WP-Safety

Social Live Chat Helpdesk – MyAlice Security & Risk Analysis

wordpress.org/plugins/myaliceai

Engage customers at every stage of their journey through Live Chat, WhatsApp, Telegram, Line, Viber, Instagram, and Facebook Messenger, and boost sale …

100 active installs v2.6.0 PHP 5.6+ WP 5.0+ Updated Oct 3, 2024
linelive-chattelegramviberwhatsapp
92
A · Safe
CVEs total1
Unpatched0
Last CVEApr 26, 2022
Plugin page Download
Safety Verdict

Is Social Live Chat Helpdesk – MyAlice Safe to Use in 2026?

Generally Safe

Score 92/100

Social Live Chat Helpdesk – MyAlice has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 26, 2022Updated 1yr ago
Risk Assessment

The "myaliceai" plugin v2.6.0 exhibits a mixed security posture. While it demonstrates strengths in its handling of SQL queries and output escaping, a significant concern arises from the large attack surface exposed through AJAX handlers. All nine AJAX handlers lack authentication checks, meaning any authenticated user could potentially interact with these endpoints without proper authorization, leading to unexpected behavior or information disclosure.

The vulnerability history shows one known CVE, which is currently patched. This indicates a past vulnerability, and while it's resolved, the type of vulnerability (Cross-site Scripting) is a common concern that requires ongoing vigilance. The static analysis reveals no critical or high severity taint flows, suggesting that sensitive data is generally handled with care. However, the lack of capability checks on AJAX handlers, combined with the unescaped output rate of 15%, warrants attention.

Overall, the plugin has some good security practices in place, such as prepared SQL statements and a high percentage of escaped output. However, the absence of authentication on all AJAX endpoints is a critical weakness that significantly increases the risk of unauthorized access and potential exploitation. The past XSS vulnerability, though patched, serves as a reminder to maintain robust security measures.

Key Concerns

  • AJAX handlers without auth checks
  • Unescaped output percentage too high
  • Past Cross-site Scripting vulnerability
Vulnerabilities
1

Social Live Chat Helpdesk – MyAlice Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-8981ab1d-5957-444c-a5f1-57317a2e8395-myaliceaimedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MyAlice – Live Chat, WhatsApp, Facebook Messenger, Instagram, & Chatbot for WooCommerce <= 1.2.7 - Stored Cross-Site Scripting

Apr 26, 2022 Patched in 1.2.8 (637d)
Code Analysis
Analyzed Mar 16, 2026

Social Live Chat Helpdesk – MyAlice Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
75 escaped
Nonce Checks
7
Capability Checks
0
File Operations
1
External Requests
13
Bundled Libraries
0

Output Escaping

85% escaped88 total outputs
Attack Surface
9 unprotected

Social Live Chat Helpdesk – MyAlice Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_myalice_notice_dismissincludes\myalice-hooks.php:23
authwp_ajax_alice_settings_formincludes\myalice-hooks.php:43
authwp_ajax_alice_deactivation_feedbackincludes\myalice-hooks.php:46
authwp_ajax_myalice_loginincludes\myalice-hooks.php:72
authwp_ajax_myalice_signupincludes\myalice-hooks.php:73
authwp_ajax_myalice_select_teamincludes\myalice-hooks.php:76
authwp_ajax_myalice_migrationincludes\myalice-hooks.php:83
authwp_ajax_myalice_check_wc_api_statusincludes\myalice-hooks.php:84
authwp_ajax_myalice_customization_notice_dismissincludes\myalice-hooks.php:96
WordPress Hooks 36
actionadmin_initincludes\myalice-activation-deactivation-register.php:9
actionadmin_headincludes\myalice-dashboard-inline-styles.php:6
actionadmin_footerincludes\myalice-dashboard-templates-and-scripts.php:6
actionwp_enqueue_scriptsincludes\myalice-enqueue-scripts.php:54
actionwp_footerincludes\myalice-enqueue-scripts.php:64
actionadmin_noticesincludes\myalice-hooks-callback.php:493
actionadmin_noticesincludes\myalice-hooks.php:9
actionmyalice_admin_noticesincludes\myalice-hooks.php:10
actionadmin_noticesincludes\myalice-hooks.php:17
actionmyalice_admin_noticesincludes\myalice-hooks.php:18
filterplugin_action_links_myaliceai/myaliceai.phpincludes\myalice-hooks.php:26
filterplugin_row_metaincludes\myalice-hooks.php:33
actioninitincludes\myalice-hooks.php:49
actionwp_footerincludes\myalice-hooks.php:55
actionwoocommerce_add_to_cartincludes\myalice-hooks.php:64
actionwoocommerce_cart_item_removedincludes\myalice-hooks.php:65
actionwoocommerce_cart_item_restoredincludes\myalice-hooks.php:66
filterwoocommerce_update_cart_action_cart_updatedincludes\myalice-hooks.php:67
actionadmin_noticesincludes\myalice-hooks.php:79
actionmyalice_admin_noticesincludes\myalice-hooks.php:80
actionadmin_noticesincludes\myalice-hooks.php:81
actionmyalice_admin_noticesincludes\myalice-hooks.php:82
actionadmin_initincludes\myalice-hooks.php:86
actionin_admin_headerincludes\myalice-hooks.php:93
actionupgrader_process_completeincludes\myalice-hooks.php:98
actionwoocommerce_order_status_changedincludes\myalice-hooks.php:106
filterwoocommerce_valid_webhook_eventsincludes\myalice-hooks.php:107
filterwoocommerce_webhook_topicsincludes\myalice-hooks.php:108
filterwoocommerce_webhook_topic_hooksincludes\myalice-hooks.php:109
filterwoocommerce_webhook_payloadincludes\myalice-hooks.php:110
actioninitincludes\myalice-hooks.php:112
filterposts_searchincludes\myalice-hooks.php:114
filterwoocommerce_rest_customer_queryincludes\myalice-hooks.php:118
actionadmin_menuincludes\myaliceai-dashboard.php:6
actionplugins_loadedmyaliceai.php:104
actionbefore_woocommerce_initmyaliceai.php:128
Maintenance & Trust

Social Live Chat Helpdesk – MyAlice Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 3, 2024
PHP min version5.6
Downloads14K

Community Trust

Rating100/100
Number of ratings40
Active installs100
Alternatives

Social Live Chat Helpdesk – MyAlice Alternatives

Online Contact Widget-多合一在线客服插件

Online Contact Widget-多合一在线客服插件

online-contact-widget

A
100

Online Contact Widget(多合一在线客服插件),旨在为WordPress网站提供一系列可配置在线客服支持,包括QQ、微信(微信号、公众号和小程序QR-code)、电话、Email和工单等。

800 No CVEs
Contactus

Contactus

contactus

A
100

Free website widget for chatting with your visitors via WhatsApp, Facebook Messenger, Viber and Telegram.

500 No CVEs
Tiny Finch

Tiny Finch

tiny-finch

A
100

Add the Tiny Finch live chat widget to your website and engage with visitors directly from Slack, Telegram or WhatsApp.

0 No CVEs
Joinchat

Joinchat

creame-whatsapp-me

A
100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs
Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

button-contact-vr

A
98

Powerful platform with Live Chat, AI Chatbots, and Real-Time Visitor Monitoring! Also, create Call, Email, SMS, & Contact buttons to increase conv &hellip;

60K 3 CVEs
Developer Profile

Social Live Chat Helpdesk – MyAlice Developer Profile

Alice Labs

1 plugin · 100 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
637 days
View full developer profile
Detection Fingerprints

How We Detect Social Live Chat Helpdesk – MyAlice

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/myaliceai/js/script.js
Script Paths
https://webchat.getalice.ai/index.jshttps://livechat.myalice.ai/index.js
Version Parameters
myaliceai/js/script.js?ver=

HTML / DOM Fingerprints

Data Attributes
selectorplatformIdprimaryIdtoken
JS Globals
ICWebChatMyAliceWebChatmyaliceai
FAQ

Frequently Asked Questions about Social Live Chat Helpdesk – MyAlice