WP-Safety

Live Chat & AI Chatbot – onWebChat Security & Risk Analysis

wordpress.org/plugins/onwebchat

Add live chat and a 24/7 AI chatbot to your site. Engage visitors instantly, automate support, and convert more visitors into customers.

700 active installs v3.5.3 PHP 5.4+ WP 4.7+ Updated Mar 17, 2026
ai-chatbotcustomer-support-chatlive-chatwoocommerce-chatbotwordpress-live-chat
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 14, 2020
Plugin page Download
Safety Verdict

Is Live Chat & AI Chatbot – onWebChat Safe to Use in 2026?

Generally Safe

Score 99/100

Live Chat & AI Chatbot – onWebChat has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Oct 14, 2020Updated 2mo ago
Risk Assessment

The 'onwebchat' v3.5.3 plugin exhibits a generally strong security posture based on the static analysis. The complete absence of unprotected entry points, including AJAX handlers and REST API routes, is a significant strength, indicating that developers have implemented authentication and authorization checks for critical functionalities. The code also demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped output, which helps mitigate common injection and cross-site scripting vulnerabilities. The presence of numerous nonce and capability checks further reinforces this secure design.

Key Concerns

  • High number of external HTTP requests
  • Some output potentially unescaped
  • Past high severity vulnerability
Vulnerabilities
1 published

Live Chat & AI Chatbot – onWebChat Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2020-5642high · 8.8Cross-Site Request Forgery (CSRF)

Live Chat – Live support <= 3.1.0 - Cross-Site Request Forgery

Oct 14, 2020 Patched in 3.2.0 (1196d)
Version History

Live Chat & AI Chatbot – onWebChat Release Timeline

v3.5.3Current
v3.5.1
v3.5.0
v3.4.1
v3.4.0
v3.3.2
v3.3.1
v3.3.0
v3.2.0
v3.1.01 CVE
CVE-2020-5642
v3.0.51 CVE
CVE-2020-5642
v3.0.41 CVE
CVE-2020-5642
v3.0.31 CVE
CVE-2020-5642
v3.0.21 CVE
CVE-2020-5642
v3.0.11 CVE
CVE-2020-5642
v2.1.01 CVE
CVE-2020-5642
v2.0.21 CVE
CVE-2020-5642
v2.0.11 CVE
CVE-2020-5642
v2.0.01 CVE
CVE-2020-5642
v1.0.131 CVE
CVE-2020-5642
Code Analysis
Analyzed Mar 17, 2026

Live Chat & AI Chatbot – onWebChat Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
45 escaped
Nonce Checks
11
Capability Checks
10
File Operations
0
External Requests
6
Bundled Libraries
0

Output Escaping

83% escaped54 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

10 flows
onwebchat_handle_advanced_actions (admin\tabs\advanced.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Live Chat & AI Chatbot – onWebChat Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_onwebchat_wc_sync_nowincludes\woocommerce-sync.php:48
authwp_ajax_onwebchat_wc_regenerate_secretincludes\woocommerce-sync.php:49
authwp_ajax_onwebchat_wc_reset_sync_statusincludes\woocommerce-sync.php:50
authwp_ajax_onwebchat_wc_connectincludes\woocommerce-sync.php:51
authwp_ajax_onwebchat_wc_manual_process_batchincludes\woocommerce-sync.php:52
authwp_ajax_onwebchat_wc_get_sync_statusincludes\woocommerce-sync.php:53
authwp_ajax_onwebchat_wc_save_sync_enabledincludes\woocommerce-sync.php:54
WordPress Hooks 14
actionadmin_initincludes\woocommerce-sync.php:31
actionadmin_noticesincludes\woocommerce-sync.php:34
actionwoocommerce_update_productincludes\woocommerce-sync.php:37
actionwoocommerce_new_productincludes\woocommerce-sync.php:38
actionwp_trash_postincludes\woocommerce-sync.php:41
actionbefore_delete_postincludes\woocommerce-sync.php:42
actiononwebchat_wc_bulk_sync_batchincludes\woocommerce-sync.php:45
actionplugins_loadedonwebchat.php:34
actionadmin_enqueue_scriptsonwebchat.php:41
actionadmin_menuonwebchat.php:44
actionadmin_noticesonwebchat.php:47
actionadmin_initonwebchat.php:50
actionadmin_initonwebchat.php:53
actionwp_footeronwebchat.php:61

Scheduled Events 1

onwebchat_wc_bulk_sync_batch
Maintenance & Trust

Live Chat & AI Chatbot – onWebChat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 17, 2026
PHP min version5.4
Downloads35K

Community Trust

Rating94/100
Number of ratings24
Active installs700
Alternatives

Live Chat & AI Chatbot – onWebChat Alternatives

3CX Free Live Chat, Calls & Messaging

3CX Free Live Chat, Calls & Messaging

wp-live-chat-support

A
94

Chat with your website visitors in real-time for free! Engage with your customers and increase sales.

100K 15 CVEs
JivoChat Live Chat – WP live chat plugin for WordPress

JivoChat Live Chat – WP live chat plugin for WordPress

jivochat

B
84

Omnichannel Live Chat and Help Desk plugin, optimized for WordPress. Free, fast, easy to install and to use. Turn your visitors into happy customers!

20K 1 CVE
Zoho SalesIQ – Live chat, chatbots, and visitor tracking

Zoho SalesIQ – Live chat, chatbots, and visitor tracking

zoho-salesiq

A
97

Identify, engage and convert website visitors with live chat and visitor analytics.

20K 4 CVEs
Live Chat Plugin for WooCommerce – LiveChat

Live Chat Plugin for WooCommerce – LiveChat

livechat-woocommerce

A
100

Live chat and help desk software plugin for WooCommerce. Add live chat to your WooCommerce store to connect immediately with customers.

1K 1 CVE
Lime Connect (formerly Userlike) – WordPress Live Chat plugin

Lime Connect (formerly Userlike) – WordPress Live Chat plugin

userlike

A
100

Free live chat plugin to chat with the visitors of your website. Integrate a beautiful and fully customizable chat box. Hosted in Europe.

1K 1 CVE
Developer Profile

Live Chat & AI Chatbot – onWebChat Developer Profile

onWebChat

1 plugin · 700 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
1196 days
View full developer profile
Detection Fingerprints

How We Detect Live Chat & AI Chatbot – onWebChat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/onwebchat/css/onwebchat.css

HTML / DOM Fingerprints

Data Attributes
onwebchat_plugin_optiononwebchat_plugin_option_useronwebchat_plugin_option_hideonwebchat_plugin_option_api_codeonwebchat_wc_sync_enabledonwebchat_wc_sync_mode+4 more
JS Globals
onWebChat
FAQ

Frequently Asked Questions about Live Chat & AI Chatbot – onWebChat