WP-Safety

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Security & Risk Analysis

wordpress.org/plugins/qnachat

QnAChat is a powerful live chat customer support plugin for WordPress. It allows you to provide real-time assistance to your website visitors through …

0 active installs v1.0.2 PHP 7.2+ WP 5.9+ Updated Nov 11, 2023
chat-widgetcustomer-supportlive-chattag-based-faqs
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Safe to Use in 2026?

Generally Safe

Score 85/100

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The qnachat plugin v1.0.2 exhibits a significantly concerning security posture due to a large number of unprotected AJAX handlers, representing its entire attack surface. While the plugin demonstrates good practices in SQL query preparation and output escaping, the lack of any authentication or capability checks on all its entry points is a critical flaw. This makes the plugin highly susceptible to unauthorized actions being performed by any authenticated user, or potentially even unauthenticated users if the AJAX endpoints can be triggered without login.

The taint analysis reveals a high number of flows with unsanitized paths, with 11 classified as high severity. This, combined with the presence of the `unserialize` function which is inherently dangerous when used with untrusted input, suggests a high risk of arbitrary code execution or data manipulation vulnerabilities. The absence of nonce checks on AJAX handlers further exacerbates this risk, allowing for Cross-Site Request Forgery (CSRF) attacks to be more easily executed. The plugin's clean vulnerability history is a positive, but it does not mitigate the significant risks identified in the current static analysis.

In conclusion, while the plugin shows some strengths in data handling (SQL, output escaping), the overwhelming lack of security checks on its extensive AJAX attack surface, coupled with high-severity taint flows and the use of `unserialize`, creates a critical security weakness. Immediate attention is required to implement proper authentication and authorization mechanisms for all AJAX handlers to mitigate these risks.

Key Concerns

  • Unprotected AJAX handlers
  • High number of unsanitized flows (high severity)
  • Dangerous unserialize function
  • Missing nonce checks on AJAX
  • No capability checks
Vulnerabilities
None known

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Release Timeline

v1.0.2Current
Code Analysis
Analyzed Apr 16, 2026

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Code Analysis

Dangerous Functions
21
Raw SQL Queries
0
14 prepared
Unescaped Output
11
500 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$conv_data = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/admin/admin.php:68
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $conversation_id));includes/admin/admin.php:99
unserialize$conversationData = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/admin/admin.php:239
unserialize$conversationData = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/admin/admin.php:260
unserialize$conversationData = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/admin/admin.php:279
unserialize$conv_data = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/admin/blocks/conversation_info.php:10
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $conversation_id));includes/admin/blocks/conversation_item.php:10
unserialize$saved_data = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/admin/blocks/conversation_item.php:12
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $conversation_id));includes/admin/blocks/single_conversation.php:10
unserialize$conversation = unserialize( qnac_get_value_by_conversation_id( 'conversation', $conversation_includes/chats_manager.php:46
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $conversation_id));includes/front/blocks/conversation.php:13
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $conversation_id));includes/front/chat_widget.php:13
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $conversation_id));includes/functions.php:138
unserialize$conversationData = unserialize(qnac_get_value_by_conversation_id('data', $conversation_id));includes/functions.php:150
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $cId));includes/functions.php:191
unserialize$conversation = unserialize(qnac_get_value_by_conversation_id('conversation', $cId));includes/functions.php:227
unserialize$conversationData = unserialize(qnac_get_value_by_conversation_id('data', $cId));includes/functions.php:228
unserialize$saved_conversation = unserialize($existing_conversation->conversation);includes/functions.php:364
unserialize$saved_data = unserialize($existing_conversation->data);includes/functions.php:366
unserialize$saved_conversation = unserialize($existing_conversation->conversation);includes/functions.php:405
unserialize$saved_data = unserialize($existing_conversation->data);includes/functions.php:406

SQL Query Safety

100% prepared14 total queries

Output Escaping

98% escaped511 total outputs
Data Flows · Security
15 unsanitized

Data Flow Analysis

15 flows15 with unsanitized paths
qnac_get_tag_data (includes/functions.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
38 unprotected

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Attack Surface

Entry Points38
Unprotected38

AJAX Handlers 38

noprivwp_ajax_qnac_submit_faq_settingsincludes/admin/admin.php:22
authwp_ajax_qnac_submit_faq_settingsincludes/admin/admin.php:23
authwp_ajax_qnac_admin_nmcincludes/admin/admin.php:60
noprivwp_ajax_qnac_admin_nmcincludes/admin/admin.php:61
authwp_ajax_qnac_admin_get_conversationincludes/admin/admin.php:93
authwp_ajax_qnac_get_conversation_itemsincludes/admin/admin.php:118
noprivwp_ajax_qnac_mute_settingincludes/admin/admin.php:131
authwp_ajax_qnac_mute_settingincludes/admin/admin.php:132
noprivwp_ajax_qnac_admin_request_infoincludes/admin/admin.php:143
authwp_ajax_qnac_admin_request_infoincludes/admin/admin.php:144
noprivwp_ajax_qnac_admin_replyincludes/admin/admin.php:192
authwp_ajax_qnac_admin_replyincludes/admin/admin.php:193
authwp_ajax_qnac_admin_manage_chatincludes/admin/admin.php:232
noprivwp_ajax_qnac_admin_manage_chatincludes/admin/admin.php:233
authwp_ajax_qnac_admin_note_manageincludes/admin/admin.php:253
noprivwp_ajax_qnac_admin_note_manageincludes/admin/admin.php:254
authwp_ajax_qnac_admin_edit_tagsincludes/admin/admin.php:272
noprivwp_ajax_qnac_admin_edit_tagsincludes/admin/admin.php:273
authwp_ajax_qnac_admin_contacts_manageincludes/admin/admin.php:293
noprivwp_ajax_qnac_admin_contacts_manageincludes/admin/admin.php:294
noprivwp_ajax_qnac_admin_last_seenincludes/admin/admin.php:317
authwp_ajax_qnac_admin_last_seenincludes/admin/admin.php:318
noprivwp_ajax_qnac_save_settingsincludes/admin/admin.php:331
authwp_ajax_qnac_save_settingsincludes/admin/admin.php:332
noprivwp_ajax_qnac_save_advanced_settingsincludes/admin/admin.php:343
authwp_ajax_qnac_save_advanced_settingsincludes/admin/admin.php:344
noprivwp_ajax_qnac_get_tag_dataincludes/functions.php:63
authwp_ajax_qnac_get_tag_dataincludes/functions.php:64
noprivwp_ajax_qnac_get_tag_qaincludes/functions.php:76
authwp_ajax_qnac_get_tag_qaincludes/functions.php:77
noprivwp_ajax_qnac_add_converstion_itemincludes/functions.php:174
authwp_ajax_qnac_add_converstion_itemincludes/functions.php:175
authwp_ajax_qnac_front_nmcincludes/functions.php:216
noprivwp_ajax_qnac_front_nmcincludes/functions.php:217
authwp_ajax_qnac_user_submit_infoincludes/functions.php:287
noprivwp_ajax_qnac_user_submit_infoincludes/functions.php:288
authwp_ajax_qnac_front_get_messagesincludes/functions.php:297
noprivwp_ajax_qnac_front_get_messagesincludes/functions.php:298
WordPress Hooks 6
actionwp_footerincludes/functions.php:35
actionwp_footerincludes/functions.php:38
actioninitincludes/functions.php:44
actionadmin_menuindex.php:43
actionwp_enqueue_scriptsindex.php:55
actionadmin_enqueue_scriptsindex.php:58
Maintenance & Trust

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedNov 11, 2023
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Alternatives

LiveChat – Live Chat Plugin for WP Websites

LiveChat – Live Chat Plugin for WP Websites

wp-live-chat-software-for-wordpress

A
99

Best live chat and help desk plugin for WordPress websites. Add the LiveChat widget to engage visitors and provide real‑time customer support! 🚀

10K 2 CVEs
Chatlio Live Chat for Slack

Chatlio Live Chat for Slack

chatlio

A
100

Chatlio lets you talk with your customers using Slack directly from your WordPress site.

200 No CVEs
WPChat – Live Chat & Messaging Widget for Customer Support

WPChat – Live Chat & Messaging Widget for Customer Support

smashballoon-wpchat-livechat-customer-support

A
100

WordPress WhatsApp chat plugin with a live chat widget for WhatsApp, Messenger, Telegram & Instagram. Includes smart FAQs and chat funnels.

200 No CVEs
EngageBay Live Chat Support

EngageBay Live Chat Support

engagebay-livechat

A
100

Add real-time live chat support to your WordPress site with EngageBay. Connect instantly with visitors, boost engagement, and grow your business.

100 No CVEs
Appzo Chatbot Widget

Appzo Chatbot Widget

appzo-chatbot-widget

A
100

Add an intelligent AI chatbot widget to your WordPress site with customizable positioning and styling. Improve customer engagement and support.

0 No CVEs
Developer Profile

QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support Developer Profile

aleswebs

3 plugins · 100 total installs

80
trust score
Avg Security Score
80/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/qnachat/assets/css/chat_widget.css/wp-content/plugins/qnachat/assets/js/front_end.js/wp-content/plugins/qnachat/assets/js/back_end.js/wp-content/plugins/qnachat/assets/js/settings.js/wp-content/plugins/qnachat/assets/css/conversations.css/wp-content/plugins/qnachat/assets/css/settings.css/wp-content/plugins/qnachat/assets/js/advanced_settings.js/wp-content/plugins/qnachat/assets/js/faq_set.js+1 more
Script Paths
/wp-content/plugins/qnachat/assets/js/front_end.js/wp-content/plugins/qnachat/assets/js/back_end.js/wp-content/plugins/qnachat/assets/js/settings.js/wp-content/plugins/qnachat/assets/js/advanced_settings.js/wp-content/plugins/qnachat/assets/js/faq_set.js
Version Parameters
qnachat/assets/css/chat_widget.css?ver=qnachat/assets/js/front_end.js?ver=qnachat/assets/js/back_end.js?ver=qnachat/assets/js/settings.js?ver=qnachat/assets/css/conversations.css?ver=qnachat/assets/css/settings.css?ver=qnachat/assets/js/advanced_settings.js?ver=qnachat/assets/js/faq_set.js?ver=qnachat/assets/css/faqs.css?ver=

HTML / DOM Fingerprints

CSS Classes
qnac-chat-bubbleqnac-chat-widgetqnac-chat-widget-headerqnac-chat-widget-bodyqnac-chat-widget-footerqnac-chat-inputqnac-chat-sendqnac-chat-message+38 more
HTML Comments
<!-- QnAChat Chat Widget Start --><!-- QnAChat Chat Widget End --><!-- QnAChat FAQs Settings Start --><!-- QnAChat FAQs Settings End -->+4 more
Data Attributes
data-qnac-iddata-qnac-conversation-iddata-qnac-faq-iddata-qnac-settingdata-qnac-tab
JS Globals
qnac_data
REST Endpoints
/wp-json/qnac/v1/messages/wp-json/qnac/v1/faqs/wp-json/qnac/v1/settings
FAQ

Frequently Asked Questions about QNA Chat – All-in-One Solution for Live Chat, Tag-Based FAQs, and Customer Support