WP-Safety

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Security & Risk Analysis

wordpress.org/plugins/thrivedesk

Add ThriveDesk AI Live Chat & Chatbot to your WordPress for free to answer customers' questions and provide excellent support.

100 active installs v2.1.7 PHP 7.4+ WP 4.9+ Updated Apr 7, 2026
chatbothelpdesklive-chatsupport-ticketwoocommerce-support
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 11, 2024
Plugin page Download
Safety Verdict

Is Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Safe to Use in 2026?

Generally Safe

Score 99/100

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 11, 2024Updated 1mo ago
Risk Assessment

The ThriveDesk plugin v2.1.6 presents a mixed security posture. While it demonstrates good practices like using prepared statements for a high percentage of SQL queries and proper output escaping, there are notable areas of concern. The significant attack surface, with 11 AJAX handlers and 5 of them lacking authentication checks, is a primary risk. This could allow unauthenticated users to trigger plugin functionality that might have unintended consequences or be exploitable if not properly secured downstream.

Although no critical or high severity taint flows were detected, 3 flows with unsanitized paths were identified. These, combined with the unprotected AJAX handlers, suggest potential avenues for attackers to manipulate file operations or other sensitive code if specific conditions are met. The plugin's vulnerability history shows a single medium severity CVE related to Cross-site Scripting, which was patched. The timing of the last vulnerability (2024-11-11) is relatively recent, indicating that while vulnerabilities have been addressed, ongoing vigilance is necessary.

Overall, the plugin benefits from a strong foundation in secure coding practices for SQL and output handling. However, the substantial number of unprotected AJAX endpoints and the presence of unsanitized path flows introduce specific vulnerabilities that require attention. The plugin's track record of addressing past vulnerabilities is positive, but the current attack surface without proper authorization is a notable weakness.

Key Concerns

  • Unprotected AJAX handlers detected
  • Flows with unsanitized paths identified
  • Medium severity CVE history
Vulnerabilities
1 published

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-24536medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Helpdesk & Live Chat Plugin Powered by AI – ThriveDesk <= 2.0.6 - Reflected Cross-Site Scripting

Nov 11, 2024 Patched in 2.0.7 (102d)
Version History

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Release Timeline

v2.1.7Current
v2.1.6.1
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.12
v2.0.11
v2.0.10
v2.0.9
v2.0.8
v2.0.7
v2.0.61 CVE
CVE-2025-24536
v2.0.51 CVE
CVE-2025-24536
v2.0.41 CVE
CVE-2025-24536
v2.0.31 CVE
CVE-2025-24536
v2.0.21 CVE
CVE-2025-24536
Code Analysis
Analyzed Mar 16, 2026

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
20 prepared
Unescaped Output
27
210 escaped
Nonce Checks
7
Capability Checks
6
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Freemius

SQL Query Safety

87% prepared23 total queries

Output Escaping

89% escaped237 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
get_conversations (src\Conversations\Conversation.php:500)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Attack Surface

Entry Points14
Unprotected5

AJAX Handlers 11

authwp_ajax_thrivedesk_clear_cacheincludes\helper.php:238
authwp_ajax_thrivedesk_connect_pluginsrc\Admin.php:44
authwp_ajax_thrivedesk_disconnect_pluginsrc\Admin.php:46
authwp_ajax_thrivedesk_load_assistantssrc\Assistants\Assistant.php:19
authwp_ajax_td_reply_conversationsrc\Conversations\Conversation.php:57
authwp_ajax_thrivedesk_api_key_verifysrc\Conversations\Conversation.php:60
authwp_ajax_thrivedesk_helpdesk_formsrc\Conversations\Conversation.php:63
authwp_ajax_thrivedesk_system_infosrc\Conversations\Conversation.php:65
authwp_ajax_td_reload_ticketssrc\Conversations\Conversation.php:68
authwp_ajax_thrivedesk_load_inboxessrc\Inboxes\Inbox.php:18
authwp_ajax_thrivedesk_check_portal_accesssrc\Services\PortalService.php:32

REST API Routes 2

get/wp-json/thrivedesk/v1/conversations/contact/(?P<id>\d+)src\RestRoute.php:50
post/wp-json/td-search-query/docssrc\RestRoute.php:59

Shortcodes 1

[thrivedesk_portal] src\Conversations\Conversation.php:354
WordPress Hooks 19
actionplugins_loadeddatabase\Scripts\MigrationScript.php:10
actionfluentcrm_loadedHooks\FluentCrmHooks.php:39
actionthrivedesk_db_migratesrc\Admin.php:32
actionadmin_menusrc\Admin.php:34
actionactivated_pluginsrc\Admin.php:36
actionadmin_enqueue_scriptssrc\Admin.php:38
actionadmin_initsrc\Admin.php:40
actionadmin_initsrc\Admin.php:49
actionadmin_enqueue_scriptssrc\Admin.php:51
filteradmin_footer_textsrc\Admin.php:82
actioninitsrc\Api.php:39
actionwp_headsrc\Assistants\Assistant.php:17
actioninitsrc\Conversations\Conversation.php:54
actionplugins_loadedsrc\Portal\UserAccountPages.php:9
actioninitsrc\Portal\UserAccountPages.php:26
filterquery_varssrc\Portal\UserAccountPages.php:27
filterwoocommerce_account_menu_itemssrc\Portal\UserAccountPages.php:28
actionwoocommerce_account_td-support_endpointsrc\Portal\UserAccountPages.php:29
actionrest_api_initsrc\RestRoute.php:40
Maintenance & Trust

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 7, 2026
PHP min version7.4
Downloads14K

Community Trust

Rating90/100
Number of ratings13
Active installs100
Alternatives

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Alternatives

AI Chatbot – Jotform

AI Chatbot – Jotform

jotform-ai-chatbot

A
100

AI chatbot that automates support, answers FAQs, drives WooCommerce sales, generates leads, and boosts engagement — easy setup, no coding!

4K No CVEs
Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

A
97

AI-powered helpdesk & support ticket system with chatbot, knowledge base, and smart automation for WordPress.

1K 3 CVEs
AI Chat App – Live Agent Handover, Help Docs, Email, Call Button, Fast Support

AI Chat App – Live Agent Handover, Help Docs, Email, Call Button, Fast Support

help-dialog

A
100

Improve customer support with AI chat, live agent handover, FAQs, search, and contact form. Cut support tickets by 50% or more while boosting sales.

200 No CVEs
REVE Chat – AI Chatbot, Live Chat, Helpdesk, Campaigns & More

REVE Chat – AI Chatbot, Live Chat, Helpdesk, Campaigns & More

revechat

B
79

A free all-in-one customer service and lead generation platform capable of engaging, retaining, and converting customers.

100 1 unpatched
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot

hive-support

C
66

The All-In-One Help Desk, Live Chat & AI Chat Bot Plugin for WordPress.

40 1 unpatched
Developer Profile

Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk Developer Profile

ThriveDesk

1 plugin · 100 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
102 days
View full developer profile
Detection Fingerprints

How We Detect Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/thrivedesk/assets/css/bootstrap.min.css/wp-content/plugins/thrivedesk/assets/css/style.css/wp-content/plugins/thrivedesk/assets/js/app.js/wp-content/plugins/thrivedesk/assets/js/bootstrap.min.js/wp-content/plugins/thrivedesk/assets/js/vendor.js/wp-content/plugins/thrivedesk/assets/js/vue.js/wp-content/plugins/thrivedesk/assets/js/vendors/vue-multiselect.min.js/wp-content/plugins/thrivedesk/assets/js/vendors/vue-clipboard2.min.js
Script Paths
/wp-content/plugins/thrivedesk/assets/js/app.js/wp-content/plugins/thrivedesk/assets/js/bootstrap.min.js/wp-content/plugins/thrivedesk/assets/js/vendor.js/wp-content/plugins/thrivedesk/assets/js/vue.js/wp-content/plugins/thrivedesk/assets/js/vendors/vue-multiselect.min.js/wp-content/plugins/thrivedesk/assets/js/vendors/vue-clipboard2.min.js
Version Parameters
thrivedesk/assets/css/bootstrap.min.css?ver=thrivedesk/assets/css/style.css?ver=thrivedesk/assets/js/app.js?ver=thrivedesk/assets/js/bootstrap.min.js?ver=thrivedesk/assets/js/vendor.js?ver=thrivedesk/assets/js/vue.js?ver=thrivedesk/assets/js/vendors/vue-multiselect.min.js?ver=thrivedesk/assets/js/vendors/vue-clipboard2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
thrivedesk-appthrivedesk-widget
HTML Comments
<!-- ThriveDesk Widget Start --><!-- ThriveDesk Widget End -->
Data Attributes
data-thrivedesk-widget-url
JS Globals
window.ThriveDeskwindow.tdSettings
REST Endpoints
/wp-json/thrivedesk/v1/settings/wp-json/thrivedesk/v1/connect
FAQ

Frequently Asked Questions about Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk