Intercom Security & Risk Analysis
wordpress.org/plugins/intercomOfficial Intercom WordPress plugin: Engage visitors in real time, power growth with AI, and convert leads into loyal customers.
Is Intercom Safe to Use in 2026?
Generally Safe
Score 92/100Intercom has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The Intercom plugin version 3.0.2 exhibits a generally strong security posture, primarily due to its lack of exposed entry points and its commendable handling of SQL queries with prepared statements. The absence of known vulnerabilities in its history is also a positive indicator. However, the presence of the `exec` function is a significant concern, as it directly allows for the execution of arbitrary commands if improperly handled, even if no active exploit vectors are immediately apparent in the static analysis.
The code signals also reveal areas for improvement. While some nonce and capability checks are present, the 43% proper escaping rate for output suggests a potential for cross-site scripting (XSS) vulnerabilities. The plugin also performs a substantial number of file operations, which, while not inherently risky, increases the potential attack surface if any of these operations are mishandled or interact with user-controlled input.
Overall, the plugin's foundation appears robust with its limited attack surface and secure database practices. The critical risk lies in the `exec` function, which represents a single point of catastrophic failure if exploited. While the vulnerability history is clean, this doesn't negate the inherent risks identified in the code. Addressing the output escaping and carefully reviewing all uses of the `exec` function are paramount to strengthening its security.
Key Concerns
- Presence of dangerous function `exec`
- Low rate of properly escaped output (43%)
Intercom Security Vulnerabilities
Intercom Release Timeline
Intercom Code Analysis
Dangerous Functions Found
Output Escaping
Intercom Attack Surface
WordPress Hooks 4
Maintenance & Trust
Intercom Maintenance & Trust
Maintenance Signals
Community Trust
Intercom Alternatives
Typebot
typebot
Collect 4x more responses with conversational apps using Typebot.
AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)
axiachat-ai
The best AI Chatbot for WordPress. Like having ChatGPT trained on your content — turn your site into a 24/7 sales & support machine.
MxChat – AI Chatbot & Content Generation for WordPress
mxchat-basic
The best free AI chatbot and content generation plugin for WordPress. Train ChatGPT, Claude, Gemini, or Grok on your website content.
Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System
support-genix-lite
AI-powered helpdesk & support ticket system with chatbot, knowledge base, and smart automation for WordPress.
Live Chat & AI Chatbot – onWebChat
onwebchat
Add live chat and a 24/7 AI chatbot to your site. Engage visitors instantly, automate support, and convert more visitors into customers.
Intercom Developer Profile
1 plugin · 6K total installs
How We Detect Intercom
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/intercom/css/style.css/wp-content/plugins/intercom/css/settings.css/wp-content/plugins/intercom/js/script.js/wp-content/plugins/intercom/js/admin.jsintercom/css/style.css?ver=intercom/css/settings.css?ver=intercom/js/script.js?ver=intercom/js/admin.js?ver=HTML / DOM Fingerprints
intercom-app-id-rowintercom-app-id-copy-hiddenintercom-app-id-copy-titleintercom-app-id-saved-titleintercom-app-id-link-styleid="intercom_app_id"name="intercom_app_id"var intercomAppId = '';var intercomSecret = '';var intercomUserId = '';