Does 3CX Free Live Chat, Calls & Messaging have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is 3CX Free Live Chat, Calls & Messaging compatible with WordPress 6.8.5?

According to WordPress.org data, 3CX Free Live Chat, Calls & Messaging 10.0.17 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is 3CX Free Live Chat, Calls & Messaging compatible with PHP 5.4+?

3CX Free Live Chat, Calls & Messaging requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 3CX Free Live Chat, Calls & Messaging updated?

3CX Free Live Chat, Calls & Messaging was last updated on Aug 25, 2025. Frequent updates are generally a positive security signal.

What is 3CX Free Live Chat, Calls & Messaging's security score?

3CX Free Live Chat, Calls & Messaging has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

3CX Free Live Chat, Calls & Messaging Security & Risk Analysis

wordpress.org/plugins/wp-live-chat-support

Chat with your website visitors in real-time for free! Engage with your customers and increase sales.

100K active installs v10.0.17 PHP 5.4+ WP 5.3+ Updated Aug 25, 2025

free-live-chatlive-chatlive-helplive-supportwordpress-live-chat

A · Safe

CVEs total15

Unpatched0

Last CVEApr 28, 2022

Plugin page Download

Safety Verdict

Is 3CX Free Live Chat, Calls & Messaging Safe to Use in 2026?

Generally Safe

Score 94/100

3CX Free Live Chat, Calls & Messaging has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

15 known CVEsLast CVE: Apr 28, 2022Updated 8mo ago

Risk Assessment

The "wp-live-chat-support" plugin v10.0.17 exhibits a mixed security posture. While it shows positive signs like the absence of dangerous functions, 100% prepared SQL statements, and a history of no currently unpatched CVEs, significant concerns arise from its static analysis. The plugin has a small but concerning attack surface with 2 entry points, both of which are unprotected due to missing authentication or permission checks. This exposes critical functionalities to unauthorized access. Furthermore, a substantial percentage (59%) of its output escaping is not properly handled, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

Unprotected AJAX handler
Unprotected REST API route
Insufficient output escaping (59% proper)
Large number of historical CVEs (15)
Historical critical vulnerabilities (2)
Historical high vulnerability (1)

Vulnerabilities

15 published

3CX Free Live Chat, Calls & Messaging Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

2 CVEs in 2015

2015

1 CVE in 2016

2016

3 CVEs in 2017

2017

3 CVEs in 2018

2018

3 CVEs in 2019

2019

1 CVE in 2020

2020

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

15 total CVEs

WF-4c298a24-b68b-450e-b823-f91841046783-wp-live-chat-supporthigh · 8.8Improper Control of Generation of Code ('Code Injection')

3CX Live Chat <= 9.4.2 - Local File Inclusion

Apr 28, 2022 Patched in 9.4.3 (635d)

WF-a72ce900-7999-45ee-a46a-6dd0a8f5931d-wp-live-chat-supportmedium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 8.1.9 - Stored Cross-Site Scripting

Jul 12, 2020 Patched in 8.2.0 (1290d)

CVE-2019-12498critical · 9.8Missing Authorization

WP Live Chat Support <= 8.0.32 - Unprotected Functions

May 31, 2019 Patched in 8.0.33 (1698d)

CVE-2019-14950medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 8.0.27 - Unauthenticated Stored Cross-Site Scripting

May 15, 2019 Patched in 8.0.27 (1714d)

CVE-2019-9913medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 8.0.17 - Cross-Site Scripting

Feb 5, 2019 Patched in 8.0.18 (1813d)

CVE-2018-18460medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 8.0.15 - Cross-Site Scripting

Oct 17, 2018 Patched in 8.0.16 (1924d)

CVE-2018-11105medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3CX Live Chat <= 8.0.07 - Cross-Site Scripting

Jul 2, 2018 Patched in 8.0.08 (2031d)

CVE-2018-9864medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 8.0.05 - Stored Cross-Site Scripting

Apr 9, 2018 Patched in 8.0.06 (2115d)

CVE-2017-18507medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 7.1.04 - Cross-Site Scripting

Aug 2, 2017 Patched in 7.1.05 (2365d)

CVE-2017-18508medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 7.1.02 - Cross-Site Scripting

Jul 10, 2017 Patched in 7.1.03 (2388d)

CVE-2017-2187medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 7.0.06 - Cross-Site Scripting

May 16, 2017 Patched in 7.0.07 (2443d)

CVE-2016-10879medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3CX Free Live Chat <= 6.2.03 - Unauthenticated Stored Cross-Site Scripting

Aug 1, 2016 Patched in 6.2.04 (2731d)

WF-07067eb5-d15e-4342-914f-5e2a08ea8bb4-wp-live-chat-supportcritical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Live Chat Support <= 4.3.5 - Blind SQL Injection

Jul 6, 2015 Patched in 4.4.0 (3123d)

WF-550ae92f-6250-4cbd-85d0-a9054aee3916-wp-live-chat-supportmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Live Chat Support <= 4.3.5 - Stored Cross-site Scripting

Jul 6, 2015 Patched in 4.4.0 (3123d)

CVE-2014-10386medium · 6.1Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

WP Live Chat Support < 4.1.0 - JavaScript Code Injection

Jul 20, 2014 Patched in 4.1.0 (3680d)

Version History

3CX Free Live Chat, Calls & Messaging Release Timeline

v10.0.17Current

v10.0.16

v10.0.15

v10.0.14

v10.0.13

v10.0.12

v10.0.11

v10.0.10

v10.0.9

v10.0.8

v10.0.7

v10.0.6

v10.0.5

v10.0.4

v10.0.3

v10.0.2

v10.0.1

v10.0.0

v9.4.3

v9.4.21 CVE

WF-4c298a24-b68b-450e-b823-f91841046783-wp-live-chat-support

Code Analysis

Analyzed Mar 16, 2026

3CX Free Live Chat, Calls & Messaging Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

59% escaped17 total outputs

Attack Surface

2 unprotected

3CX Free Live Chat, Calls & Messaging Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 1

authwp_ajax_check_updateincludes\class-wplc-plugin.php:163

REST API Routes 1

POST/wp-json/wp-live-chat-support/v1/autoconfigurepublic\class-wplc-plugin-public.php:127

WordPress Hooks 12

actionplugins_loadedincludes\class-wplc-plugin.php:144

actionadmin_enqueue_scriptsincludes\class-wplc-plugin.php:160

actionadmin_enqueue_scriptsincludes\class-wplc-plugin.php:161

actionplugin_row_metaincludes\class-wplc-plugin.php:162

actionadmin_menuincludes\class-wplc-plugin.php:165

actionadmin_initincludes\class-wplc-plugin.php:166

actionrest_api_initincludes\class-wplc-plugin.php:179

actionwp_footerincludes\class-wplc-plugin.php:180

filterscript_loader_tagincludes\class-wplc-plugin.php:181

actionwp_enqueue_scriptsincludes\class-wplc-plugin.php:182

actionwp_enqueue_scriptsincludes\class-wplc-plugin.php:183

actionadmin_noticeswp-live-chat-support.php:110

Maintenance & Trust

3CX Free Live Chat, Calls & Messaging Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 25, 2025

PHP min version5.4

Downloads3.9M

Community Trust

Rating92/100

Number of ratings821

Active installs100K

Alternatives

3CX Free Live Chat, Calls & Messaging Alternatives

KP Fastest Tidio Chat

kp-fastest-tidio-chat

Tidio Live Chat made fast and easy. Speed up your WordPress website and help customers via Tidio Live Chat on your website.

100 No CVEs

KP Fastest Chat

kp-fastest-chat

Live Chat made fast and easy. Speed up your WordPress website and help customers via Live Chat on your website. Supports all Chat Platforms.

10 No CVEs

WP Chatbull

wp-chatbull

Now chat with your website visitors with WP ChatBull. This is a perfect fit for Small Business for both who sell products and services.

10 No CVEs

JivoChat Live Chat – WP live chat plugin for WordPress

jivochat

Omnichannel Live Chat and Help Desk plugin, optimized for WordPress. Free, fast, easy to install and to use. Turn your visitors into happy customers!

20K 1 CVE

LiveAgent – Omnichannel Help Desk & Live Chat Software

liveagent

LiveAgent is a multichannel help desk software that offers over 180 help desk and live chat features. Discover the power of the universal inbox, a hyb …

500 1 CVE

Developer Profile

3CX Free Live Chat, Calls & Messaging Developer Profile

WP-LiveChat

1 plugin · 100K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

2205 days

View full developer profile

Detection Fingerprints

How We Detect 3CX Free Live Chat, Calls & Messaging

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-live-chat-support/css/wplc-plugin-admin.css/wp-content/plugins/wp-live-chat-support/js/wplc-plugin-admin.js/wp-content/plugins/wp-live-chat-support/js/wplc-chat-main.js/wp-content/plugins/wp-live-chat-support/css/wplc-chat-main.css/wp-content/plugins/wp-live-chat-support/css/wplc-chat-responsive.css/wp-content/plugins/wp-live-chat-support/css/wplc-chat-custom.css/wp-content/plugins/wp-live-chat-support/js/wplc-chat-new-conversation.js/wp-content/plugins/wp-live-chat-support/js/wplc-chat-new-conversation-new.js

Script Paths

/wp-content/plugins/wp-live-chat-support/js/wplc-plugin-admin.js/wp-content/plugins/wp-live-chat-support/js/wplc-chat-main.js

Version Parameters

wp-live-chat-support/css/wplc-plugin-admin.css?ver=wp-live-chat-support/js/wplc-plugin-admin.js?ver=wp-live-chat-support/js/wplc-chat-main.js?ver=wp-live-chat-support/css/wplc-chat-main.css?ver=wp-live-chat-support/css/wplc-chat-responsive.css?ver=wp-live-chat-support/css/wplc-chat-custom.css?ver=wp-live-chat-support/js/wplc-chat-new-conversation.js?ver=wp-live-chat-support/js/wplc-chat-new-conversation-new.js?ver=

HTML / DOM Fingerprints

CSS Classes

wplc_chat_box_outerwplc_chat_box_innerwplc_chat_headerwplc_chat_message_sent_by_agentwplc_chat_message_sent_by_userwplc_chat_input_fieldwplc_chat_send_buttonwplc_agent_typing+1 more

HTML Comments

Data Attributes

data-wplc-chat-iddata-wplc-agent-iddata-wplc-user-iddata-wplc-conversation-iddata-wplc-agent-typingdata-wplc-user-typing+1 more

JS Globals

wplc_chat_settingswplc_chat_datawplc_chat_activewplc_chat_historywplc_chat_typing_indicator

REST Endpoints

/wp-json/wp-live-chat-support/v1/autoconfigure

FAQ