BrainCert Virtual Classroom Security & Risk Analysis
wordpress.org/plugins/html5-virtual-classroomTransform the way you educate with BrainCert's Virtual Classroom API. Immerse your users in a world of interactive, dynamic, and effective online …
Is BrainCert Virtual Classroom Safe to Use in 2026?
Generally Safe
Score 100/100BrainCert Virtual Classroom has a strong security track record. Known vulnerabilities have been patched promptly.
The "html5-virtual-classroom" v2.8.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices with 100% output escaping, a high percentage of prepared SQL statements, and no identified file operations or external HTTP requests. The absence of critical or high severity taint flows and known unpatched CVEs also contributes to a generally favorable outlook.
However, several areas raise concern. The presence of an unprotected AJAX handler represents a significant attack vector, potentially allowing unauthenticated users to trigger sensitive actions. While the taint analysis did not uncover critical or high severity issues, the 9 flows with unsanitized paths, although not explicitly categorized by severity, warrant attention as they could lead to unexpected behavior or vulnerabilities. Furthermore, the plugin lacks nonce checks on its AJAX handler, a fundamental security measure for preventing CSRF attacks. The vulnerability history, while currently showing no unpatched issues, indicates a past medium-severity vulnerability, specifically Cross-site Scripting, suggesting that the plugin has had exploitable flaws in the past.
In conclusion, while the plugin has strengths in output escaping and SQL practices, the unprotected AJAX endpoint and lack of nonce checks are critical weaknesses. The past XSS vulnerability also suggests that vigilance is required. Addressing the unprotected entry point and implementing proper nonce checks should be the immediate priorities to mitigate the identified risks.
Key Concerns
- Unprotected AJAX handler
- Missing nonce checks on AJAX
- Flows with unsanitized paths
- One medium CVE historically
BrainCert Virtual Classroom Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
BrainCert – HTML5 Virtual Classroom <= 2.1 - Reflected Cross-Site Scripting
BrainCert Virtual Classroom Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
BrainCert Virtual Classroom Attack Surface
AJAX Handlers 1
Shortcodes 4
WordPress Hooks 7
Maintenance & Trust
BrainCert Virtual Classroom Maintenance & Trust
Maintenance Signals
Community Trust
BrainCert Virtual Classroom Alternatives
Virtual Classroom – Video Conferencing & Online Meeting with BigBlueButton
video-conferencing-with-bbb
This plugin allows teachers to manage their live virtual classrooms, video conference and online meeting right from WordPress.
Plug-N-Meet web conference integration
plugnmeet
x-release-please-start-version Stable tag: 2.1.1 # x-release-please-end Requires PHP: 8.2.0 License: GPLv2 or later License URI: http://www.gnu.
Video Conferencing with Zoom
video-conferencing-with-zoom-api
Gives you the power to manage Zoom Meetings, Zoom Webinars, Recordings, Reports and create users directly from your WordPress dashboard.
eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams
eroom-zoom-meetings-webinar
eRoom is the best WordPress Zoom Meeting and Webinar Plugin. eRoom Zoom WordPress plugin enables integration with Zoom, Google Meet, Microsoft Teams.
FlexMeeting – Webinar & Meeting Plugin for Jitsi Meet
webinar-and-video-conference-with-jitsi-meet
Host webinars and video conferences directly on your site. Add branded Jitsi-based meetings and live sessions easily.
BrainCert Virtual Classroom Developer Profile
1 plugin · 30 total installs
How We Detect BrainCert Virtual Classroom
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/html5-virtual-classroom/assets/css/vlcr_styles.css/wp-content/plugins/html5-virtual-classroom/assets/css/bootstrap.css/wp-content/plugins/html5-virtual-classroom/assets/js/script.js/wp-content/plugins/html5-virtual-classroom/assets/js/bootstrap.js/wp-content/plugins/html5-virtual-classroom/assets/js/jquery.dataTables.min.js/wp-content/plugins/html5-virtual-classroom/assets/js/dataTables.bootstrap.min.js/wp-content/plugins/html5-virtual-classroom/assets/js/vlcr_class.js/wp-content/plugins/html5-virtual-classroom/assets/js/vlcr_teacher.js+11 more/wp-content/plugins/html5-virtual-classroom/assets/js/script.js/wp-content/plugins/html5-virtual-classroom/assets/js/bootstrap.js/wp-content/plugins/html5-virtual-classroom/assets/js/jquery.dataTables.min.js/wp-content/plugins/html5-virtual-classroom/assets/js/dataTables.bootstrap.min.js/wp-content/plugins/html5-virtual-classroom/assets/js/vlcr_class.js/wp-content/plugins/html5-virtual-classroom/assets/js/vlcr_teacher.js+11 morehtml5-virtual-classroom/assets/css/vlcr_styles.css?ver=html5-virtual-classroom/assets/css/bootstrap.css?ver=html5-virtual-classroom/assets/js/script.js?ver=html5-virtual-classroom/assets/js/bootstrap.js?ver=html5-virtual-classroom/assets/js/jquery.dataTables.min.js?ver=html5-virtual-classroom/assets/js/dataTables.bootstrap.min.js?ver=html5-virtual-classroom/assets/js/vlcr_class.js?ver=html5-virtual-classroom/assets/js/vlcr_teacher.js?ver=html5-virtual-classroom/assets/js/vlcr_user.js?ver=html5-virtual-classroom/assets/js/vlcr_purchase.js?ver=html5-virtual-classroom/assets/js/vlcr_discount.js?ver=html5-virtual-classroom/assets/js/vlcr_pricing.js?ver=html5-virtual-classroom/assets/js/vlcr_recording.js?ver=html5-virtual-classroom/assets/js/vlcr_acl.js?ver=html5-virtual-classroom/assets/js/vlcr_payment.js?ver=html5-virtual-classroom/assets/js/vlcr_invite_user.js?ver=html5-virtual-classroom/assets/js/vlcr_invite_group.js?ver=html5-virtual-classroom/assets/js/vlcr_email_template.js?ver=html5-virtual-classroom/assets/js/vlcr_settings.js?ver=HTML / DOM Fingerprints
vlcr_loginvlcr_teacher_previewvlcr_attendancevlcr_learner_preview<!-- Plugin Name: Virtual Classroom --><!-- Plugin URI: --><!-- Description: Plugin for Virtual Classroom --><!-- Author: BrainCert -->+5 moredata-vc-class-iddata-vc-teacher-idvlcr_objectvlcr_admin_objvlcr_teacher_objvlcr_user_objvlcr_purchase_objvlcr_discount_obj+8 more[vlcr_login][vlcr_teacher_preview][vlcr_attendance][vlcr_learner_preview]