Does Simple Webchat have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Webchat compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Webchat 3.6.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Simple Webchat updated?

Simple Webchat was last updated on May 28, 2025. Frequent updates are generally a positive security signal.

What is Simple Webchat's security score?

Simple Webchat has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Webchat Security — No Known CVEs

Safety Verdict

Is Simple Webchat Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Webchat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "quick-whatsapp" plugin v3.6.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL query handling, exclusively using prepared statements, and implements a substantial number of nonce checks. It also has no known CVEs and no recorded vulnerabilities, suggesting a generally stable security history. However, there are significant concerns arising from the static analysis. The most notable issue is the low percentage of properly escaped output (31%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals a concerning number of flows with unsanitized paths (17 out of 18), even though no critical or high severity issues were flagged in the taint analysis itself. This could indicate potential for vulnerabilities if user-supplied data is not properly handled, despite the current lack of severe findings. The absence of capability checks on entry points is also a potential weakness, as it relies solely on nonce checks for authorization.

Key Concerns

Low output escaping percentage
High percentage of unsanitized paths in taint analysis
No capability checks on entry points

Vulnerabilities

None known

Simple Webchat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Webchat Release Timeline

v3.6.1Current

v3.5

v3.4

v3.3.9

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.1

v2.0

v1.8

v1.7

v1.6

Code Analysis

Analyzed Mar 16, 2026

Simple Webchat Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

0 prepared

Unescaped Output

96

44 escaped

Nonce Checks

27

Capability Checks

0

File Operations

0

External Requests

0

Bundled Libraries

0

Output Escaping

31% escaped140 total outputs

Data Flows · Security

17 unsanitized

Data Flow Analysis

18 flows17 with unsanitized paths

saveForm_quickwhatsappbutton_style (form.php:606)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Webchat Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[quickwhatsapp_group] simple-webchat-whatsapp-shortcode-gruppe.php:43

[quickwhatsapp_group2] simple-webchat-whatsapp-shortcode-gruppe.php:89

[quickwhatsapp_group3] simple-webchat-whatsapp-shortcode-gruppe.php:134

[quickwhatsapp_chat] whatsapp-shortcode-chat.php:106

[quickwhatsapp_share] whatsapp-shortcode-sharing.php:97

WordPress Hooks 8

actionadmin_menuconf.php:18

actioninitsimple-webchat.php:26

actionadmin_noticessimple-webchat.php:46

actionadmin_noticessimple-webchat.php:68

actionwoocommerce_after_add_to_cart_buttonwhatsapp-button-after-addtocart.php:7

actionwp_enqueue_scriptswhatsapp-floating-button.php:8

actionwp_footerwhatsapp-floating-button.php:17

filterthe_contentwhatsapp-standard.php:3

Maintenance & Trust

Simple Webchat Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 28, 2025

PHP min version

Downloads73K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

Simple Webchat Alternatives

AGY Social

agy-social

A

92

Adds a Whatsapp icon to the website footer.

20 No CVEs

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A

94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs

Buttonizer – Live Chat, AI Chatbot, Call, Chat, Contact Button

button-contact-vr

A

98

Powerful platform with Live Chat, AI Chatbots, and Real-Time Visitor Monitoring! Also, create Call, Email, SMS, & Contact buttons to increase conv …

60K 3 CVEs

Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons

sticky-chat-widget

A

100

Social chat buttons with WhatsApp, Messenger, WeChat, Telegram, Instagram, TikTok, Zalo & more — plus SMS, Call button, Contact form, and 20+ icons.

10K 1 CVE

Click to Call or Chat Buttons

click-to-call-or-chat-buttons

A

92

This plugin adds Phone Call and WhatsApp button on your webpage.

1K 1 CVE

Developer Profile

Simple Webchat Developer Profile

Eric-Oliver Mächler

13 plugins · 5K total installs

95

trust score

Avg Security Score

93/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Simple Webchat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quick-whatsapp/css/quick-whatsapp-floating-button.php

HTML / DOM Fingerprints

CSS Classes

simplewebchat_float

Shortcode Output

<a href='https://chat.whatsapp.com/' target='_blank'>

FAQ

Simple Webchat Security & Risk Analysis