Kiamo Chat and web call back by IRCF Security & Risk Analysis
wordpress.org/plugins/kiamoIntegrates Kiamo chat and web call back on your WordPress website. This is a non-offical plugin, IRCF is not related to Kiamo brand.
Is Kiamo Chat and web call back by IRCF Safe to Use in 2026?
Generally Safe
Score 85/100Kiamo Chat and web call back by IRCF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "kiamo" plugin v1.1 exhibits a concerning security posture due to a significant number of unprotected entry points. The static analysis reveals two AJAX handlers, both lacking authentication checks, which presents a substantial attack surface for unauthorized actions. While the plugin demonstrates good practices in its SQL queries by exclusively using prepared statements and has no recorded vulnerability history, these strengths are overshadowed by the critical lack of security on its primary interaction points.
The taint analysis identified two flows with unsanitized paths, although they were not categorized as critical or high severity. This, coupled with a low percentage (13%) of properly escaped outputs, suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled with extreme care. The absence of capability checks further exacerbates the risk, as actions can be performed without verifying user roles or permissions.
Overall, while the plugin has a clean vulnerability history and uses secure SQL practices, the presence of unprotected AJAX handlers and unsanitized data flows poses a significant risk. The lack of robust authentication and authorization mechanisms on its entry points is a critical weakness that needs immediate attention. The low output escaping rate also points to potential XSS vulnerabilities.
Key Concerns
- AJAX handlers without authentication checks
- Unsanitized paths in taint analysis
- Low percentage of properly escaped outputs
- No capability checks
Kiamo Chat and web call back by IRCF Security Vulnerabilities
Kiamo Chat and web call back by IRCF Code Analysis
Output Escaping
Data Flow Analysis
Kiamo Chat and web call back by IRCF Attack Surface
AJAX Handlers 2
WordPress Hooks 6
Maintenance & Trust
Kiamo Chat and web call back by IRCF Maintenance & Trust
Maintenance Signals
Community Trust
Kiamo Chat and web call back by IRCF Alternatives
Bitrix24
integration-with-bitrix24
This free Bitrix24 widget lets you insert live chat, call back request and various web forms into your website.
LeadBack – Callback, Chatbot and Live Chat Widgets for WordPress sites
leadback
This plugin makes a simple widget for callback and live chat on your website. Official LeadBack plugin.
Novocall – Callback Widget
novocall-callback-widget
Novocall is a powerful callback widget that helps increase your web conversion by prompting interested visitors with a free callback in seconds, while …
Callback widget Pozvonim
callback-widget-pozvonim
Виджет обратного звонка Pozvonim - позволяет повысить конверсию сайта
Fonetic Web Callback
fonetic-web-callback
Fonetic is a web call feature for your website that allows your visitors to be called back for free. Get a real leverage for your online conversions !
Kiamo Chat and web call back by IRCF Developer Profile
5 plugins · 310 total installs
How We Detect Kiamo Chat and web call back by IRCF
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/kiamo/js/kiamo-admin-options.js/wp-content/plugins/kiamo/css/kiamo-admin-options.css/wp-content/plugins/kiamo/js/kiamo-admin-options.jsHTML / DOM Fingerprints
form-group-chatform-group-callbackform-group-chat-modeform-group-chat-mode-chatform-group-chat-mode-targetingname="kiamo_chat_enabled"name="kiamo_callback_enabled"name="kiamo_chat_mode"name="kiamo_chat_server"name="kiamo_chat_id"name="kiamo_chat_targeting_id"+6 morekiamo_options_chat_enablekiamo_options_callback_enablekiamo_options_chat_mode