Does Raopress Chat – Firebase Chat for Visitors have any unpatched vulnerabilities?

No. All known vulnerabilities in Raopress Chat – Firebase Chat for Visitors have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Raopress Chat – Firebase Chat for Visitors compatible with WordPress 6.4.8?

According to WordPress.org data, Raopress Chat – Firebase Chat for Visitors 1.3 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Raopress Chat – Firebase Chat for Visitors compatible with PHP 7.0+?

Raopress Chat – Firebase Chat for Visitors requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Raopress Chat – Firebase Chat for Visitors updated?

Raopress Chat – Firebase Chat for Visitors was last updated on Dec 14, 2023. Frequent updates are generally a positive security signal.

What is Raopress Chat – Firebase Chat for Visitors's security score?

Raopress Chat – Firebase Chat for Visitors has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Raopress Chat – Firebase Chat for Visitors Security & Risk Analysis

wordpress.org/plugins/raopress-chat-firebase-chat-for-visitors

Raopress Chat - Firebase Chat for Visitors is the first Real time Wordpress Chat Plugin that integrates with Firebase Chat

0 active installs v1.3 PHP 7.0+ WP 4.7+ Updated Dec 14, 2023

chatscreate-usersfirebasemanage-chatssend-receive

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Raopress Chat – Firebase Chat for Visitors Safe to Use in 2026?

Generally Safe

Score 85/100

Raopress Chat – Firebase Chat for Visitors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The raopress-chat-firebase-chat-for-visitors plugin v1.3 exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. With 13 AJAX handlers identified, all of which lack authentication checks, this presents a substantial attack surface. Although the plugin shows strengths in its use of prepared statements for SQL queries and generally good output escaping practices, these are overshadowed by the lack of authorization on its entry points.

The taint analysis did not reveal any critical or high-severity vulnerabilities, which is a positive indicator. However, the presence of 4 flows with unsanitized paths suggests a potential for vulnerabilities if user-supplied data is not handled with extreme care, even if current analysis didn't flag them as critical. The absence of any recorded vulnerabilities in its history is a good sign, implying a development team that has historically been diligent or fortunate. Nevertheless, the current state of unprotected AJAX endpoints is a significant weakness that could be exploited if a malicious actor can craft appropriate requests.

In conclusion, while the plugin demonstrates good practices in areas like SQL and output sanitization, the overwhelming number of unprotected AJAX endpoints represents a critical security flaw. The lack of recorded vulnerabilities is a positive historical pattern, but it does not mitigate the immediate risks posed by the current code. Developers should prioritize implementing proper authentication and authorization checks on all AJAX handlers to improve the plugin's overall security.

Key Concerns

All AJAX handlers are unprotected
13 AJAX handlers without auth checks
4 flows with unsanitized paths
Bundled outdated library: Select2 v3.4.8

Vulnerabilities

None known

Raopress Chat – Firebase Chat for Visitors Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Raopress Chat – Firebase Chat for Visitors Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

226 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select23.4.8Guzzle

Output Escaping

99% escaped228 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

save_login_status (admin\class-rcfv-admin.php:287)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

Raopress Chat – Firebase Chat for Visitors Attack Surface

Entry Points13

Unprotected13

AJAX Handlers 13

authwp_ajax_remove_firebase_loginincludes\class-rcfv.php:169

authwp_ajax_register_firebase_userincludes\class-rcfv.php:170

authwp_ajax_add_chat_admin_idincludes\class-rcfv.php:171

authwp_ajax_add_chat_admin_nameincludes\class-rcfv.php:172

authwp_ajax_sort_chat_keysincludes\class-rcfv.php:173

authwp_ajax_save_login_statusincludes\class-rcfv.php:175

authwp_ajax_manage_user_licenseincludes\class-rcfv.php:179

authwp_ajax_create_anonymus_userincludes\class-rcfv.php:198

noprivwp_ajax_create_anonymus_userincludes\class-rcfv.php:199

authwp_ajax_update_error_displayincludes\class-rcfv.php:200

noprivwp_ajax_update_error_displayincludes\class-rcfv.php:201

authwp_ajax_check_current_userincludes\class-rcfv.php:202

noprivwp_ajax_check_current_userincludes\class-rcfv.php:203

WordPress Hooks 17

actionplugins_loadedincludes\class-rcfv.php:147

actionadmin_noticesincludes\class-rcfv.php:161

actionplugins_loadedincludes\class-rcfv.php:163

actionadmin_enqueue_scriptsincludes\class-rcfv.php:164

actionadmin_enqueue_scriptsincludes\class-rcfv.php:165

actionuser_registerincludes\class-rcfv.php:166

actionwp_loginincludes\class-rcfv.php:167

actionadmin_noticesincludes\class-rcfv.php:174

actionprofile_updateincludes\class-rcfv.php:176

filterget_avatarincludes\class-rcfv.php:177

actionwp_enqueue_scriptsincludes\class-rcfv.php:195

actionwp_enqueue_scriptsincludes\class-rcfv.php:196

actionwp_footerincludes\class-rcfv.php:197

actionrest_api_initincludes\class-rcfv.php:205

filterkses_allowed_protocolsincludes\class-rcfv.php:206

actionadmin_menusrc\Admin\Settings\RCFV_Menu.php:49

actioninitsrc\Admin\Settings\RCFV_Settings.php:9

Maintenance & Trust

Raopress Chat – Firebase Chat for Visitors Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedDec 14, 2023

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Raopress Chat – Firebase Chat for Visitors Alternatives

FCM Push Notification from WP

fcm-push-notification-from-wp

Notify your users using Firebase Cloud Messaging (FCM) when content is published or updated.

600 No CVEs

Integrate Firebase

integrate-firebase

Integrate Firebase is a plugin that helps to integrate Firebase features to WordPress

600 1 CVE

Firebase Authentication

firebase-authentication

100

This plugin allows login into WordPress using Firebase user credentials and maps Firebase user data to WordPress user profile.

500 No CVEs

Push notification for Mobile and Web app

push-notification-mobile-and-web-app

Push notification for Android, iOS and the Web

500 1 CVE

Free SMS OTP Verification for Gravity Forms By Firebase

free-sms-verification-for-gravity-forms

The best free SMS verification plugin for Gravity Forms, Verify users numbers before submitting the forms.

200 No CVEs

Developer Profile

Raopress Chat – Firebase Chat for Visitors Developer Profile

raoinfotech

3 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Raopress Chat – Firebase Chat for Visitors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/admin/css/rcfv-admin.css/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/assets/select2.css/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/admin/css/rcfv-widget.css/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/admin/css/bootstrap-5.2.3.min.css/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/admin/css/style.css/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/assets/select2.js/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/admin/js/rcfv-settings.js/wp-content/plugins/raopress-chat-firebase-chat-for-visitors/admin/js/rcfv-admin.js

Script Paths

https://use.fontawesome.com/releases/v5.6.3/css/all.css

Version Parameters

raopress-chat-firebase-chat-for-visitors/admin/css/rcfv-admin.css?ver=raopress-chat-firebase-chat-for-visitors/assets/select2.css?ver=raopress-chat-firebase-chat-for-visitors/admin/css/rcfv-widget.css?ver=raopress-chat-firebase-chat-for-visitors/admin/css/bootstrap-5.2.3.min.css?ver=raopress-chat-firebase-chat-for-visitors/admin/css/style.css?ver=raopress-chat-firebase-chat-for-visitors/assets/select2.js?ver=raopress-chat-firebase-chat-for-visitors/admin/js/rcfv-settings.js?ver=raopress-chat-firebase-chat-for-visitors/admin/js/rcfv-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

rcfv-admin-cssrcfv-widget-css

HTML Comments

JS Globals

RCFV_PLUGIN_URLRCFV_VERSIONadmin_urlRCFV_PLUGIN_DIRrao_firebase_user_credentialsget_transient

FAQ