Does TG Live Chat have any unpatched vulnerabilities?

No. All known vulnerabilities in TG Live Chat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TG Live Chat compatible with WordPress 6.9.4?

According to WordPress.org data, TG Live Chat 1.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is TG Live Chat compatible with PHP 7.2+?

TG Live Chat requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TG Live Chat updated?

TG Live Chat was last updated on Jan 2, 2026. Frequent updates are generally a positive security signal.

What is TG Live Chat's security score?

TG Live Chat has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TG Live Chat Security & Risk Analysis

wordpress.org/plugins/tg-live-chat

Connect your website visitors with live chat through messaging service. Customers chat on your website while you reply from your messaging app.

0 active installs v1.0.4 PHP 7.2+ WP 6.2+ Updated Jan 2, 2026

chatcustomer-servicelive-chatmessagingsupport

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TG Live Chat Safe to Use in 2026?

Generally Safe

Score 100/100

TG Live Chat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "tg-live-chat" v1.0.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and a high rate of output escaping (94%). The complete absence of known CVEs and a clean vulnerability history are also strong indicators of a well-maintained and secure plugin.

However, significant concerns arise from its attack surface. With a total of 5 entry points, 3 of which lack permission callbacks, there's a notable exposure of functionality without proper authentication or authorization checks. The taint analysis further highlights this weakness, revealing 2 flows with unsanitized paths, both classified as high severity. These unsanitized flows, coupled with unprotected entry points, suggest potential vulnerabilities that could be exploited.

In conclusion, while the plugin benefits from robust internal coding practices regarding SQL and output handling, and has no historical vulnerabilities, the substantial number of unprotected entry points and high-severity unsanitized taint flows represent a tangible security risk. These areas require immediate attention to mitigate potential exploitation.

Key Concerns

Unprotected REST API routes (3)
High severity unsanitized taint flows (2)
Unprotected AJAX handlers (implicitly via overall unprotected entry points)

Vulnerabilities

None known

TG Live Chat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TG Live Chat Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

131 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared32 total queries

Output Escaping

94% escaped140 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

nandanntglivechat_handle_settings_save (includes\admin-settings-handler.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

TG Live Chat Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 1

authwp_ajax_nandanntglivechat_submit_contactincludes\ajax-handlers.php:72

REST API Routes 4

POST/wp-json/nandanntglivechat/v1/send-messageincludes\rest-api.php:26

GET/wp-json/nandanntglivechat/v1/get-messagesincludes\rest-api.php:45

POST/wp-json/nandanntglivechat/v1/telegram-webhookincludes\rest-api.php:64

GET/wp-json/nandanntglivechat/v1/conversationsincludes\rest-api.php:76

WordPress Hooks 11

actionadmin_enqueue_scriptsincludes\admin-assets.php:46

actionadmin_menuincludes\admin-menu.php:26

actionadmin_enqueue_scriptsincludes\admin-menu.php:52

actionadmin_noticesincludes\admin-notices.php:43

actionwp_enqueue_scriptsincludes\chat-widget.php:77

actionwp_footerincludes\chat-widget.php:198

actionnandanntglivechat_cleanup_expired_dataincludes\database.php:199

actionrest_api_initincludes\rest-api.php:84

filtercron_schedulesincludes\telegram-polling.php:197

actionnandanntglivechat_poll_telegramincludes\telegram-polling.php:202

actionplugins_loadedtg-live-chat.php:67

Scheduled Events 2

nandanntglivechat_cleanup_expired_data

nandanntglivechat_poll_telegram

Maintenance & Trust

TG Live Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 2, 2026

PHP min version7.2

Downloads132

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

TG Live Chat Alternatives

Lime Connect (formerly Userlike) – WordPress Live Chat plugin

userlike

100

Free live chat plugin to chat with the visitors of your website. Integrate a beautiful and fully customizable chat box. Hosted in Europe.

1K 1 CVE

Chat Floating Button BY XD

chat-floating-button-by-xd

100

Floating button for chatting with your visitors via WhatsApp.

300 No CVEs

Richpanel – Customer Support Helpdesk & Chat

richpanel-for-woocommerce

Free Live Chat & Help desk for WooCommerce. Integrate in 2 mins.

100 No CVEs

Paldesk – Live Chat & Helpdesk

paldesk-live-chat-helpdesk

Powerful live chat & helpdesk plugin made for your WordPress website. Convert leads to sales & help customers in real time - it's free!

30 No CVEs

5chat – Blazing fast live chat

5chat-blazing-fast-live-chat

100

Ultra-fast live chat widget that loads in

0 No CVEs

Developer Profile

TG Live Chat Developer Profile

Prakhar Bhatia

6 plugins · 180 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TG Live Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tg-live-chat/assets/css/admin-styles.css/wp-content/plugins/tg-live-chat/assets/js/admin-scripts.js/wp-content/plugins/tg-live-chat/assets/css/chat-widget.css/wp-content/plugins/tg-live-chat/assets/js/chat-widget-customer-details.js/wp-content/plugins/tg-live-chat/assets/js/chat-widget-notifications.js/wp-content/plugins/tg-live-chat/assets/js/chat-widget-core.js

Script Paths

/wp-content/plugins/tg-live-chat/assets/js/admin-scripts.js/wp-content/plugins/tg-live-chat/assets/js/chat-widget-customer-details.js/wp-content/plugins/tg-live-chat/assets/js/chat-widget-notifications.js/wp-content/plugins/tg-live-chat/assets/js/chat-widget-core.js

Version Parameters

tg-live-chat/assets/css/admin-styles.css?ver=tg-live-chat/assets/js/admin-scripts.js?ver=tg-live-chat/assets/css/chat-widget.css?ver=tg-live-chat/assets/js/chat-widget-customer-details.js?ver=tg-live-chat/assets/js/chat-widget-notifications.js?ver=tg-live-chat/assets/js/chat-widget-core.js?ver=

HTML / DOM Fingerprints

CSS Classes

nandanntglivechat-widget-styles

Data Attributes

nandanntglivechatAjaxnandanntglivechatWidget

JS Globals