Extra Settings for RocketChat Security & Risk Analysis
wordpress.org/plugins/extra-settings-for-rocketchatExtra settings for Rocket.Chat's Wordpress plugin. Helps display better on sites that have WooCommerce activated, adjust if data is collected fro …
Is Extra Settings for RocketChat Safe to Use in 2026?
Generally Safe
Score 85/100Extra Settings for RocketChat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin 'extra-settings-for-rocketchat' v0.1 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and the static analysis shows no dangerous functions, file operations, or external HTTP requests. Crucially, all SQL queries are prepared, which is a significant strength in preventing SQL injection. Taint analysis also reported no vulnerabilities.
However, there are notable areas of concern. The plugin has an extremely low percentage of properly escaped output (14%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks and capability checks is a critical weakness. While the identified entry point is only a shortcode, without proper authorization checks, it could potentially be exploited if it interacts with user-provided data or performs sensitive actions.
The complete lack of past vulnerability history is a positive sign, suggesting the developers may have a good security awareness or the plugin has not been widely targeted. Despite this, the current code analysis reveals significant potential for XSS and authorization bypass due to unescaped output and missing security checks on its single entry point.
Key Concerns
- Low output escaping percentage
- Missing nonce checks
- Missing capability checks
Extra Settings for RocketChat Security Vulnerabilities
Extra Settings for RocketChat Code Analysis
Output Escaping
Extra Settings for RocketChat Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
Extra Settings for RocketChat Maintenance & Trust
Maintenance Signals
Community Trust
Extra Settings for RocketChat Alternatives
Essential Addons for Elementor – Popular Elementor Templates & Widgets
essential-addons-for-elementor-lite
Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.
Google for WooCommerce
google-listings-and-ads
Native integration with Google that allows merchants to easily display their products across Google’s network.
WooPayments: Integrated WooCommerce Payments
woocommerce-payments
Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.
WooCommerce PayPal Payments
woocommerce-paypal-payments
PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.
Click to Chat – HoliThemes
click-to-chat-for-whatsapp
WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅
Extra Settings for RocketChat Developer Profile
2 plugins · 50 total installs
How We Detect Extra Settings for RocketChat
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
dashicons-yes-altdashicons-no-altdashicons-format-statusbtnid="rxstg_shortcode_btn"[rocketchat title='Open Support Chat']