WP-Safety

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Security & Risk Analysis

wordpress.org/plugins/indigitall-web-push-notifications

Two solutions in one plugin: add a chat button and send web push notifications on mobile and desktop.

100 active installs v3.3.3 PHP 7.2.24+ WP 4.0+ Updated Feb 25, 2026
chatclick-to-chatlive-chatweb-chatweb-push
100
A · Safe
CVEs total1
Unpatched0
Last CVEJul 17, 2023
Plugin page Download
Safety Verdict

Is IURNY by INDIGITALL – Instant Chat, Web Push Notifications Safe to Use in 2026?

Generally Safe

Score 100/100

IURNY by INDIGITALL – Instant Chat, Web Push Notifications has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 17, 2023Updated 1mo ago
Risk Assessment

The indigitall-web-push-notifications plugin exhibits a mixed security posture. While it demonstrates strong practices in SQL query handling with 100% prepared statements and a high percentage of properly escaped outputs, significant concerns arise from its attack surface. A substantial 23 AJAX handlers are exposed without any authentication checks, representing a critical vulnerability point. The absence of taint analysis results, while potentially indicating a clean codebase in that regard, offers no reassurance for potential input validation issues.

The plugin's vulnerability history, specifically a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggests a history of input sanitization weaknesses. Although this vulnerability is currently patched, the pattern of XSS issues combined with the large number of unprotected AJAX endpoints indicates a potential for attackers to exploit unvalidated user input for malicious purposes. The plugin's strengths lie in its SQL handling and output escaping, but these are overshadowed by the critical risk of numerous unauthenticated entry points.

In conclusion, the plugin has areas of good security practice, particularly in database interactions and output rendering. However, the large number of unprotected AJAX handlers is a glaring security flaw that significantly increases the risk profile. The past XSS vulnerability further reinforces the need for rigorous input validation and robust authentication mechanisms on all entry points. This plugin requires immediate attention to secure its exposed AJAX handlers to mitigate potential exploitation.

Key Concerns

  • 23 unprotected AJAX handlers
  • Past medium severity XSS vulnerability
  • Only 2 nonce checks for 23 entry points
  • Only 2 capability checks for 23 entry points
Vulnerabilities
1

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-3647medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 17, 2023 Patched in 3.2.3 (190d)
Code Analysis
Analyzed Mar 16, 2026

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
676 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
5
Bundled Libraries
0

Output Escaping

98% escaped689 total outputs
Attack Surface
23 unprotected

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Attack Surface

Entry Points23
Unprotected23

AJAX Handlers 23

authwp_ajax_iwp_loginincludes\iwp-ajax.php:5
authwp_ajax_iwp_signupincludes\iwp-ajax.php:6
authwp_ajax_iwp_recover_passincludes\iwp-ajax.php:7
authwp_ajax_iwp_send_eventincludes\iwp-ajax.php:8
authwp_ajax_iwp_get_applicationsincludes\iwp-ajax.php:9
authwp_ajax_iwp_submit_2faincludes\iwp-ajax.php:10
authwp_ajax_iwp_refresh_2faincludes\iwp-ajax.php:11
authwp_ajax_iwp_finish_onBoardingincludes\iwp-ajax.php:12
authwp_ajax_iwp_disconnectincludes\iwp-ajax.php:13
authwp_ajax_iwp_toggle_wp_statusincludes\iwp-ajax.php:15
authwp_ajax_iwp_toggle_wp_locationincludes\iwp-ajax.php:16
authwp_ajax_iwp_wp_create_web_pushincludes\iwp-ajax.php:18
authwp_ajax_iwp_wp_update_web_pushincludes\iwp-ajax.php:19
authwp_ajax_iwp_wp_web_push_enableincludes\iwp-ajax.php:20
authwp_ajax_iwp_wp_web_push_disableincludes\iwp-ajax.php:21
authwp_ajax_iwp_wp_toggle_topicsincludes\iwp-ajax.php:23
authwp_ajax_iwp_wp_toggle_topics_colorincludes\iwp-ajax.php:24
authwp_ajax_iwp_wp_create_topicincludes\iwp-ajax.php:25
authwp_ajax_iwp_wp_update_topicincludes\iwp-ajax.php:26
authwp_ajax_iwp_wp_delete_topicincludes\iwp-ajax.php:27
authwp_ajax_iwp_toggle_wh_statusincludes\iwp-ajax.php:29
authwp_ajax_iwp_wh_saveincludes\iwp-ajax.php:30
authwp_ajax_iwp_toggle_developer_modeincludes\iwp-ajax.php:32
WordPress Hooks 14
actionadmin_menuadmin\iwpAdmin.php:30
actionadmin_enqueue_scriptsadmin\iwpAdmin.php:34
filterrun_wptexturizeadmin\iwpAdmin.php:36
actionadd_meta_boxesadmin\iwpAdmin.php:71
actionsave_post_postadmin\iwpAdmin.php:89
actioninitincludes\iwp-init.php:5
filterrun_wptexturizeincludes\iwp-init.php:11
actionplugins_loadedincludes\iwp-language-init.php:5
filterplugin_row_metaincludes\iwp-plugin-row-meta.php:8
actioninitindigitall-web-push.php:31
actioninitindigitall-web-push.php:50
filterscript_loader_tagpublic\controllers\iwpPublicWebPushController.php:42
actionwp_footerpublic\iwpPublic.php:31
actionwp_footerpublic\iwpPublic.php:34
Maintenance & Trust

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version7.2.24
Downloads14K

Community Trust

Rating96/100
Number of ratings12
Active installs100
Alternatives

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Alternatives

Contact Form to Chat Apps | Click to Chat to Order – FormyChat

Contact Form to Chat Apps | Click to Chat to Order – FormyChat

social-contact-form

A
100

Connect contact forms and WooCommerce to WhatsApp by live click to chat. Send form data to WhatsApp Business for instant customer engagement

3K No CVEs
Animated Floating Chat Button

Animated Floating Chat Button

animated-floating-chat-button

A
100

Adds an animated floating chat button to the WordPress site, making communication easier.

1K No CVEs
Pubble Messenger Live Chat

Pubble Messenger Live Chat

pubble-messenger

A
100

AI Enhanced Live chat for your website that will help you to convert more visitors to customers.

50 No CVEs
Live Chat by Click4Assistance UK

Live Chat by Click4Assistance UK

click4assistance-live-chat-real-time-visitor-monitoring

A
100

Wordpress Live Chat Plugin by Click4Assistance UK provider of Web Chat, Chatbot and AI Agent Software – 24/7 omnichannel communication with customers.

10 No CVEs
Click n Chat (Chat Widget Integration)

Click n Chat (Chat Widget Integration)

click-n-chat

A
100

All-in-one floating chat widget with social platforms, smart auto replies, AI chatbot integration, analytics tracking, and full customization.

0 No CVEs
Developer Profile

IURNY by INDIGITALL – Instant Chat, Web Push Notifications Developer Profile

indigitall

1 plugin · 100 total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
190 days
View full developer profile
Detection Fingerprints

How We Detect IURNY by INDIGITALL – Instant Chat, Web Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-icons.css/wp-content/plugins/indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-loader.css/wp-content/plugins/indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-switch.css/wp-content/plugins/indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-styles.css/wp-content/plugins/indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-tooltip.css/wp-content/plugins/indigitall-web-push-notifications/admin/includes/iwp-custom-select/iwp-custom-select.css/wp-content/plugins/indigitall-web-push-notifications/admin/views/admin/js/iwp-main-admin-scripts.js/wp-content/plugins/indigitall-web-push-notifications/admin/includes/iwp-custom-select/iwp-custom-select.js+2 more
Version Parameters
indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-styles.css?ver=indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-icons.css?ver=indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-loader.css?ver=indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-switch.css?ver=indigitall-web-push-notifications/admin/views/admin/css/iwp-main-admin-tooltip.css?ver=indigitall-web-push-notifications/admin/includes/iwp-custom-select/iwp-custom-select.css?ver=indigitall-web-push-notifications/admin/views/admin/js/iwp-main-admin-scripts.js?ver=indigitall-web-push-notifications/admin/includes/iwp-custom-select/iwp-custom-select.js?ver=indigitall-web-push-notifications/admin/views/admin/js/iwp-main-admin-switch.js?ver=indigitall-web-push-notifications/admin/views/admin/js/iwp-main-admin-tooltip.js?ver=

HTML / DOM Fingerprints

CSS Classes
indigitall-logo
HTML Comments
<!-- START: iwpLoader --><!-- END: iwpLoader --><!-- START: iwpLogin --><!-- END: iwpLogin -->+4 more
Data Attributes
data-iwp-modal-selectordata-iwp-close-modaldata-iwp-login-modaldata-iwp-modal-targetdata-iwp-modal-contentdata-iwp-modal-backdrop
JS Globals
INDIGITALL_IWP_ADMIN_PARAMS
REST Endpoints
/wp-json/indigitall/v1/webpush/subscribe/wp-json/indigitall/v1/webpush/unsubscribe/wp-json/indigitall/v1/webpush/save/wp-json/indigitall/v1/webpush/settings/wp-json/indigitall/v1/webchat/init/wp-json/indigitall/v1/webchat/message/wp-json/indigitall/v1/webchat/history
FAQ

Frequently Asked Questions about IURNY by INDIGITALL – Instant Chat, Web Push Notifications