Does Simple Ajax Chat – Add a Fast, Secure Chat Box have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Ajax Chat – Add a Fast, Secure Chat Box have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Ajax Chat – Add a Fast, Secure Chat Box compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Ajax Chat – Add a Fast, Secure Chat Box 20260301 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Ajax Chat – Add a Fast, Secure Chat Box compatible with PHP 5.6.20+?

Simple Ajax Chat – Add a Fast, Secure Chat Box requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Ajax Chat – Add a Fast, Secure Chat Box updated?

Simple Ajax Chat – Add a Fast, Secure Chat Box was last updated on Mar 1, 2026. Frequent updates are generally a positive security signal.

What is Simple Ajax Chat – Add a Fast, Secure Chat Box's security score?

Simple Ajax Chat – Add a Fast, Secure Chat Box has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Ajax Chat – Add a Fast, Secure Chat Box Security & Risk Analysis

wordpress.org/plugins/simple-ajax-chat

Display an Ajax-powered chat box anywhere. Lightweight, flexible, fast, and secure. Fully customizable with many options.

2K active installs v20260301 PHP 5.6.20+ WP 4.7+ Updated Mar 1, 2026

ajaxchatchat-boxforuminstant-message

A · Safe

CVEs total8

Unpatched0

Last CVEMar 12, 2026

Plugin page Download

Safety Verdict

Is Simple Ajax Chat – Add a Fast, Secure Chat Box Safe to Use in 2026?

Generally Safe

Score 92/100

Simple Ajax Chat – Add a Fast, Secure Chat Box has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Mar 12, 2026Updated 1mo ago

Risk Assessment

The plugin 'simple-ajax-chat' v20260301 exhibits a mixed security posture. On the positive side, the static analysis reveals a small attack surface with no unprotected AJAX handlers or REST API routes. The presence of numerous nonce and capability checks, along with a good percentage of SQL queries using prepared statements and properly escaped output, suggests some adherence to secure coding practices.

However, several concerns arise from the provided data. The vulnerability history is significant, with 8 known CVEs, including one high-severity vulnerability and seven medium-severity ones. The common types of past vulnerabilities (XSS, CSRF, information exposure) indicate a pattern of input sanitization and access control weaknesses. While there are currently no unpatched CVEs, the frequent discovery of vulnerabilities suggests potential ongoing security issues.

The taint analysis shows a flow with unsanitized paths, although it's not classified as critical or high. The presence of file operations without specific context on their usage also warrants further investigation. The percentage of SQL queries and output that are not properly prepared or escaped, while not critically high, still represents a potential attack vector that could be exploited, especially in conjunction with past vulnerability patterns.

Key Concerns

High number of known CVEs
One high severity known CVE
Seven medium severity known CVEs
Flow with unsanitized paths
37% of SQL queries not prepared
37% of outputs not properly escaped

Vulnerabilities

Simple Ajax Chat – Add a Fast, Secure Chat Box Security Vulnerabilities

CVEs by Year

3 CVEs in 2022

2022

3 CVEs in 2024

2024

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

8 total CVEs

CVE-2026-2987medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c'

Mar 12, 2026 Patched in 20260301 (1d)

CVE-2026-3075medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Simple Ajax Chat <= 20251121 - Unauthenticated Information Exposure

Feb 17, 2026 Patched in 20260217 (9d)

CVE-2024-2470medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Ajax Chat – Add a Fast, Secure Chat Box <= 20240318 - Authenticated (Admin+) Stored Cross-Site Scripting

May 14, 2024 Patched in 20240412 (24d)

CVE-2024-2956medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 26, 2024 Patched in 20240216 (702d)

CVE-2024-1983high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Ajax Chat <= 20240216 - Unauthenticated Stored Cross-Site Scripting

Mar 26, 2024 Patched in 20240223 (702d)

CVE-2022-27850medium · 5.4Cross-Site Request Forgery (CSRF)

Simple Ajax Chat <= 20220115 - Cross-Site Request Forgery

Apr 15, 2022 Patched in 20220216 (647d)

CVE-2022-27849medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Simple Ajax Chat Plugin <= 20220115 - Sensitive Information Disclosure

Apr 15, 2022 Patched in 20220216 (647d)

CVE-2022-25610medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Ajax Chat <= 20220115 - Unauthenticated Stored Cross-Site Scripting

Feb 16, 2022 Patched in 20220216 (705d)

Code Analysis

Analyzed Mar 16, 2026

Simple Ajax Chat – Add a Fast, Secure Chat Box Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

63% prepared16 total queries

Output Escaping

63% escaped158 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

<sac-check-user> (includes\sac-check-user.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Ajax Chat – Add a Fast, Secure Chat Box Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sac_happens] simple-ajax-chat.php:693

WordPress Hooks 26

actionadmin_initsimple-ajax-chat-admin.php:89

actionadmin_initsimple-ajax-chat-admin.php:115

actionadmin_initsimple-ajax-chat-admin.php:279

actionadmin_menusimple-ajax-chat-admin.php:289

actionadmin_initsimple-ajax-chat-admin.php:469

actionadmin_enqueue_scriptssimple-ajax-chat-admin.php:479

actionadmin_noticessimple-ajax-chat-admin.php:1326

actionadmin_initsimple-ajax-chat-admin.php:1352

actionadmin_initsimple-ajax-chat-admin.php:1381

actioninitsimple-ajax-chat.php:96

actionadmin_initsimple-ajax-chat.php:106

actionadmin_initsimple-ajax-chat.php:135

actioninitsimple-ajax-chat.php:221

actionadmin_initsimple-ajax-chat.php:252

actionadmin_initsimple-ajax-chat.php:281

actionadmin_initsimple-ajax-chat.php:324

filtercron_schedulessimple-ajax-chat.php:446

filtercron_schedulessimple-ajax-chat.php:455

filtercron_schedulessimple-ajax-chat.php:464

filtercron_schedulessimple-ajax-chat.php:473

actionsac_cron_truncatesimple-ajax-chat.php:534

filterplugin_action_linkssimple-ajax-chat.php:567

filterplugin_row_metasimple-ajax-chat.php:593

filteradmin_footer_textsimple-ajax-chat.php:617

actionwp_enqueue_scriptssimple-ajax-chat.php:678

actionwpsimple-ajax-chat.php:850

Scheduled Events 1

sac_cron_truncate

Maintenance & Trust

Simple Ajax Chat – Add a Fast, Secure Chat Box Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 1, 2026

PHP min version5.6.20

Downloads173K

Community Trust

Rating98/100

Number of ratings212

Active installs2K

Alternatives

Simple Ajax Chat – Add a Fast, Secure Chat Box Alternatives

BuddyPress Group Chatroom

bp-group-chatroom

This plugin provides neat chatrooms into BuddyPress groups. Each Group admin can enable a group Chat room, available for all group members to view and …

100 No CVEs

Click To Email – Chat Bubble & Mail Button for WP

click-to-mail

100

Add a "Click to Mail" bubble to your site—let visitors email you in 3 clicks with custom subject, body, CC/BCC, and timezone-based availability.

100 No CVEs

Author: Munzir

myshouts-shoutbox

A simple shoutbox with accordion option and customizable through admin panel.

50 1 unpatched

BuddyPress Group Livechat

bp-group-livechat

100

Basic live chat within groups.

10 No CVEs

Instant Contact – Generate leads and convert them into Customers

instant-contact

Instant Contact - supports all cf7, gravity forms, and form embedments...

10 No CVEs

Developer Profile

Simple Ajax Chat – Add a Fast, Secure Chat Box Developer Profile

Jeff Starr

30 plugins · 1.2M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

345 days

View full developer profile

Detection Fingerprints

How We Detect Simple Ajax Chat – Add a Fast, Secure Chat Box

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-ajax-chat/simple-ajax-chat.css/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-form.js/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-admin.js

Script Paths

/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-form.js/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-admin.js

Version Parameters

simple-ajax-chat/simple-ajax-chat.css?ver=simple-ajax-chat-form.js?ver=simple-ajax-chat-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

sac_formsac_messagesac_message_metasac_chat_wrapper

HTML Comments

+2 more

Data Attributes

data-sac-usernamedata-sac-textdata-sac-urldata-sac-iddata-sac-noncedata-sac-admin-nonce+3 more

JS Globals

sac_ajax_objectsac_admin_ajax_object

Shortcode Output

<div class="sac_chat_wrapper"><div class="sac_form">

FAQ