Does Wise Chat have any unpatched vulnerabilities?

No. All known vulnerabilities in Wise Chat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wise Chat compatible with WordPress 6.9.4?

According to WordPress.org data, Wise Chat 3.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Wise Chat compatible with PHP 7.4+?

Wise Chat requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wise Chat updated?

Wise Chat was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Wise Chat's security score?

Wise Chat has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wise Chat Security & Risk Analysis

wordpress.org/plugins/wise-chat

Advanced chat plugin for WordPress with AI ChatGPT bots. Requires no server, supports multiple channels, appearance settings, moderation, bans.

6K active installs v3.4 PHP 7.4+ WP 6.2+ Updated Mar 9, 2026

ai-chatchatgpt-chatsocialwebchat

A · Safe

CVEs total5

Unpatched0

Last CVEJun 16, 2025

Plugin page Download

Safety Verdict

Is Wise Chat Safe to Use in 2026?

Generally Safe

Score 92/100

Wise Chat has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jun 16, 2025Updated 25d ago

Risk Assessment

The 'wise-chat' plugin v3.4 exhibits a mixed security posture with significant concerns stemming from its attack surface and historical vulnerability patterns. While the plugin demonstrates good practices in SQL query preparation and includes nonce checks and capability checks for all identified entry points, the vast majority of its AJAX handlers lack authentication, creating a substantial risk. The presence of 'unserialize' and a high percentage of unsanitized paths in taint analysis, coupled with a history of 5 known CVEs including high and medium severity vulnerabilities like XSS, sensitive information exposure, and CSRF, indicate recurring weaknesses in input validation and output sanitization.

The plugin's vulnerability history suggests a pattern of issues that could be addressed through more robust input validation and output escaping mechanisms. The fact that there are no currently unpatched CVEs is a positive sign, but the recurring types of vulnerabilities point to underlying architectural flaws that need persistent attention. The high number of unprotected AJAX handlers is a critical concern, as these can serve as direct entry points for attackers to exploit other potential weaknesses within the plugin. Overall, while there are positive aspects like prepared SQL statements, the large attack surface without authentication and the historical vulnerability trends necessitate careful consideration and prompt patching of any newly discovered issues.

Key Concerns

AJAX handlers without auth checks
High severity taint flow
High number of known CVEs
Unescaped output
Dangerous function unserialize
Unsanitized paths in taint analysis

Vulnerabilities

Wise Chat Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2020

2020

1 CVE in 2023

2023

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-3774high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header

Jun 16, 2025 Patched in 3.3.5 (1d)

CVE-2024-13613high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Wise Chat <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

May 16, 2025 Patched in 3.3.4 (1d)

CVE-2023-32504medium · 4.3Cross-Site Request Forgery (CSRF)

Wise Chat <= 3.1.3 - Cross-Site Request Forgery

May 9, 2023 Patched in 3.1.4 (259d)

WF-c7112f34-3055-4033-82ba-d59489cd8c6b-wise-chatmedium · 5.5Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Wise Chat <= 2.8.3 - CSV Injection

Jul 9, 2020 Patched in 2.8.4 (1293d)

CVE-2019-6780medium · 6.1Improper Input Validation

Wise Chat <= 2.6.3 - Reverse Tabnabbing

Jan 25, 2019 Patched in 2.7 (1824d)

Code Analysis

Analyzed Mar 16, 2026

Wise Chat Code Analysis

Dangerous Functions

Raw SQL Queries

109 prepared

Unescaped Output

150 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$decoded = unserialize(Crypt::decryptFromString(base64_decode($checksum)));src\Endpoints\FrontEndpoint.php:30

unserialize$decoded = unserialize(Crypt::decryptFromString(base64_decode($checksum)));src\Endpoints\FrontEndpoint.php:47

unserialize$decoded = unserialize(Crypt::decryptFromString(base64_decode($checksum)));src\Endpoints\WiseChatEndpoint.php:305

unserialize$decoded = unserialize(Crypt::decryptFromString(base64_decode($checksum)));src\Endpoints\WiseChatEndpoint.php:319

SQL Query Safety

96% prepared114 total queries

Output Escaping

64% escaped235 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

saveInMediaLibrary (src\Services\AttachmentsService.php:241)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

20 unprotected

Wise Chat Attack Surface

Entry Points22

Unprotected20

AJAX Handlers 20

noprivwp_ajax_wise_chat_messages_endpointwise-chat-core.php:139

authwp_ajax_wise_chat_messages_endpointwise-chat-core.php:140

noprivwp_ajax_wise_chat_past_messages_endpointwise-chat-core.php:147

authwp_ajax_wise_chat_past_messages_endpointwise-chat-core.php:148

noprivwp_ajax_wise_chat_message_endpointwise-chat-core.php:155

authwp_ajax_wise_chat_message_endpointwise-chat-core.php:156

noprivwp_ajax_wise_chat_get_message_endpointwise-chat-core.php:163

authwp_ajax_wise_chat_get_message_endpointwise-chat-core.php:164

noprivwp_ajax_wise_chat_maintenance_endpointwise-chat-core.php:171

authwp_ajax_wise_chat_maintenance_endpointwise-chat-core.php:172

noprivwp_ajax_wise_chat_prepare_image_endpointwise-chat-core.php:179

authwp_ajax_wise_chat_prepare_image_endpointwise-chat-core.php:180

noprivwp_ajax_wise_chat_user_command_endpointwise-chat-core.php:187

authwp_ajax_wise_chat_user_command_endpointwise-chat-core.php:188

noprivwp_ajax_wise_chat_auth_endpointwise-chat-core.php:195

authwp_ajax_wise_chat_auth_endpointwise-chat-core.php:196

authwp_ajax_wise_chat_admin_user_searchwise-chat-core.php:203

authwp_ajax_wise_chat_admin_ai_bot_createwise-chat-core.php:206

authwp_ajax_wise_chat_admin_ai_bot_deletewise-chat-core.php:211

authwp_ajax_wise_chat_admin_ai_bot_savewise-chat-core.php:216

Shortcodes 2

[wise-chat] wise-chat-core.php:98

[wise-chat-channel-stats] wise-chat-core.php:106

WordPress Hooks 17

actiondelete_attachmentsrc\Endpoints\index.php:49

actionwpmu_new_blogsrc\Installer.php:681

actiondelete_blogsrc\Installer.php:682

actionadmin_menusrc\Settings.php:67

actionadmin_enqueue_scriptssrc\Settings.php:68

actionadmin_initsrc\Settings.php:69

filteradmin_initsrc\Settings.php:71

actionplugins_loadedsrc\Setup\0-wise-chat-engine.php:52

actionwp_enqueue_scriptswise-chat-core.php:52

actionplugins_loadedwise-chat-core.php:57

actionadmin_enqueue_scriptswise-chat-core.php:75

actionwp_loadedwise-chat-core.php:90

actionwidgets_initwise-chat-core.php:121

actioninitwise-chat-core.php:123

actiondelete_attachmentwise-chat-core.php:131

actionprofile_updatewise-chat-core.php:228

actionelementor/widgets/registerwise-chat-core.php:235

Maintenance & Trust

Wise Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version7.4

Downloads422K

Community Trust

Rating88/100

Number of ratings105

Active installs6K

Alternatives

Wise Chat Alternatives

Social Sharing Plugin – Sassy Social Share

sassy-social-share

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs

Tawk.To Live Chat

tawkto-live-chat

(OFFICIAL tawk.to plugin) Instantly chat with visitors on your website with the free tawk.to chat widget. Website: http://tawk.to

100K 1 CVE

Buttonizer – Live Chat, AI Chatbot, & Chat Widgets

button-contact-vr

Powerful platform with Live Chat, AI Chatbots, and Real-Time Visitor Monitoring! Also, create Call, Email, SMS, & Contact buttons to increase conv …

60K 3 CVEs

Social Share, Social Login and Social Comments Plugin – Super Socializer

super-socializer

The unique Social Plugin to let you integrate Social Login, Social Share, Social Comments and Social Media follow at your website

20K 10 CVEs

Podium

podium

100

Add and customize Podium's Web Suite tools to your WordPress website

5K No CVEs

Developer Profile

Wise Chat Developer Profile

Marcin

2 plugins · 6K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

565 days

View full developer profile

Detection Fingerprints

How We Detect Wise Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wise-chat/css/style.css/wp-content/plugins/wise-chat/css/themes/default/theme.css/wp-content/plugins/wise-chat/css/themes/dark/theme.css/wp-content/plugins/wise-chat/css/themes/grey/theme.css/wp-content/plugins/wise-chat/css/themes/material/theme.css/wp-content/plugins/wise-chat/css/themes/plain/theme.css/wp-content/plugins/wise-chat/css/themes/social/theme.css/wp-content/plugins/wise-chat/js/vendors/moment.min.js+61 more

Script Paths

/wp-content/plugins/wise-chat/js/vendors/moment.min.js/wp-content/plugins/wise-chat/js/vendors/perfect-scrollbar.min.js/wp-content/plugins/wise-chat/js/vendors/Sortable.min.js/wp-content/plugins/wise-chat/js/vendors/vue.min.js/wp-content/plugins/wise-chat/js/vendors/vue-router.min.js/wp-content/plugins/wise-chat/js/vendors/vue-resource.min.js+19 more

Version Parameters

/wp-content/plugins/wise-chat/css/style.css?ver=/wp-content/plugins/wise-chat/css/themes/default/theme.css?ver=/wp-content/plugins/wise-chat/css/themes/dark/theme.css?ver=/wp-content/plugins/wise-chat/css/themes/grey/theme.css?ver=/wp-content/plugins/wise-chat/css/themes/material/theme.css?ver=/wp-content/plugins/wise-chat/css/themes/plain/theme.css?ver=/wp-content/plugins/wise-chat/css/themes/social/theme.css?ver=/wp-content/plugins/wise-chat/js/vendors/moment.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/perfect-scrollbar.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/Sortable.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/vue.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/vue-router.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/vue-resource.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/autosize.js?ver=/wp-content/plugins/wise-chat/js/vendors/clipboard.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/emojionearea.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/marked.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/markdown-it.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/vue-highlightjs.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/highlight.pack.js?ver=/wp-content/plugins/wise-chat/js/vendors/video.js?ver=/wp-content/plugins/wise-chat/js/vendors/Vimeo.js?ver=/wp-content/plugins/wise-chat/js/vendors/youtube.js?ver=/wp-content/plugins/wise-chat/js/vendors/cropper.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/imagelightbox.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/jquery.waypoints.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/jquery.countdown.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/jquery.sticky-sidebar.min.js?ver=/wp-content/plugins/wise-chat/js/vendors/socket.io.js?ver=/wp-content/plugins/wise-chat/js/vendors/FileSaver.js?ver=/wp-content/plugins/wise-chat/js/app.js?ver=/wp-content/plugins/wise-chat/js/chat.js?ver=

HTML / DOM Fingerprints

CSS Classes

wise-chat-messagewise-chat-user-messagewise-chat-admin-messagewise-chat-message-bodywise-chat-message-senderwise-chat-message-datewise-chat-message-avatarwise-chat-message-content+43 more

HTML Comments

+17 more

Data Attributes

data-wc-iddata-wc-channeldata-wc-user-iddata-wc-sender-iddata-wc-message-iddata-wc-attachment-id+14 more

JS Globals

window.wiseChatwindow._wiseChatData

REST Endpoints

/wp-json/wise-chat/v1/messages/wp-json/wise-chat/v1/past_messages/wp-json/wise-chat/v1/message/wp-json/wise-chat/v1/user_commands/wp-json/wise-chat/v1/prepare_image/wp-json/wise-chat/v1/auth/wp-json/wise-chat/v1/commands/wp-json/wise-chat/v1/maintenance/wp-json/wise-chat/v1/ai_bots/wp-json/wise-chat/v1/settings/wp-json/wise-chat/v1/stats

Shortcode Output

[wise-chat][wise-chat-channel-stats]

FAQ