Does WP IRC have any unpatched vulnerabilities?

No. All known vulnerabilities in WP IRC have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP IRC compatible with WordPress 3.8.41?

According to WordPress.org data, WP IRC 1.2.1 has been tested up to WordPress 3.8.41. Check the plugin's changelog for the latest compatibility information.

How often is WP IRC updated?

WP IRC was last updated on Unknown. Frequent updates are generally a positive security signal.

What is WP IRC's security score?

WP IRC has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP IRC Security & Risk Analysis

wordpress.org/plugins/wp-irc

Retrieves the number of people who are online in an IRC Channel, which can be displayed in the sidebar using a widget.

10 active installs v1.2.1 PHP + WP 3.2+ Updated Unknown

ircsidebarwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP IRC Safe to Use in 2026?

Generally Safe

Score 100/100

WP IRC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "wp-irc" plugin version 1.2.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerabilities in its history. The static analysis also shows a limited attack surface, with all identified entry points (AJAX handlers) having at least one nonce check. The absence of critical or high severity taint flows is also a strong indicator of robust code hygiene in that specific area.

However, there are significant areas of concern. The plugin utilizes the deprecated and inherently insecure `create_function()` PHP function, which can be a vector for code injection if not handled with extreme care. Furthermore, a substantial portion of the output (54%) is not properly escaped. This lack of output escaping on this many occasions poses a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While no capability checks are explicitly mentioned for the AJAX handlers, the presence of nonce checks mitigates some of the immediate risk, but relying solely on nonces without proper capability checks can still be problematic in certain scenarios.

In conclusion, while the plugin's SQL querying and lack of known CVEs are commendable, the use of `create_function()` and the high percentage of unescaped output create substantial security risks. These issues require immediate attention to prevent potential code execution and XSS attacks. The overall security posture is weakened by these specific coding practices despite the limited attack surface and clean vulnerability history.

Key Concerns

Use of deprecated/dangerous create_function()
Significant unescaped output (54%)
Missing capability checks on AJAX handlers

Vulnerabilities

None known

WP IRC Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP IRC Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "IRC_Widget" );' ) );wp-irc.php:324

Output Escaping

46% escaped57 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<wp-irc> (wp-irc.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP IRC Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_refresh_countwp-irc.php:66

noprivwp_ajax_refresh_countwp-irc.php:67

WordPress Hooks 3

actionwp_enqueue_scriptswp-irc.php:64

actioninitwp-irc.php:124

actionwidgets_initwp-irc.php:324

Maintenance & Trust

WP IRC Maintenance & Trust

Maintenance Signals

WordPress version tested3.8.41

Last updatedUnknown

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP IRC Alternatives

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

custom-sidebars

Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!

100K 3 CVEs

Image Widget

image-widget

A simple image widget that uses the native WordPress media manager to add image widgets to your site.

100K 1 CVE

Widget Logic

widget-logic

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs

WooSidebars

woosidebars

WooSidebars adds functionality to display different widgets in a sidebar, according to a context (for example, a specific page or a category).

100K 1 CVE

Fixed Widget and Sticky Elements for WordPress

q2w3-fixed-widget

More attention and a higher ad performance with fixed sticky widgets.

90K No CVEs

Developer Profile

WP IRC Developer Profile

Sudar Muthu

16 plugins · 21K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP IRC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-irc/css/wp-irc.css

Script Paths

/wp-content/plugins/wp-irc/js/wp-irc.js

Version Parameters

wp-irc/css/wp-irc.css?ver=wp-irc/js/wp-irc.js?ver=

HTML / DOM Fingerprints

CSS Classes

irc_widget_idlist-ajax-loading

Data Attributes

id="irc_widget_id"class="irc_widget_id"

JS Globals

WPIRC

REST Endpoints

/wp-json/wp-irc/v1

Shortcode Output

[users][count][channel][server]

FAQ