Does Facebook Chat Plugin – Live Chat Plugin for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Facebook Chat Plugin – Live Chat Plugin for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Facebook Chat Plugin – Live Chat Plugin for WordPress compatible with WordPress 5.9.13?

According to WordPress.org data, Facebook Chat Plugin – Live Chat Plugin for WordPress 2.5 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Facebook Chat Plugin – Live Chat Plugin for WordPress compatible with PHP 5.2.4+?

Facebook Chat Plugin – Live Chat Plugin for WordPress requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Facebook Chat Plugin – Live Chat Plugin for WordPress's security score?

Facebook Chat Plugin – Live Chat Plugin for WordPress has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Facebook Chat Plugin – Live Chat Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/facebook-messenger-customer-chat

The Facebook Chat Plugin makes it easy for your website visitors to chat with you and ask you questions, even if they don't have Messenger.

90K active installs v2.5 PHP 5.2.4+ WP 3.9+ Updated Jul 5, 2022

chatcustomer-carefacebookmessagingmessenger

B · Generally Safe

CVEs total2

Unpatched0

Last CVEAug 4, 2020

Download

Safety Verdict

Is Facebook Chat Plugin – Live Chat Plugin for WordPress Safe to Use in 2026?

Mostly Safe

Score 84/100

Facebook Chat Plugin – Live Chat Plugin for WordPress is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEsLast CVE: Aug 4, 2020Updated 3yr ago

Risk Assessment

The facebook-messenger-customer-chat plugin, version 2.5, exhibits a generally strong security posture based on the static analysis. The plugin demonstrates good development practices with a small attack surface and all identified entry points appear to have authentication checks. The code shows no critical or high severity taint flows, indicating that unsanitized user input is not being processed in a way that would lead to immediate exploitation. Furthermore, the plugin utilizes prepared statements for all SQL queries and has a high percentage of properly escaped output, minimizing risks associated with SQL injection and cross-site scripting.

However, the plugin's vulnerability history raises some concerns. With two known CVEs, including one high and one medium severity vulnerability, it suggests a past susceptibility to specific attack types like improper access control and CSRF. While there are currently no unpatched CVEs, the historical pattern indicates that the plugin has been a target. The last vulnerability was in 2020, which might suggest a lack of recent security audits or active maintenance in that regard. The plugin's reliance on external HTTP requests, while not inherently insecure, warrants careful monitoring for any potential vulnerabilities that could arise from these integrations.

Key Concerns

High/Medium severity CVEs in history
Past CSRF and Improper Access Control vulnerabilities
External HTTP requests

Vulnerabilities

Facebook Chat Plugin – Live Chat Plugin for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2020

2020

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2020-36838high · 7.4Improper Access Control

Facebook Chat Plugin <= 1.5 - Missing Capabilities Check

Aug 4, 2020 Patched in 1.6 (1534d)

WF-edd1396b-02f6-4292-82df-76c5eeecfe20-facebook-messenger-customer-chatmedium · 4.3Cross-Site Request Forgery (CSRF)

Facebook Chat Plugin <= 1.2 - Cross-Site Request Forgery to Site Settings Changes

Jun 17, 2019 Patched in 1.3 (1681d)

Code Analysis

Analyzed Mar 16, 2026

Facebook Chat Plugin – Live Chat Plugin for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped28 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

fbmcc_update_options (options.php:106)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Facebook Chat Plugin – Live Chat Plugin for WordPress Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_fbmcc_update_optionsoptions.php:22

WordPress Hooks 16

actionadmin_initfacebook-messenger-customer-chat.php:47

actioncurrent_screenfacebook-messenger-customer-chat.php:48

actionwp_footerfacebook-messenger-customer-chat.php:49

filterplugin_action_linksfacebook-messenger-customer-chat.php:50

filterplugin_row_metafacebook-messenger-customer-chat.php:51

actionplugins_loadedfacebook-messenger-customer-chat.php:52

actionadmin_menufacebook-messenger-customer-chat.php:53

actionadmin_noticesfacebook-messenger-customer-chat.php:54

actionadmin_noticesfacebook-messenger-customer-chat.php:55

actionadmin_noticesfacebook-messenger-customer-chat.php:56

filterpand_dismiss_notice_js_urlfacebook-messenger-customer-chat.php:57

actionshutdownfacebook-messenger-customer-chat.php:58

actionin_admin_headerfacebook-messenger-customer-chat.php:84

actionadmin_enqueue_scriptsoptions.php:19

actionadmin_enqueue_scriptsoptions.php:20

actionadmin_menuoptions.php:21

Maintenance & Trust

Facebook Chat Plugin – Live Chat Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedJul 5, 2022

PHP min version5.2.4

Downloads1.8M

Community Trust

Rating70/100

Number of ratings303

Active installs90K

Alternatives

Facebook Chat Plugin – Live Chat Plugin for WordPress Alternatives

Better Chat Support for Messenger

better-chat-support

Add a customizable Messenger chat bubble to your site for instant conversations, smart pre-filled messages, and availability control.

1K 1 CVE

Chat Plus – Unofficial Addon to disable chat on page and more

chat-plus

Unofficial Addon for Facebook Customer Chat. Added useful functions including disable chat in some pages, css class for CTA button to show chat, auto …

0 No CVEs

Joinchat

creame-whatsapp-me

100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

WhatsApp chat, Facebook Messenger, Telegram, TikTok, Instagram, Email, Line, WeChat Phone call, SMS, 20+ live chat icons & WhatsApp chat pop up 💬

400K 11 CVEs

Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist

bit-assist

Floating sticky chat button for WhatsApp Chat, Facebook Messenger, Telegram, Instagram, SMS, Call, Discord chat, TikTok, Line & 30+ channels

10K 7 CVEs

Developer Profile

Facebook Chat Plugin – Live Chat Plugin for WordPress Developer Profile

Facebook

3 plugins · 990K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1236 days

View full developer profile

Detection Fingerprints

How We Detect Facebook Chat Plugin – Live Chat Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/facebook-messenger-customer-chat/js/src/common.js/wp-content/plugins/facebook-messenger-customer-chat/js/build/index.js

Version Parameters

facebook-messenger-customer-chat/css/styles.css?ver=facebook-messenger-customer-chat/js/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

fb-customerchat

HTML Comments

fbmcc-config-disabled

Data Attributes

attribution="wordpress"attribution_version="2.3"page_id

JS Globals

FB

FAQ