WP-Safety

MChat User Chat Security & Risk Analysis

wordpress.org/plugins/mchat

MChat Plugin allowing WordPress user a one to one chat between logged in Users! Role based access, Pure Ajax working, Adds No HTML to the theme.

0 active installs v1.0.1 PHP 7.4.2+ WP 5.0+ Updated Feb 7, 2022
ajax-chatajax-chat-plugnchatchat-pluginpure-ajax-chat
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MChat User Chat Safe to Use in 2026?

Generally Safe

Score 85/100

MChat User Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The mchat plugin v1.0.1 exhibits a generally good security posture with strong adherence to core WordPress security practices. The absence of known CVEs and the high percentage of properly escaped output are commendable. However, the static analysis reveals a concerning aspect: two flows with unsanitized paths identified during taint analysis, both flagged as high severity. While these flows are not explicitly linked to critical vulnerabilities in the current version, they represent a significant potential risk for privilege escalation or data manipulation if exploited. Furthermore, the presence of SQL queries that do not consistently use prepared statements indicates a risk of SQL injection, although the overall percentage is not extremely high. The vulnerability history being clean is a positive sign, suggesting a responsible development approach to date. Nevertheless, the identified taint flows are a critical area for immediate attention.

Key Concerns

  • Taint flow with unsanitized path (High severity)
  • Taint flow with unsanitized path (High severity)
  • SQL queries not using prepared statements (18%)
Vulnerabilities
None known

MChat User Chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

MChat User Chat Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
3 prepared
Unescaped Output
5
89 escaped
Nonce Checks
1
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

18% prepared17 total queries

Output Escaping

95% escaped94 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wpmchat_ajax_chat_action (includes\wp_mchat_front.php:486)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MChat User Chat Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_wpmchat_chat_actionincludes\wp_mchat_front.php:26
noprivwp_ajax_wpmchat_chat_actionincludes\wp_mchat_front.php:27

Shortcodes 1

[MCHAT] includes\wp_mchat_front.php:29
WordPress Hooks 6
actionadmin_menuincludes\wp_mchat.php:32
filterplugin_action_linksincludes\wp_mchat.php:34
actionadmin_enqueue_scriptsincludes\wp_mchat_admin.php:21
actioninitincludes\wp_mchat_front.php:21
actionwp_footerincludes\wp_mchat_front.php:22
actiondelete_userincludes\wp_mchat_front.php:24
Maintenance & Trust

MChat User Chat Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 7, 2022
PHP min version7.4.2
Downloads984

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

MChat User Chat Alternatives

Wp Ajax User Chat

Wp Ajax User Chat

wp-ajax-user-chat

A
85

First ever simplest user to user wordpress chat plugin based on ajax. Registered users can chat with each other from front-end.

10 No CVEs
JivoChat Live Chat – WP live chat plugin for WordPress

JivoChat Live Chat – WP live chat plugin for WordPress

jivochat

B
84

Omnichannel Live Chat and Help Desk plugin, optimized for WordPress. Free, fast, easy to install and to use. Turn your visitors into happy customers!

20K 1 CVE
Chaport — Live Chat & Chatbots

Chaport — Live Chat & Chatbots

chaport

A
99

Modern live chat plugin for WordPress. Powerful features: multi-channel, chatbots, customization, etc. Free plan. Unlimited chats & websites.

2K 1 CVE
HelpCrunch – Live Chat, Chatbot & Knowledge Base for Customer Service

HelpCrunch – Live Chat, Chatbot & Knowledge Base for Customer Service

helpcrunch-live-chat

A
100

The one-stop platform for even stronger customer relations. Bolster your customer support with its live chat, chatbot, and knowledge base software.

2K No CVEs
Live Chat Plugin for WooCommerce – LiveChat

Live Chat Plugin for WooCommerce – LiveChat

livechat-woocommerce

A
100

Live chat and help desk software plugin for WooCommerce. Add live chat to your WooCommerce store to connect immediately with customers.

1K 1 CVE
Developer Profile

MChat User Chat Developer Profile

ipdmsolutions

3 plugins · 20 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MChat User Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mchat/assets/css/admin.css/wp-content/plugins/mchat/assets/css/wpmchat_frontend.css/wp-content/plugins/mchat/assets/js/wpmchat_frontend.js
Script Paths
/wp-content/plugins/mchat/assets/js/wpmchat_frontend.js

HTML / DOM Fingerprints

CSS Classes
wpmchat_headerwpmchat_chat_windowwpmchat_messagewpmchat_user_messagewpmchat_admin_messagewpmchat_input_areawpmchat_send_buttonwpmchat_chat_button
Data Attributes
data-wpmchat-iddata-wpmchat-userdata-wpmchat-admin
JS Globals
wpmchat_ajax_urlwpmchat_current_user
Shortcode Output
[MCHAT]
FAQ

Frequently Asked Questions about MChat User Chat