Does 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat have any unpatched vulnerabilities?

No. All known vulnerabilities in 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat compatible with WordPress 6.8.5?

According to WordPress.org data, 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat 5.4.12 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat compatible with PHP 7.4+?

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Security & Risk Analysis

wordpress.org/plugins/webcam-2way-videochat

Easily set up video call rooms or random video chat from WordPress. 100% HTML5, no downloads required. Just share the room link for instant connection …

30 active installs v5.4.12 PHP 7.4+ WP 5.1+ Updated Jun 1, 2025

chatrouletterandomvideocallvideochatvideowhisper

A · Safe

CVEs total2

Unpatched0

Last CVEAug 13, 2021

Plugin page Download

Safety Verdict

Is 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Safe to Use in 2026?

Generally Safe

Score 99/100

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 13, 2021Updated 10mo ago

Risk Assessment

The "webcam-2way-videochat" plugin v5.4.12 exhibits a mixed security posture, with several concerning elements despite some good practices. The static analysis reveals a significant attack surface due to 5 unprotected AJAX handlers, which are prime targets for unauthenticated attacks. The presence of 11 dangerous function calls, including `unserialize`, and 3 unsanitized path taint flows, one of which is high severity, indicates potential vulnerabilities related to data processing and deserialization. While a majority of SQL queries utilize prepared statements and output escaping is generally well-implemented, these specific risks are critical.

The plugin's vulnerability history, with 2 medium-severity CVEs related to Cross-Site Scripting (XSS) in the past, suggests a pattern of input sanitization issues. Although there are no currently unpatched CVEs and the last vulnerability was in 2021, the historical data reinforces the concern about how user-provided data is handled. The limited number of nonce and capability checks further exacerbates the risk associated with the unprotected AJAX endpoints.

In conclusion, while the plugin demonstrates strengths in areas like prepared SQL statements and output escaping, the unprotected AJAX endpoints, the use of `unserialize`, and the identified high-severity taint flow represent significant security weaknesses. The historical XSS vulnerabilities also warrant caution. These factors collectively present a moderate to high risk, especially for installations where the plugin's functionality is exposed to untrusted users.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized path taint flow
Use of unserialize
3 unsanitized path taint flows
2 medium CVEs in history
Limited nonce checks
Limited capability checks

Vulnerabilities

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2021-34656medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat <= 5.2.7 - Reflected Cross-Site Scripting

Aug 13, 2021 Patched in 5.2.8 (893d)

WF-92b1a47e-31e2-4cfd-a24c-460ff2f00d09-webcam-2way-videochatmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Webcam 2Way Videochat <= 4.41 - Cross-Site Scripting

Sep 17, 2014 Patched in 4.41.2 (3415d)

Code Analysis

Analyzed Mar 16, 2026

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Code Analysis

Dangerous Functions

Raw SQL Queries

40 prepared

Unescaped Output

261 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$userMeta = unserialize($session->meta);inc\h5videochat.php:415

unserialize$userMeta = unserialize($session->meta);inc\h5videochat.php:427

unserializeif ($session->meta) $userMeta = unserialize($session->meta);inc\h5videochat.php:656

unserializeif ($sqlRow->meta) $userMeta = unserialize($sqlRow->meta);inc\h5videochat.php:795

unserialize$roomMeta = unserialize($sqlRow->roptions);inc\h5videochat.php:798

unserializeif ($session->meta) $userMeta = unserialize($session->meta);inc\h5videochat.php:1176

unserializeif ($session->meta) $userMeta = unserialize($session->meta);inc\h5videochat.php:1506

unserialize$meta = unserialize($sqlRow->meta);inc\h5videochat.php:1715

unserialize'genders' => unserialize('a:3:{i:0;s:4:"Male";i:1;s:6:"Female";i:2;s:5:"Other";}'),inc\options.php:391

unserialize'appSetup' => unserialize('a:2:{s:6:"Config";a:13:{s:8:"darkMode";s:0:"";s:19:"cameraAutoBroadcast";inc\options.php:418

unserializereturn unserialize(file_get_contents($path));webcam-2way-videochat.php:57

SQL Query Safety

63% prepared64 total queries

Output Escaping

89% escaped293 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

parse_request (webcam-2way-videochat.php:318)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Attack Surface

Entry Points8

Unprotected5

AJAX Handlers 5

authwp_ajax_vws_noticeinc\requirements.php:98

authwp_ajax_vw_2w_filterswebcam-2way-videochat.php:105

noprivwp_ajax_vw_2w_filterswebcam-2way-videochat.php:106

authwp_ajax_vw_2w_appwebcam-2way-videochat.php:110

noprivwp_ajax_vw_2w_appwebcam-2way-videochat.php:111

Shortcodes 3

[videowhisper_videochat_manage] webcam-2way-videochat.php:91

[videowhisper_videochat_random] webcam-2way-videochat.php:92

[videowhisper_videochat_filters] webcam-2way-videochat.php:93

WordPress Hooks 9

actionadmin_noticesinc\requirements.php:97

actionplugins_loadedwebcam-2way-videochat.php:901

actionadmin_menuwebcam-2way-videochat.php:904

actionadmin_bar_menuwebcam-2way-videochat.php:905

actioninitwebcam-2way-videochat.php:907

filterquery_varswebcam-2way-videochat.php:908

actionparse_requestwebcam-2way-videochat.php:909

filterlogin_redirectwebcam-2way-videochat.php:911

actionuser_registerwebcam-2way-videochat.php:913

Maintenance & Trust

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 1, 2025

PHP min version7.4

Downloads23K

Community Trust

Rating100/100

Number of ratings3

Active installs30

Alternatives

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Alternatives

Paid Videochat Turnkey Site – HTML5 PPV Live Webcams

ppv-live-webcams

Launch a PPV live webcam platform with real-time interaction and robust monetization for performers.

30 4 CVEs

Quick Adsense

quick-adsense

Quick Adsense offers a quicker & flexible way to insert Google Adsense or any Ads code into a blog post.

20K 1 CVE

Advanced Random Posts Widget

advanced-random-posts-widget

Provides flexible and advanced random posts. Display it via shortcode or widget with thumbnails, post excerpt, and much more!

10K No CVEs

Post Date Randomizer

post-date-randomizer

100

Simple plugin that bulk changes the publication date of published posts and/or approved comments to random dates within a specified time range.

10K No CVEs

Smart Recent Posts Widget

smart-recent-posts-widget

Provides advanced recent posts widget,you can display it with thumbnails, excerpt, date, author, comment count and more.

9K 1 unpatched

Developer Profile

2Way VideoCalls and Random Chat – HTML5 Webcam Videochat Developer Profile

videowhisper

12 plugins · 1K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1072 days

View full developer profile

Detection Fingerprints

How We Detect 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webcam-2way-videochat/assets/css/style.css/wp-content/plugins/webcam-2way-videochat/assets/css/frontend.css/wp-content/plugins/webcam-2way-videochat/assets/js/frontend.js/wp-content/plugins/webcam-2way-videochat/assets/js/admin.js

Script Paths

/wp-content/plugins/webcam-2way-videochat/assets/js/frontend.js/wp-content/plugins/webcam-2way-videochat/assets/js/admin.js

Version Parameters

webcam-2way-videochat/assets/css/style.css?ver=webcam-2way-videochat/assets/css/frontend.css?ver=webcam-2way-videochat/assets/js/frontend.js?ver=webcam-2way-videochat/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

vw_2w_filtersvideowhisper-videochat-managevideowhisper-videochat-randomvideowhisper-videochat-filters

HTML Comments

VideoWhisper: Sessions 2015-2021@videowhisper.comVideo Whisper: Sessions - 2009-2021@videowhisper.comVideo Whisper: Rooms - 2009-2021@videowhisper.comVideoWhisper: Sessions 2015-2019@videowhisper.com+1 more

Data Attributes

data-vw-chatiddata-vw-useriddata-vw-roomid

JS Globals

vw_2w_filters_ajaxvw_2w_app_ajax

REST Endpoints

/wp-json/videowhisper/v1/filters/wp-json/videowhisper/v1/app

Shortcode Output

[videowhisper_videochat_manage][videowhisper_videochat_random][videowhisper_videochat_filters]

FAQ