Does Mailcastr Bot have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Mailcastr Bot compatible with WordPress 5.4.19?

According to WordPress.org data, Mailcastr Bot 1.0.1 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is Mailcastr Bot compatible with PHP 5.2+?

Mailcastr Bot requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mailcastr Bot updated?

Mailcastr Bot was last updated on Sep 21, 2020. Frequent updates are generally a positive security signal.

What is Mailcastr Bot's security score?

Mailcastr Bot has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mailcastr Bot Security & Risk Analysis

wordpress.org/plugins/mailcastr-bot

Mailcastr Bot plugin allows you to add a chat bot and collect leads 24*7 from your website. Please click here to know how to get started.

0 active installs v1.0.1 PHP 5.2+ WP 3.6+ Updated Sep 21, 2020

botchatchat-botmailcastrsupport-bot

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Mailcastr Bot Safe to Use in 2026?

Generally Safe

Score 85/100

Mailcastr Bot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The mailcastr-bot v1.0.1 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any recorded CVEs, coupled with zero critical or high severity taint flows, suggests a well-maintained codebase with no known exploitable vulnerabilities. The plugin also adheres to good security practices by utilizing prepared statements for all SQL queries and including nonce and capability checks, which are crucial for preventing common WordPress exploits. There are no file operations or external HTTP requests detected, further reducing the potential attack surface.

However, a significant concern arises from the low percentage of properly escaped output (14%). This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, where malicious scripts could be injected into the site by untrusted input. While the attack surface appears minimal with zero entry points, the lack of comprehensive output escaping could still expose users to risks if any of the limited outputs are triggered by user-controlled data.

In conclusion, while the plugin's vulnerability history and SQL query handling are strong points, the critical deficiency in output escaping presents a notable security risk. Addressing the unescaped output is paramount to improving the plugin's overall security and preventing potential XSS attacks.

Key Concerns

Low output escaping rate

Vulnerabilities

None known

Mailcastr Bot Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Mailcastr Bot Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Mailcastr Bot Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped7 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

botSettings (mcbot.php:55)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Mailcastr Bot Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwp_headmcbot.php:22

actionadmin_menumcbot.php:23

Maintenance & Trust

Mailcastr Bot Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedSep 21, 2020

PHP min version5.2

Downloads8K

Community Trust

Rating100/100

Number of ratings3

Active installs0

Alternatives

Mailcastr Bot Alternatives

WT Chat Bot

wt-chat-bot

Enhance engagement & support with WT Chat Bot plugin: seamless, user-friendly integration for WordPress.

0 No CVEs

Chatbot for WordPress by Collect.chat ⚡️

collectchat

Chatbots without AI are the easiest way to collect leads & data from visitors. Create a free chatbot without coding using Collect.chat.

7K 5 CVEs

Live Chat by Formilla – Real-time Chat & Chatbots Plugin

formilla-live-chat

100

Live chat software with real-time visitor monitoring and chatbots! Live chat with your visitors for free or use a chatbot to automate self-help.

3K 1 CVE

ChatBot Conversational AI Support

chatbot-com-ai-platform

100

Chatbot for WP, using a ChatGPT-like AI to self-learn and create replies. Easy training based on the website content. Quick setup, easy installation.

1K No CVEs

Chatbot with IBM watsonx Assistant

conversation-watson

This plugin allows you to easily add chatbots powered by IBM watsonx Assistant to your website.

500 1 CVE

Developer Profile

Mailcastr Bot Developer Profile

Pyten Labs

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mailcastr Bot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

https://widgets.mailcastr.com/release/bot/v1/mcbot.min.js

HTML / DOM Fingerprints

CSS Classes

mcstr_api_key

Data Attributes

data-key

JS Globals

mcbot

FAQ