequently Asked Questions about Crisp – Live Chat and Chatbot