Does FluentChat – Live Chat for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in FluentChat – Live Chat for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FluentChat – Live Chat for WordPress compatible with WordPress 4.9.29?

According to WordPress.org data, FluentChat – Live Chat for WordPress 1.0.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is FluentChat – Live Chat for WordPress updated?

FluentChat – Live Chat for WordPress was last updated on Nov 22, 2019. Frequent updates are generally a positive security signal.

What is FluentChat – Live Chat for WordPress's security score?

FluentChat – Live Chat for WordPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FluentChat – Live Chat for WordPress Security & Risk Analysis

wordpress.org/plugins/fluentchat-basic

FluentChat is a free, modern, gorgeous, and feature-packed live chat WordPress plugin. It is beginner-friendly and works on all mobile devices.

10 active installs v1.0.2 PHP + WP 4.1+ Updated Nov 22, 2019

chatchat-plugincustomer-supportlive-chatlive-help

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FluentChat – Live Chat for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

FluentChat – Live Chat for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The 'fluentchat-basic' v1.0.2 plugin exhibits a concerning security posture due to a large attack surface comprised entirely of unprotected AJAX handlers. The complete lack of authentication and authorization checks on these 23 entry points presents a significant risk, as any unauthenticated user could potentially interact with these functions, leading to unintended consequences or exploitability if further vulnerabilities exist within their implementation.

While the static analysis did not uncover critical or high-severity taint flows, it did reveal that 100% of the SQL queries are executed without prepared statements. This is a major concern, as it opens the door to SQL injection vulnerabilities, especially when combined with the unprotected AJAX endpoints. The low percentage of properly escaped output (44%) further exacerbates this risk, as it suggests potential for cross-site scripting (XSS) attacks. The plugin's history of zero known vulnerabilities might suggest a lack of public discovery or a relatively simple codebase, but it should not be interpreted as a guarantee of security, especially given the identified weaknesses.

In conclusion, 'fluentchat-basic' v1.0.2 has several critical security weaknesses. The unprotected AJAX handlers combined with raw SQL queries and insufficient output escaping create a high risk profile. While there are no recorded CVEs, the identified code-level issues necessitate immediate attention and remediation to ensure user data and site integrity.

Key Concerns

All AJAX handlers lack authentication checks
All AJAX handlers lack capability checks
100% of SQL queries use raw statements
Only 44% of output is properly escaped
No nonce checks on AJAX handlers

Vulnerabilities

None known

FluentChat – Live Chat for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

FluentChat – Live Chat for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared39 total queries

Output Escaping

44% escaped66 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

FluentChatBasic_GetCustomer (functions.php:1286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

23 unprotected

FluentChat – Live Chat for WordPress Attack Surface

Entry Points23

Unprotected23

AJAX Handlers 23

authwp_ajax_FluentChatBasic_GetCustomerfunctions.php:1284

noprivwp_ajax_FluentChatBasic_GetCustomerfunctions.php:1285

authwp_ajax_FluentChatBasic_ArchiveChatfunctions.php:1293

noprivwp_ajax_FluentChatBasic_ArchiveChatfunctions.php:1294

authwp_ajax_FluentChatBasic_SendContactFormfunctions.php:1307

noprivwp_ajax_FluentChatBasic_SendContactFormfunctions.php:1308

authwp_ajax_FluentChatBasic_EmailTranscriptfunctions.php:1334

noprivwp_ajax_FluentChatBasic_EmailTranscriptfunctions.php:1335

authwp_ajax_FluentChatBasic_UpdateCustomerInfofunctions.php:1368

noprivwp_ajax_FluentChatBasic_UpdateCustomerInfofunctions.php:1369

authwp_ajax_FluentChatBasic_UpdateCookiefunctions.php:1388

noprivwp_ajax_FluentChatBasic_UpdateCookiefunctions.php:1389

authwp_ajax_FluentChatBasic_UpdateStateCustomerfunctions.php:1395

noprivwp_ajax_FluentChatBasic_UpdateStateCustomerfunctions.php:1396

authwp_ajax_FluentChatBasic_ArchiveChatOperatorfunctions.php:1446

authwp_ajax_FluentChatBasic_GetOperatorProfilefunctions.php:1459

authwp_ajax_FluentChatBasic_GetArchivedChatsfunctions.php:1474

authwp_ajax_FluentChatBasic_GetChatMessagesfunctions.php:1499

authwp_ajax_FluentChatBasic_UpdateStateOperatorfunctions.php:1509

authwp_ajax_FluentChatBasic_TestNumberfunctions.php:1543

authwp_ajax_FluentChatBasic_UpdateSettingsfunctions.php:1564

authwp_ajax_FluentChatBasic_UpdateOperatorfunctions.php:1602

authwp_ajax_FluentChatBasic_UpdateCustomerfunctions.php:1628

WordPress Hooks 12

actionplugins_loadedfunctions.php:267

actionwp_loginfunctions.php:394

actionwp_logoutfunctions.php:407

actiontemplate_redirectfunctions.php:410

actionadmin_headfunctions.php:910

actionadmin_menufunctions.php:975

actionadmin_enqueue_scriptsfunctions.php:978

filterupload_dirfunctions.php:1066

filterupload_dirfunctions.php:1157

filterupload_dirfunctions.php:1169

actionwp_enqueue_scriptsfunctions.php:1181

filterbody_classfunctions.php:1215

Maintenance & Trust

FluentChat – Live Chat for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 22, 2019

PHP min version

Downloads7K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

FluentChat – Live Chat for WordPress Alternatives

KP Fastest Tidio Chat

kp-fastest-tidio-chat

Tidio Live Chat made fast and easy. Speed up your WordPress website and help customers via Tidio Live Chat on your website.

100 No CVEs

KP Fastest Chat

kp-fastest-chat

Live Chat made fast and easy. Speed up your WordPress website and help customers via Live Chat on your website. Supports all Chat Platforms.

10 No CVEs

WP Chatbull

wp-chatbull

Now chat with your website visitors with WP ChatBull. This is a perfect fit for Small Business for both who sell products and services.

10 No CVEs

3CX Free Live Chat, Calls & Messaging

wp-live-chat-support

Chat with your website visitors in real-time for free! Engage with your customers and increase sales.

100K 15 CVEs

Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

chatway-live-chat

100

AI chatbot & live chat for customer support, FAQ, chat buttons including WhatsApp with Chatway live chat. iOS & Android apps available 💬

30K No CVEs

Developer Profile

FluentChat – Live Chat for WordPress Developer Profile

Arindo Duque

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FluentChat – Live Chat for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fluentchat-basic/css/font-awesome.min.css/wp-content/plugins/fluentchat-basic/css/style.css/wp-content/plugins/fluentchat-basic/js/jquery-3.3.1.min.js/wp-content/plugins/fluentchat-basic/js/jquery-ui.min.js/wp-content/plugins/fluentchat-basic/js/bootstrap.min.js/wp-content/plugins/fluentchat-basic/js/moment.min.js/wp-content/plugins/fluentchat-basic/js/moment-timezone-with-data.min.js/wp-content/plugins/fluentchat-basic/js/jquery.countdown.min.js+8 more

Script Paths

/wp-content/plugins/fluentchat-basic/js/jquery-3.3.1.min.js/wp-content/plugins/fluentchat-basic/js/jquery-ui.min.js/wp-content/plugins/fluentchat-basic/js/bootstrap.min.js/wp-content/plugins/fluentchat-basic/js/moment.min.js/wp-content/plugins/fluentchat-basic/js/moment-timezone-with-data.min.js/wp-content/plugins/fluentchat-basic/js/jquery.countdown.min.js+8 more

Version Parameters

/wp-content/plugins/fluentchat-basic/css/style.css?ver=/wp-content/plugins/fluentchat-basic/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

fluentchat-basic-widgetfluentchat-basic-chat-boxfluentchat-basic-chat-headerfluentchat-basic-chat-footerfluentchat-basic-input-areafluentchat-basic-message-senderfluentchat-basic-chat-messagesfluentchat-basic-user-message+4 more

HTML Comments

Data Attributes

data-fluentchat-basic-iddata-fluentchat-operator-namedata-fluentchat-timestamp

JS Globals

FluentChatBasicfcb_settingsfcb_translationsfcb_ajax_urlfcb_chat_idfcb_is_logged_in

REST Endpoints

/wp-json/fluentchat-basic/v1/send-message/wp-json/fluentchat-basic/v1/get-messages/wp-json/fluentchat-basic/v1/get-chats/wp-json/fluentchat-basic/v1/get-customers/wp-json/fluentchat-basic/v1/get-operators/wp-json/fluentchat-basic/v1/send-feedback

Shortcode Output

[fluentchat_basic][fluentchat_basic widget_enabled='true'][fluentchat_basic show_widget='true']

FAQ