WP-Safety

LiveChat – Live Chat Plugin for WP Websites Security & Risk Analysis

wordpress.org/plugins/wp-live-chat-software-for-wordpress

Best live chat and help desk plugin for WordPress websites. Add the LiveChat widget to engage visitors and provide real‑time customer support! 🚀

10K active installs v5.0.11 PHP 7.2+ WP 4.4+ Updated Jan 13, 2026
chat-widgetchatbotcustomer-supportlive-chatlivechat
99
A · Safe
CVEs total2
Unpatched0
Last CVEDec 5, 2023
Plugin page Download
Safety Verdict

Is LiveChat – Live Chat Plugin for WP Websites Safe to Use in 2026?

Generally Safe

Score 99/100

LiveChat – Live Chat Plugin for WP Websites has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 5, 2023Updated 2mo ago
Risk Assessment

The plugin 'wp-live-chat-software-for-wordpress' v5.0.11 exhibits a mixed security posture. While it demonstrates strong output escaping practices with 100% of outputs properly escaped and no critical or high-severity taint flows, significant concerns arise from its attack surface and historical vulnerability patterns.

The static analysis reveals a substantial attack surface with 4 entry points, 3 of which are AJAX handlers lacking authentication checks. This creates a direct pathway for unauthenticated attackers to interact with sensitive plugin functions, potentially leading to unauthorized actions or information disclosure. The presence of SQL queries without prepared statements, although only one is identified, is a notable risk that could be exploited for SQL injection vulnerabilities, especially when combined with unprotected entry points.

The plugin's vulnerability history, with 2 medium-severity CVEs primarily involving Cross-Site Request Forgery and Cross-Site Scripting, suggests a past tendency to introduce such vulnerabilities. Although there are no currently unpatched vulnerabilities, the recurring nature of these types of flaws indicates a need for more robust input validation and security checks within the plugin's codebase. The absence of capability checks on any entry points further exacerbates the risk posed by the unprotected AJAX handlers.

Key Concerns

  • 3 unprotected AJAX handlers
  • 1 SQL query without prepared statements
  • 2 medium CVEs in vulnerability history
  • 0 capability checks on entry points
Vulnerabilities
2

LiveChat – Live Chat Plugin for WP Websites Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2023-49821medium · 4.3Cross-Site Request Forgery (CSRF)

LiveChat <= 4.5.15 - Cross-Site Request Forgery

Dec 5, 2023 Patched in 4.5.16 (49d)
WF-68ddc0a1-2f5a-446d-9d83-b6028d012956-wp-live-chat-software-for-wordpressmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP LiveChat <= 3.7.3 - Stored Cross-Site Scripting

Jun 26, 2019 Patched in 3.7.4 (1672d)
Code Analysis
Analyzed Mar 16, 2026

LiveChat – Live Chat Plugin for WP Websites Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
0
38 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped38 total outputs
Attack Surface
3 unprotected

LiveChat – Live Chat Plugin for WP Websites Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_text-refresh-cartincludes\plugin.php:124
noprivwp_ajax_text-refresh-cartincludes\plugin.php:125
authwp_ajax_disconnect_accountincludes\plugin.php:163

REST API Routes 1

GET/wp-json/text/v1/(?P<pluginId>\d+)/diagnoseincludes\routes\diagnose.php:115
WordPress Hooks 14
actionactivated_pluginincludes\plugin.php:34
actionplugins_loadedincludes\plugin.php:35
actionrest_api_initincludes\plugin.php:36
actionelementor/initincludes\plugin.php:131
filterelementor/icons_manager/additional_tabsincludes\plugin.php:132
actionelementor/widgets/registerincludes\plugin.php:135
actionelementor/widgets/widgets_registeredincludes\plugin.php:137
actionwp_enqueue_scriptsincludes\plugin.php:141
actionwp_enqueue_scriptsincludes\plugin.php:177
actionadmin_noticesincludes\plugin.php:192
actionadmin_initincludes\plugin.php:220
actionadmin_menuincludes\plugin.php:226
actionadmin_enqueue_scriptsincludes\plugin.php:229
filterclean_urlincludes\plugin.php:318
Maintenance & Trust

LiveChat – Live Chat Plugin for WP Websites Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 13, 2026
PHP min version7.2
Downloads1.3M

Community Trust

Rating92/100
Number of ratings97
Active installs10K
Alternatives

LiveChat – Live Chat Plugin for WP Websites Alternatives

REVE Chat – AI Chatbot, Live Chat, Helpdesk, Campaigns & More

REVE Chat – AI Chatbot, Live Chat, Helpdesk, Campaigns & More

revechat

B
78

A free all-in-one customer service and lead generation platform capable of engaging, retaining, and converting customers.

100 1 unpatched
SendPulse – Live Chat and Chatbot

SendPulse – Live Chat and Chatbot

sendpulse-live-chat-and-chatbot

A
100

Free live chat and chatbot plugin by SendPulse. Add live chats to your website to engage your site visitors and help solve their issues in real time.

100 No CVEs
Appzo Chatbot Widget

Appzo Chatbot Widget

appzo-chatbot-widget

A
100

Add an intelligent AI chatbot widget to your WordPress site with customizable positioning and styling. Improve customer engagement and support.

0 No CVEs
Tidio – Live Chat & AI Chatbots

Tidio – Live Chat & AI Chatbots

tidio-live-chat

A
99

Add Tidio Live Chat to your WordPress for free to answer customers’ questions, engage website visitors, generate leads, and increase sales.

80K 2 CVEs
Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

chatway-live-chat

A
100

AI chatbot & live chat for customer support, FAQ, chat buttons including WhatsApp with Chatway live chat. iOS & Android apps available 💬

30K No CVEs
Developer Profile

LiveChat – Live Chat Plugin for WP Websites Developer Profile

WP-LiveChat

10 plugins · 113K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1833 days
View full developer profile
Detection Fingerprints

How We Detect LiveChat – Live Chat Plugin for WP Websites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-live-chat-software-for-wordpress/includes/css/text.css/wp-content/plugins/wp-live-chat-software-for-wordpress/includes/css/widgets.css/wp-content/plugins/wp-live-chat-software-for-wordpress/includes/css/text-icons.css/wp-content/plugins/wp-live-chat-software-for-wordpress/includes/js/textConnect.js
Script Paths
/wp-content/plugins/wp-live-chat-software-for-wordpress/includes/js/textConnect.js
Version Parameters
wp-live-chat-software-for-wordpress/includes/css/text.css?ver=wp-live-chat-software-for-wordpress/includes/css/widgets.css?ver=wp-live-chat-software-for-wordpress/includes/css/text-icons.css?ver=wp-live-chat-software-for-wordpress/includes/js/textConnect.js?ver=

HTML / DOM Fingerprints

CSS Classes
text-livechat
Data Attributes
text-livechat
JS Globals
textConnect
REST Endpoints
/wp-json/livechat/v1/diagnose
FAQ

Frequently Asked Questions about LiveChat – Live Chat Plugin for WP Websites