PGreca Chat Security & Risk Analysis
wordpress.org/plugins/pgreca-chatLive Chat Plugin for Wordpress Websites. 100% FREE.
Is PGreca Chat Safe to Use in 2026?
Generally Safe
Score 85/100PGreca Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The pgreca-chat plugin version 0.8 presents a significant security risk primarily due to its unprotected AJAX handlers. With 8 AJAX handlers and none of them implementing authentication checks, any unauthenticated user can potentially trigger these functions, leading to a broad attack surface. The taint analysis revealing 3 flows with unsanitized paths, including 2 of high severity, further exacerbates this concern. These flows suggest that user-supplied data might be processed in a way that could lead to vulnerabilities like cross-site scripting (XSS) or other injection attacks, especially when combined with the unprotected AJAX endpoints.
The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting the developers may have good security practices or that the plugin has not yet been widely targeted or extensively audited. However, the lack of historical vulnerabilities should not overshadow the critical issues identified in the static analysis. The absence of nonce checks and a concerningly low percentage of capability checks (only 1 out of 8 entry points) indicate a fundamental lack of robust security controls for its entry points. While the use of prepared statements for SQL queries is commendable, the presence of unsanitized paths and unprotected AJAX handlers creates a high-risk environment.
Key Concerns
- Unprotected AJAX handlers (8)
- High severity taint flows (2)
- Unsanitized paths in taint flows (3)
- Lack of nonce checks
- Low capability checks coverage
PGreca Chat Security Vulnerabilities
PGreca Chat Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
PGreca Chat Attack Surface
AJAX Handlers 8
WordPress Hooks 7
Maintenance & Trust
PGreca Chat Maintenance & Trust
Maintenance Signals
Community Trust
PGreca Chat Alternatives
JivoChat Live Chat – WP live chat plugin for WordPress
jivochat
Omnichannel Live Chat and Help Desk plugin, optimized for WordPress. Free, fast, easy to install and to use. Turn your visitors into happy customers!
Live Chat Plugin for WooCommerce – LiveChat
livechat-woocommerce
Live chat and help desk software plugin for WooCommerce. Add live chat to your WooCommerce store to connect immediately with customers.
Replain
replain
Be in touch with your clients through Telegram, WhatsApp or Facebook Messenger. Fast, functional and free live-chat service for your website.
LiveAgent – Omnichannel Help Desk & Live Chat Software
liveagent
LiveAgent is a multichannel help desk software that offers over 180 help desk and live chat features. Discover the power of the universal inbox, a hyb …
Live Chat by User.com
userengage-live-chat-marketing-automation-integration
With Live Chat by User.com you can chat with any visitor on your website with a simple Wordpress plugin.
PGreca Chat Developer Profile
1 plugin · 0 total installs
How We Detect PGreca Chat
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/pgreca-chat/pgreca-chat.css/wp-content/plugins/pgreca-chat/pgreca-chat_admin.css/wp-content/plugins/pgreca-chat/images/icon.png/wp-content/plugins/pgreca-chat/pgreca-chat.jspgreca-chat.css?ver=pgreca-chat.js?ver=HTML / DOM Fingerprints
pgreca_chat_chatpgreca_chat-headpgreca_chat-widget_showpgreca_chat-memberonlinepgreca_chat-widget_gadgetpgreca_chat-widget_emoticonpgreca_chat-widget_settingspgreca_chat_widget_emoticon_panel+6 moredata-chat_memberdata-emoticonpgrecachat_ajax/wp-json/pgreca-chat/v1/messages/wp-json/pgreca-chat/v1/member-online/wp-json/pgreca-chat/v1/chat-new/wp-json/pgreca-chat/v1/new-chat/wp-json/pgreca-chat/v1/send/wp-json/pgreca-chat/v1/user-settings