WP-Safety

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Security & Risk Analysis

wordpress.org/plugins/lobby-chatwing

The Lobby Chatwing provides 1 interface for many chatboxes, Read Only channels(Broadcast Mode), and Live Help to all be combined together.

10 active installs v1.0.9 PHP + WP 3.3+ Updated May 15, 2017
chatchat-onlinechatboxchatwinglobby-chatwing
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Safe to Use in 2026?

Generally Safe

Score 85/100

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "lobby-chatwing" v1.0.9 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known recorded vulnerabilities or CVEs, suggesting a history of stable and secure development. The attack surface is also relatively small, with only one shortcode identified and no unprotected entry points based on the static analysis.

However, there are notable concerns. The low percentage of properly escaped output (10%) is a significant risk, as it indicates a high probability of cross-site scripting (XSS) vulnerabilities. This is further underscored by the presence of two "flows with unsanitized paths" identified in the taint analysis, which, while not classified as critical or high, represent potential avenues for malicious input to be processed without proper sanitization.

While the plugin has no known unpatched vulnerabilities, the lack of capability checks is a critical oversight. This means that even if an entry point is protected by nonces, any authenticated user, regardless of their role or permissions, could potentially trigger unintended actions. The file operation and external HTTP request, although only one each, also represent potential attack vectors if not handled with extreme care and proper sanitization.

Key Concerns

  • Low output escaping percentage
  • Unsanitized paths in taint analysis
  • Missing capability checks
  • Single file operation
  • Single external HTTP request
Vulnerabilities
None known

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
27
3 escaped
Nonce Checks
2
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

Output Escaping

10% escaped30 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
handleTokenSaving (classes\Admin.php:40)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[lobby-chatwing] classes\Application.php:27
WordPress Hooks 6
actionadmin_menuclasses\Admin.php:22
actionadmin_action_lobby_chatwing_save_tokenclasses\Admin.php:23
actionadmin_action_lobby_chatwing_save_settingsclasses\Admin.php:24
actionwidgets_initclasses\Application.php:35
filterloggedin_redirectclasses\Application.php:44
actionadmin_enqueue_scriptslobby-chatwing.php:50
Maintenance & Trust

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedMay 15, 2017
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Alternatives

Chatwing Live Group Chat – HTML5 + Chat Apps

Chatwing Live Group Chat – HTML5 + Chat Apps

chatwing

A
85

Chatwing offers an unlimited live website/blog chat experience.This chat widget specializes in delivering real-time communication at any given time

10 No CVEs
Zendesk Chat

Zendesk Chat

zopim-live-chat

A
85

Zendesk Chat (previously Zopim) lets you monitor and chat with visitors surfing your store in real-time. Impress them personally and ease them into th …

10K 1 CVE
Olark Live Chat

Olark Live Chat

olark-live-chat

A
100

Live chat for WordPress and WooCommerce. Add Olark live chat to your WordPress and make your business human.

1K No CVEs
Group chat for WordPress – Minnit Chat

Group chat for WordPress – Minnit Chat

minnit-chat

A
100

Cloud-based chat using your WordPress accounts. Minnit uses SSO to allow you and your WordPress users to communicate with one another.

600 No CVEs
HappyFox Chat – Live Chat Plugin for WordPress Websites

HappyFox Chat – Live Chat Plugin for WordPress Websites

happyfox-chat

A
85

Voted No.1 Live chat software on ProductHunt. Fully loaded with features like unlimited chats, fully customizable widget, app integrations & more.

70 No CVEs
Developer Profile

chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat Developer Profile

ChatWingTeam

3 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lobby-chatwing/forms-min.css/wp-content/plugins/lobby-chatwing/buttons-min.css
Version Parameters
lobby-chatwing/forms-min.css?ver=lobby-chatwing/buttons-min.css?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- chatwing Lobby Widget --><!-- chatwing Lobby Widget: End -->
Data Attributes
data-chatwing-lobby-tokendata-chatwing-lobby-endpoint
JS Globals
window.chatwing_lobby_config
Shortcode Output
<div id="chatwing-lobby-widget" data-chatwing-lobby-token
FAQ

Frequently Asked Questions about chatWING Lobby – Group Chat Rooms + 1 on 1 Live Chat