Does enrol.chat have any unpatched vulnerabilities?

No. All known vulnerabilities in enrol.chat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is enrol.chat compatible with WordPress 6.4.8?

According to WordPress.org data, enrol.chat 1.1.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is enrol.chat compatible with PHP 7.0+?

enrol.chat requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is enrol.chat updated?

enrol.chat was last updated on Nov 14, 2023. Frequent updates are generally a positive security signal.

What is enrol.chat's security score?

enrol.chat has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

enrol.chat Security & Risk Analysis

wordpress.org/plugins/enrol-chat

Create the best conversational chatbot for your website.

0 active installs v1.1.1 PHP 7.0+ WP 4.7+ Updated Nov 14, 2023

ai-botchatbotenrol-chatlive-chatwebsite-chat

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is enrol.chat Safe to Use in 2026?

Generally Safe

Score 85/100

enrol.chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The enrol-chat plugin version 1.1.1 demonstrates a mixed security posture. On the positive side, there are no identified vulnerabilities in its history, and the code analysis reveals no dangerous functions, no raw SQL queries, no file operations, and no external HTTP requests, which are all excellent security practices. Furthermore, the absence of any shortcodes, cron events, or REST API routes significantly limits the potential attack surface.

However, the static analysis also highlights several concerning areas. The presence of unsanitized paths in two taint flows, even without critical or high severity, indicates a potential for improper handling of data that could lead to vulnerabilities if exploited. The most significant concern is the lack of any capability checks and nonce checks across all identified entry points. This means that if any entry points were discovered or introduced in the future, they would be entirely unprotected against unauthorized actions.

The plugin's vulnerability history being clean is a positive indicator, but it does not negate the inherent risks identified in the code. The lack of comprehensive authentication and authorization checks is a fundamental security weakness that needs to be addressed. In conclusion, while the plugin has avoided known historical vulnerabilities and employs some good coding practices, the absence of essential security checks like capability and nonce verification presents a considerable risk, especially if the attack surface were to expand.

Key Concerns

Unsanitized paths in taint flows
No nonce checks
No capability checks
Low percentage of properly escaped output

Vulnerabilities

None known

enrol.chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

enrol.chat Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

44% escaped9 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ecbw_options_page_html (enrol-chat.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

enrol.chat Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menuenrol-chat.php:11

actionwp_footerenrol-chat.php:149

Maintenance & Trust

enrol.chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 14, 2023

PHP min version7.0

Downloads965

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

enrol.chat Alternatives

CW – AI GPT Chatbot

cw-ai-gpt-chatbot

The AI GPT Chatbot for WordPress interface: a straightforward platform to integrate your AI GPT Chatbot code.

0 No CVEs

Webot Chatbot

webot-chatbot

Boost customer service with Webot AI Chatbot. Provide real-time assistance, engage visitors, and convert leads with our customizable chatbot solution.

0 No CVEs

Tidio – Live Chat & AI Chatbots

tidio-live-chat

Add Tidio Live Chat to your WordPress for free to answer customers’ questions, engage website visitors, generate leads, and increase sales.

80K 2 CVEs

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

button-contact-vr

Powerful platform with Live Chat, AI Chatbots, and Real-Time Visitor Monitoring! Also, create Call, Email, SMS, & Contact buttons to increase conv …

60K 3 CVEs

Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

chatway-live-chat

100

AI chatbot & live chat for customer support, FAQ, chat buttons including WhatsApp with Chatway live chat. iOS & Android apps available 💬

30K No CVEs

Developer Profile

enrol.chat Developer Profile

enrolchat

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect enrol.chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/enrol-chat/images/ecbw_icon.png

Script Paths

https://w.enrol.chat/widget.js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

id="enrol_bot_id"name="enrol_bot_id"

JS Globals

window.chatbsettingswindow.chatwidget

FAQ