WP-Safety

NXT Cloud Chat Security & Risk Analysis

wordpress.org/plugins/nxt-cloud-chat

WhatsApp Cloud API plugin for WordPress with chat, notifications, contacts, groups, message history, and WhatsApp OTP login.

0 active installs v1.0.1 PHP 7.4+ WP 6.0+ Updated Mar 11, 2026
whatsappwhatsapp-chatwhatsapp-cloud-apiwhatsapp-loginwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NXT Cloud Chat Safe to Use in 2026?

Generally Safe

Score 100/100

NXT Cloud Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The nxt-cloud-chat plugin v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates a strong adherence to secure coding practices, with no detected dangerous functions, a high percentage of SQL queries using prepared statements, and robust output escaping. The absence of known CVEs and a history of vulnerabilities is also a significant strength, suggesting a generally well-maintained codebase. However, there are notable areas of concern. The plugin presents a substantial attack surface, with 51 total entry points and a significant portion (18) lacking authentication or permission checks. Specifically, 17 AJAX handlers and 1 REST API route are identified as unprotected. While taint analysis found no issues, the large number of unprotected entry points could still expose the plugin to various attacks if malicious input is processed without proper validation and authorization. The limited number of file operations and external HTTP requests is a positive indicator, reducing potential avenues for exploitation in those areas.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Large attack surface, many unprotected entry points
Vulnerabilities
None known

NXT Cloud Chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

NXT Cloud Chat Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
134 prepared
Unescaped Output
82
544 escaped
Nonce Checks
37
Capability Checks
26
File Operations
3
External Requests
6
Bundled Libraries
0

SQL Query Safety

97% prepared138 total queries

Output Escaping

87% escaped626 total outputs
Attack Surface
18 unprotected

NXT Cloud Chat Attack Surface

Entry Points51
Unprotected18

AJAX Handlers 46

authwp_ajax_nxtcc_chat_toggle_favoriteadmin\model\chat\ajax-bulk.php:136
authwp_ajax_nxtcc_chat_soft_deleteadmin\model\chat\ajax-bulk.php:182
authwp_ajax_nxtcc_fetch_inbox_summaryadmin\model\chat\ajax-fetch.php:127
authwp_ajax_nxtcc_fetch_chat_threadadmin\model\chat\ajax-fetch.php:304
authwp_ajax_nxtcc_mark_chat_readadmin\model\chat\ajax-fetch.php:345
authwp_ajax_nxtcc_list_forward_targetsadmin\model\chat\ajax-forward.php:312
authwp_ajax_nxtcc_forward_messagesadmin\model\chat\ajax-forward.php:467
authwp_ajax_nxtcc_media_proxyadmin\model\chat\ajax-media-proxy.php:277
authwp_ajax_nxtcc_send_messageadmin\model\chat\ajax-send.php:267
authwp_ajax_nxtcc_send_mediaadmin\model\chat\ajax-send.php:458
authwp_ajax_nxtcc_send_media_by_urladmin\model\chat\ajax-send.php:552
authwp_ajax_nxtcc_contacts_listadmin\model\contacts\nxtcc-contacts-actions.php:503
authwp_ajax_nxtcc_contacts_getadmin\model\contacts\nxtcc-contacts-actions.php:540
authwp_ajax_nxtcc_contacts_saveadmin\model\contacts\nxtcc-contacts-actions.php:669
authwp_ajax_nxtcc_contacts_deleteadmin\model\contacts\nxtcc-contacts-actions.php:695
authwp_ajax_nxtcc_contacts_bulk_deleteadmin\model\contacts\nxtcc-contacts-actions.php:733
authwp_ajax_nxtcc_contacts_bulk_update_subscriptionadmin\model\contacts\nxtcc-contacts-actions.php:775
authwp_ajax_nxtcc_contacts_bulk_update_groupsadmin\model\contacts\nxtcc-contacts-actions.php:833
authwp_ajax_nxtcc_contacts_creatorsadmin\model\contacts\nxtcc-contacts-actions.php:854
authwp_ajax_nxtcc_contacts_country_codesadmin\model\contacts\nxtcc-contacts-actions.php:875
authwp_ajax_nxtcc_contacts_export_filteredadmin\model\contacts\nxtcc-contacts-export-actions.php:259
authwp_ajax_nxtcc_contacts_export_selectedadmin\model\contacts\nxtcc-contacts-export-actions.php:318
authwp_ajax_nxtcc_groups_listadmin\model\contacts\nxtcc-contacts-groups-actions.php:32
authwp_ajax_nxtcc_groups_createadmin\model\contacts\nxtcc-contacts-groups-actions.php:84
authwp_ajax_nxtcc_contacts_import_sampleadmin\model\contacts\nxtcc-contacts-import-actions.php:365
authwp_ajax_nxtcc_contacts_import_uploadadmin\model\contacts\nxtcc-contacts-import-actions.php:511
authwp_ajax_nxtcc_contacts_import_validateadmin\model\contacts\nxtcc-contacts-import-actions.php:673
authwp_ajax_nxtcc_contacts_import_runadmin\model\contacts\nxtcc-contacts-import-actions.php:936
authwp_ajax_nxtcc_fetch_groups_listadmin\model\groups\nxtcc-groups-ajax.php:14
authwp_ajax_nxtcc_fetch_single_groupadmin\model\groups\nxtcc-groups-ajax.php:15
authwp_ajax_nxtcc_save_groupadmin\model\groups\nxtcc-groups-ajax.php:16
authwp_ajax_nxtcc_delete_groupadmin\model\groups\nxtcc-groups-ajax.php:17
authwp_ajax_nxtcc_groups_bulk_actionadmin\model\groups\nxtcc-groups-ajax.php:18
authwp_ajax_nxtcc_auth_list_ownersadmin\model\nxtcc-auth-handler.php:259
authwp_ajax_nxtcc_auth_list_auth_templatesadmin\model\nxtcc-auth-handler.php:260
authwp_ajax_nxtcc_auth_generate_default_templateadmin\model\nxtcc-auth-handler.php:261
authwp_ajax_nxtcc_auth_save_optionsadmin\model\nxtcc-auth-handler.php:262
authwp_ajax_nxtcc_history_fetchadmin\model\nxtcc-history-handler.php:220
authwp_ajax_nxtcc_history_fetch_oneadmin\model\nxtcc-history-handler.php:221
authwp_ajax_nxtcc_history_bulk_deleteadmin\model\nxtcc-history-handler.php:222
authwp_ajax_nxtcc_history_exportadmin\model\nxtcc-history-handler.php:223
authwp_ajax_nxtcc_generate_webhook_tokenincludes\class-nxtcc-admin-settings.php:29
authwp_ajax_nxtcc_check_connectionsincludes\class-nxtcc-admin-settings.php:30
authwp_ajax_nxtcc_test_api_connectionincludes\class-nxtcc-routes.php:27
authwp_ajax_nxtcc_media_proxyincludes\class-nxtcc-routes.php:30
authwp_ajax_nxtcc_sync_verified_bindingsincludes\class-nxtcc-routes.php:32

REST API Routes 4

GET/wp-json/nxtcc/v1/webhook/includes\rest-api.php:682
POST/wp-json/nxtcc/v1/auth/request-otpincludes\rest-api.php:692
POST/wp-json/nxtcc/v1/auth/resend-otpincludes\rest-api.php:702
POST/wp-json/nxtcc/v1/auth/verify-otpincludes\rest-api.php:712

Shortcodes 1

[nxtcc_login_whatsapp] nxt-cloud-chat.php:1117
WordPress Hooks 55
actioninitadmin\model\nxtcc-auth-handler.php:264
actionadmin_menuadmin\pages\admin-menu.php:121
filternxtcc_db_latest_settings_for_useradmin\pages\authentication-view.php:31
actioninitblocks\register-whatsapp-login-block.php:13
actionplugins_loadedincludes\auth-otp-pruner.php:54
actionplugins_loadedincludes\auth-otp-pruner.php:313
actionadmin_initincludes\auth-otp-pruner.php:426
actionadmin_initincludes\class-nxtcc-admin-settings.php:28
filternxtcc_db_get_tenant_credsincludes\class-nxtcc-dao.php:36
filternxtcc_db_get_templatesincludes\class-nxtcc-dao.php:37
filternxtcc_db_get_template_namesincludes\class-nxtcc-dao.php:38
actionnxtcc_db_upsert_templateincludes\class-nxtcc-dao.php:39
actionnxtcc_db_delete_templateincludes\class-nxtcc-dao.php:40
actionnxtcc_otp_verifiedincludes\class-nxtcc-routes.php:35
actionnxtcc/otp_verifiedincludes\class-nxtcc-routes.php:36
actionadmin_enqueue_scriptsincludes\class-nxtcc-unread.php:41
actionwp_footerincludes\force-migration\banner.php:18
actionplugins_loadedincludes\force-migration\gate.php:28
actioninitincludes\force-migration\gate.php:325
filterlogin_redirectincludes\force-migration\gate.php:326
actiontemplate_redirectincludes\force-migration\page-default.php:22
actioninitincludes\force-migration\page-default.php:24
actionplugins_loadedincludes\nxtcc-user-settings-bootstrap.php:25
filteruser_contactmethodsincludes\profile-whatsapp-field.php:54
filterget_user_metadataincludes\profile-whatsapp-field.php:81
filterpre_update_user_metadataincludes\profile-whatsapp-field.php:104
filterpre_delete_user_metadataincludes\profile-whatsapp-field.php:128
actionadmin_enqueue_scriptsincludes\profile-whatsapp-field.php:160
actioninitincludes\queue-runner.php:37
filtercron_schedulesincludes\queue-runner.php:60
actionrest_api_initincludes\rest-api.php:722
actiondelete_userincludes\rest-api.php:1152
actioninitincludes\routes.php:26
actionplugins_loadedincludes\token-sources.php:36
filterplugin_row_metanxt-cloud-chat.php:110
actionwidgets_initnxt-cloud-chat.php:218
actionadmin_enqueue_scriptsnxt-cloud-chat.php:269
actionadmin_enqueue_scriptsnxt-cloud-chat.php:274
actionadmin_enqueue_scriptsnxt-cloud-chat.php:383
actionadmin_enqueue_scriptsnxt-cloud-chat.php:389
actionadmin_enqueue_scriptsnxt-cloud-chat.php:437
actionadmin_enqueue_scriptsnxt-cloud-chat.php:476
actionadmin_enqueue_scriptsnxt-cloud-chat.php:592
actionlogin_footernxt-cloud-chat.php:907
actionwoocommerce_login_form_endnxt-cloud-chat.php:938
actionlogin_enqueue_scriptsnxt-cloud-chat.php:952
actionwp_enqueue_scriptsnxt-cloud-chat.php:975
actionlogin_initnxt-cloud-chat.php:1018
filterthe_postsnxt-cloud-chat.php:1122
actionwpnxt-cloud-chat.php:1244
actiondelete_usernxt-cloud-chat.php:1283
actionwpmu_delete_usernxt-cloud-chat.php:1284
actiondeleted_usernxt-cloud-chat.php:1285
filternxtcc_get_meta_templatesnxt-cloud-chat.php:1290
actionadmin_enqueue_scriptsnxt-cloud-chat.php:1339
Maintenance & Trust

NXT Cloud Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.4
Downloads184

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

NXT Cloud Chat Alternatives

Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Social Chat – Click To Chat App Button

Social Chat – Click To Chat App Button

wp-whatsapp-chat

A
100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE
WP Chat App

WP Chat App

wp-whatsapp

A
97

Integrate WhatsApp experience directly into your WordPress website.

100K 6 CVEs
OneClick Chat to Order

OneClick Chat to Order

oneclick-whatsapp-order

A
92

Transform your WooCommerce store with seamless WhatsApp integration. Enable customers to order products instantly via WhatsApp with enhanced features.

40K 6 CVEs
Simple Chat Button

Simple Chat Button

simple-chat-button

A
100

WhatsApp Chat Button - Display the beautiful WhatsApp Sticky Button on the WordPress frontend.

40K No CVEs
Developer Profile

NXT Cloud Chat Developer Profile

NXTWEBSITE

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NXT Cloud Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nxt-cloud-chat/admin/assets/vendor/fontawesome/css/all.min.css/wp-content/plugins/nxt-cloud-chat/admin/assets/css/admin-menu.css/wp-content/plugins/nxt-cloud-chat/admin/assets/css/apps.css/wp-content/plugins/nxt-cloud-chat/admin/assets/js/apps.js
Script Paths
/wp-content/plugins/nxt-cloud-chat/admin/assets/js/apps.js
Version Parameters
nxt-cloud-chat/admin/assets/css/admin-menu.css?ver=nxt-cloud-chat/admin/assets/css/apps.css?ver=nxt-cloud-chat/admin/assets/js/apps.js?ver=

HTML / DOM Fingerprints

CSS Classes
nxtcc-login-whatsapp-widget
Data Attributes
data-nxtcc-usernamedata-nxtcc-password
JS Globals
NXTCC_Login_WhatsApp_Widget
Shortcode Output
[nxtcc_login_whatsapp]
FAQ

Frequently Asked Questions about NXT Cloud Chat