Does web-cam have any unpatched vulnerabilities?

No. All known vulnerabilities in web-cam have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is web-cam compatible with WordPress 6.8.5?

According to WordPress.org data, web-cam 3.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is web-cam updated?

web-cam was last updated on Unknown. Frequent updates are generally a positive security signal.

What is web-cam's security score?

web-cam has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

web-cam Security & Risk Analysis

wordpress.org/plugins/web-cam

Web-cam is a simple but fantastic plugin that allows you to Click Photo from website and autometically upload in wp_media and return an id of that med …

40 active installs v3.1 PHP + WP 5.0+ Updated Unknown

cameracaptureimage-uploadertake-imageweb-cam

A · Safe

CVEs total1

Unpatched0

Last CVEJun 25, 2025

Plugin page Download

Safety Verdict

Is web-cam Safe to Use in 2026?

Generally Safe

Score 99/100

web-cam has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 25, 2025

Risk Assessment

The "web-cam" v3.1 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals good practices in SQL query handling and output escaping, with 100% of both being properly managed. The plugin also has a very limited attack surface, with only one shortcode identified and no AJAX handlers, REST API routes, or cron events, all of which lack necessary authentication checks. This indicates a generally well-contained and defensively coded plugin in these areas. However, several significant concerns are raised. The absence of any nonce checks or capability checks on the identified entry points is a notable weakness, potentially leaving the plugin vulnerable to various unauthorized actions. Furthermore, the history of a past medium-severity cross-site scripting (XSS) vulnerability, despite currently being unpatched, suggests a recurring tendency for input sanitization issues and warrants careful monitoring. While the absence of critical taint flows and dangerous functions is positive, the identified weaknesses, particularly around authentication and past XSS issues, prevent a completely confident security assessment.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points
Past medium severity CVE (XSS)

Vulnerabilities

web-cam Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-6540medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter

Jun 25, 2025 Patched in 3.1 (167d)

Code Analysis

Analyzed Mar 16, 2026

web-cam Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped3 total outputs

Attack Surface

web-cam Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[web-cam] web-cam.php:81

WordPress Hooks 2

actionwp_enqueue_scriptsweb-cam.php:16

actioninitweb-cam.php:85

Maintenance & Trust

web-cam Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings3

Active installs40

Alternatives

web-cam Alternatives

Web cam Addon for Contact Form 7

webcam-addon-for-contact-form-7

100

Webcam Addon for Contact Form 7 lets you capture an image from the user’s webcam (or phone camera) directly in your Contact Form 7 form and include th …

50 No CVEs

Icegram Engage – Popups, Optins, CTAs & lot more…

icegram

Create popups, opt-in forms, and call-to-action messages to capture leads and engage visitors on your WordPress site.

20K 18 CVEs

Smart Popup by Supsystic

popup-by-supsystic

Create targeted popups for lead capture, event notifications, announcements, and promotions — shown at the right time without disrupting your visitors …

10K 8 CVEs

HashBar – Announcement, Notification Bar & Popup Campaign

hashbar-wp-notification-bar

Create Announcement Bars, Notification Bars & Popup Campaigns with countdown timers, A/B testing, smart targeting & analytics.

7K 2 CVEs

Kit (formerly ConvertKit) for WooCommerce

convertkit-for-woocommerce

100

Integrates WooCommerce with Kit allowing customers to be automatically sent to your Kit account.

4K No CVEs

Developer Profile

web-cam Developer Profile

murtuzamakda52

3 plugins · 160 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

167 days

View full developer profile

Detection Fingerprints

How We Detect web-cam

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/web-cam/assets/js/webcam.min.js/wp-content/plugins/web-cam/assets/js/script.js

Script Paths

webcam.min.jsscript.js

HTML / DOM Fingerprints

CSS Classes

my_cameratakeimageimage-tagweb_cam_submit

Data Attributes

data-slug

Shortcode Output

<div id="my_camera" class="my_camera"></div><input type=button value="Take Snapshot" class="takeimage" id="takeimage"><input type="hidden" name="image" class="image-tag"><input type="hidden" name="slug" value="

FAQ