Does WP Telegram Chat Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Telegram Chat Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Telegram Chat Widget compatible with WordPress 6.8.5?

According to WordPress.org data, WP Telegram Chat Widget 1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Telegram Chat Widget updated?

WP Telegram Chat Widget was last updated on Oct 14, 2025. Frequent updates are generally a positive security signal.

What is WP Telegram Chat Widget's security score?

WP Telegram Chat Widget has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Telegram Chat Widget Security & Risk Analysis

wordpress.org/plugins/ninjateam-telegram

Integrate Telegram experience directly into your WordPress website.

200 active installs v1.2 PHP + WP 3.0+ Updated Oct 14, 2025

click-to-chattelegramtelegram-businesstelegram-chatwoocommerce-telegram

A · Safe

CVEs total2

Unpatched0

Last CVEMay 29, 2025

Plugin page Download

Safety Verdict

Is WP Telegram Chat Widget Safe to Use in 2026?

Generally Safe

Score 98/100

WP Telegram Chat Widget has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 29, 2025Updated 5mo ago

Risk Assessment

The ninjateam-telegram plugin version 1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks on its entry points. The absence of critical or high severity taint flows and a low number of unprotected entry points are also reassuring. However, several areas raise concerns. The moderate escape rate for output (57%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of medium severity XSS issues. The presence of two past medium severity CVEs, both related to XSS, reinforces this concern, even though they are currently patched. The plugin's attack surface, while protected, consists of numerous AJAX handlers, and a single shortcode, which, combined with the output escaping issues, creates potential vectors for exploitation if input validation is insufficient. The plugin has a history of security issues, indicating a need for continued vigilance and potentially more robust security practices in development.

Key Concerns

Moderate output escaping rate (57%)
Two past medium severity CVEs (XSS)
History of Cross-site Scripting vulnerabilities

Vulnerabilities

WP Telegram Chat Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-5236medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter

May 29, 2025 Patched in 1.2 (1d)

CVE-2024-11885medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 23, 2024 Patched in 1.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

WP Telegram Chat Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

119 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped210 total outputs

Attack Surface

WP Telegram Chat Widget Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 8

authwp_ajax_njt_tele_get_accountincludes\PostType.php:37

authwp_ajax_njt_tele_set_account_positionincludes\Settings.php:42

authwp_ajax_njt_tele_load_accounts_ajaxincludes\Settings.php:43

authwp_ajax_njt_tele_set_account_statusincludes\Settings.php:44

authwp_ajax_njt_tele_save_display_settingincludes\Settings.php:46

authwp_ajax_njt_tele_save_design_settingincludes\Settings.php:47

authwp_ajax_njt_tele_save_woocommerce_settingincludes\Settings.php:48

authwp_ajax_njt_tele_save_analytics_settingincludes\Settings.php:49

Shortcodes 1

[njtele_button] includes\Shortcode.php:21

WordPress Hooks 26

actioninitblocks\src\init.php:149

actionenqueue_block_assetsblocks\src\init.php:150

actionwp_enqueue_scriptsincludes\Popup.php:26

actionwp_footerincludes\Popup.php:27

actioninitincludes\PostType.php:28

actionsave_post_telegram-accountsincludes\PostType.php:29

actionadd_meta_boxesincludes\PostType.php:30

filtermanage_telegram-accounts_posts_columnsincludes\PostType.php:32

actionmanage_telegram-accounts_posts_custom_columnincludes\PostType.php:33

filterenter_title_hereincludes\PostType.php:34

actionwp_print_scriptsincludes\PostType.php:35

actionadmin_noticesincludes\Review.php:35

actionadmin_initincludes\Settings.php:37

actionadmin_menuincludes\Settings.php:38

actionadmin_enqueue_scriptsincludes\Settings.php:39

actionadmin_footerincludes\Settings.php:40

filterplugin_row_metaincludes\Settings.php:53

actioninitincludes\Support\Woocommerce.php:29

filternjt_telegram_is_page_or_shop_filterincludes\Support\Woocommerce.php:49

filternjt_telegram_get_post_id_filterincludes\Support\Woocommerce.php:50

actionwoocommerce_after_add_to_cart_buttonincludes\Support\Woocommerce.php:57

actionwoocommerce_before_add_to_cart_buttonincludes\Support\Woocommerce.php:59

filterwoocommerce_short_descriptionincludes\Support\Woocommerce.php:61

filterthe_contentincludes\Support\Woocommerce.php:63

filternjt_tele_get_post_typeincludes\Support\WPML.php:27

actionplugins_loadedtelegram.php:50

Maintenance & Trust

WP Telegram Chat Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 14, 2025

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

WP Telegram Chat Widget Alternatives

QuadLayers Telegram Button

quadlayers-telegram-chat

100

Telegram Button allows your users to contact you through Telegram chat with a single click.

1K No CVEs

Pulsating Chat Button

amin-chat-button

WhatsApp or Telegram Chat🔥. Adds a pulsating WhatsApp or Telegram button 🍀 to your website. Fast and easy installation. Setting up target id GTM and Y …

2K 1 CVE

Bot for Telegram on WooCommerce

bot-for-telegram-on-woocommerce

Bot for Telegram on WooCommerce is a plugin that allows you to create a telegram online store based on your website with WooCommerce.

300 1 unpatched

Chat Bro Live Group Chat

chatbro

Chat Bro - live Chat for your website. Turns your Telegram Chat or VK Chat into Live Chat on your website. Allows your visitors to Chat in live group …

200 No CVEs

Chat Everywhere

chat-everywhere

100

Open a WhatsApp or a Telegram chat just adding a class to any html element!

10 No CVEs

Developer Profile

WP Telegram Chat Widget Developer Profile

Ninja Team

13 plugins · 496K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect WP Telegram Chat Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ninjateam-telegram/assets/css/style.css/wp-content/plugins/ninjateam-telegram/blocks/dist/blocks.build.js

Script Paths

/wp-content/plugins/ninjateam-telegram/blocks/dist/blocks.build.js

HTML / DOM Fingerprints

CSS Classes

tele__buttontele__r_buttontele__sq_buttontele__button_text_onlytele__btn_w_imgtele__btn_w_icontele__btn_icontele__cs_img+7 more

Data Attributes

njttele

JS Globals