Does Goftino have any unpatched vulnerabilities?

No. All known vulnerabilities in Goftino have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Goftino compatible with WordPress 6.8.5?

According to WordPress.org data, Goftino 1.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Goftino compatible with PHP 5.2.4+?

Goftino requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Goftino updated?

Goftino was last updated on May 29, 2025. Frequent updates are generally a positive security signal.

What is Goftino's security score?

Goftino has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Goftino Security & Risk Analysis

wordpress.org/plugins/goftino

Goftino widget for wordpress users.

10K active installs v1.8 PHP 5.2.4+ WP 3.6+ Updated May 29, 2025

farsi-chatgoftinoonline-chatonline-support%da%af%d9%81%d8%aa%db%8c%d9%86%d9%88

A · Safe

CVEs total1

Unpatched0

Last CVEJul 11, 2024

Plugin page Download

Safety Verdict

Is Goftino Safe to Use in 2026?

Generally Safe

Score 99/100

Goftino has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 11, 2024Updated 10mo ago

Risk Assessment

The Goftino plugin v1.8 exhibits a generally good security posture with no critical or high severity issues identified in the static analysis or taint flow. The absence of direct AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the presence of a nonce check and the consistent use of prepared statements for SQL queries are commendable security practices. However, a concerning weakness lies in the output escaping, with only 33% of outputs being properly escaped. This indicates a risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern corroborated by the plugin's vulnerability history which lists an XSS vulnerability as its most recent issue. While this specific XSS vulnerability is reported as patched, the low percentage of proper output escaping suggests that other XSS vulnerabilities may still exist or could be introduced in future updates. The plugin has a history of vulnerabilities, specifically XSS, which warrants attention despite current patches. The overall security is decent due to limited attack surface and good SQL practices, but the output escaping deficit is a notable concern.

Key Concerns

Low percentage of properly escaped output
History of XSS vulnerabilities

Vulnerabilities

Goftino Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-38697medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Goftino <= 1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Jul 11, 2024 Patched in 1.7 (7d)

Code Analysis

Analyzed Mar 16, 2026

Goftino Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped12 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

wp_save_goftino (goftino.php:56)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Goftino Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menugoftino.php:26

actionadmin_initgoftino.php:30

actionadmin_post_wp_save_goftinogoftino.php:36

actionadmin_post_nopriv_wp_save_goftinogoftino.php:37

actionwp_footergoftino.php:38

Maintenance & Trust

Goftino Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 29, 2025

PHP min version5.2.4

Downloads98K

Community Trust

Rating74/100

Number of ratings6

Active installs10K

Alternatives

Goftino Alternatives

Nuway

nuway

Nuway widget for WordPress users.

0 No CVEs

Smartsupp – live chat, AI shopping assistant and chatbots

smartsupp-live-chat

Boost your sales and turn visitors into customers with live chat, AI tools and chatbots. Smartsupp is trusted by 100,000+ online stores.

20K 2 CVEs

Live Chat & AI Chatbots – onWebChat

onwebchat

Enhance customer service with instant 24/7 AI-powered replies. Now with WooCommerce integration, so your chatbot understands your products and helps c …

800 1 CVE

Free Live Chat Support

livesupporti

Free Live Support Chat for your WordPress website.

700 1 CVE

SiteHeart

siteheart

SiteHeart - Free online chat for website.

60 No CVEs

Developer Profile

Goftino Developer Profile

goftino

1 plugin · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Goftino

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/goftino/img/logo-m.png

Script Paths

https://www.goftino.com/widget/

HTML / DOM Fingerprints

Data Attributes

data-goftinoplugin

JS Globals

window.isGoftinoAddedwindow.addEventListener('goftino_ready'Goftino.setUser

FAQ