Does OnChat have any unpatched vulnerabilities?

No. All known vulnerabilities in OnChat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OnChat compatible with WordPress 6.9.4?

According to WordPress.org data, OnChat 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is OnChat updated?

OnChat was last updated on Dec 28, 2025. Frequent updates are generally a positive security signal.

What is OnChat's security score?

OnChat has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OnChat Security & Risk Analysis

wordpress.org/plugins/onchat

Boost your sales with an AI chatbot for customer support on your Wordpress website or WooCommerce online store.

0 active installs v1.1.0 PHP + WP 4.7+ Updated Dec 28, 2025

aiai-chatbotchatbotecommerceecommerce-chatbot

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OnChat Safe to Use in 2026?

Generally Safe

Score 100/100

OnChat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "onchat" plugin v1.1.0 presents a generally positive security posture based on the provided static analysis. The absence of identified dangerous functions, external HTTP requests, and file operations, coupled with 100% of SQL queries using prepared statements and mostly proper output escaping, indicates good development practices. The presence of a capability check, even if singular, is also a positive sign for access control.

The static analysis reveals a minimal attack surface with no detected AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. Furthermore, the taint analysis found no flows with unsanitized paths, suggesting a lack of immediately exploitable injection vulnerabilities. The plugin also boasts a clean vulnerability history with zero recorded CVEs of any severity.

While the overall picture is encouraging, the lack of any nonce checks on the identified entry points (even if there are none) is a potential concern. However, given the complete absence of any identified unprotected entry points, this is a theoretical rather than an immediate risk. The plugin appears to be well-developed from a security perspective, with a strong emphasis on secure coding practices.

Key Concerns

No nonce checks implemented

Vulnerabilities

None known

OnChat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

OnChat Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped10 total outputs

Attack Surface

OnChat Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuonchat.php:31

actionadmin_initonchat.php:48

actionwp_enqueue_scriptsonchat.php:130

Maintenance & Trust

OnChat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 28, 2025

PHP min version

Downloads535

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

OnChat Alternatives

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

The best free AI chatbot and content generation plugin for WordPress. Train ChatGPT, Claude, Gemini, or Grok on your website content.

1K 2 CVEs

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

Manage customer support with a powerful helpdesk & support ticket system — track customer tickets, resolve, and streamline your support workflow.

1K 3 CVEs

Lime Connect (formerly Userlike) – WordPress Live Chat plugin

userlike

100

Free live chat plugin to chat with the visitors of your website. Integrate a beautiful and fully customizable chat box. Hosted in Europe.

1K 1 CVE

Live Chat & AI Chatbots – onWebChat

onwebchat

Enhance customer service with instant 24/7 AI-powered replies. Now with WooCommerce integration, so your chatbot understands your products and helps c …

800 1 CVE

AI Product Tools – Bulk Product Content Generator & AI Toolkit for WooCommerce

ai-product-tools

100

All-in-One AI Suite for WooCommerce: Bulk generate descriptions, titles, tags, FAQs, SEO Meta & AI Chatbot via OpenAI, Gemini, Claude & OpenRouter

400 No CVEs

Developer Profile

OnChat Developer Profile

onchat

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OnChat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ