Does WP-WebRTC2 have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-WebRTC2 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-WebRTC2 compatible with WordPress 6.9.4?

According to WordPress.org data, WP-WebRTC2 1.7.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP-WebRTC2 compatible with PHP 7.4+?

WP-WebRTC2 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP-WebRTC2 updated?

WP-WebRTC2 was last updated on Dec 31, 2025. Frequent updates are generally a positive security signal.

What is WP-WebRTC2's security score?

WP-WebRTC2 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-WebRTC2 Security & Risk Analysis

wordpress.org/plugins/wp-webrtc2

Free video chat for registered site users.

20 active installs v1.7.4 PHP 7.4+ WP + Updated Dec 31, 2025

chatvideochatwebrtc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-WebRTC2 Safe to Use in 2026?

Generally Safe

Score 100/100

WP-WebRTC2 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The wp-webrtc2 plugin version 1.7.4 presents a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, and has a clean vulnerability history with no recorded CVEs, there are significant concerns regarding its attack surface and input sanitization. The presence of four AJAX handlers without authentication checks is a major red flag, opening the door for unauthorized actions if these handlers are exploitable. This, coupled with a concerning 8 out of 11 analyzed taint flows having unsanitized paths, indicates a high potential for vulnerabilities, even if no critical or high severity issues were flagged in the static analysis. The plugin also shows a moderate concern with only 46% of its output being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities.

While the absence of known vulnerabilities is positive, it does not guarantee the plugin's current safety, especially given the identified weaknesses. The moderate use of prepared statements for SQL queries and the limited number of nonce and capability checks suggest areas for improvement in securing the codebase. The overall risk assessment leans towards caution due to the significant number of unprotected entry points and the taint analysis results, despite the lack of historical CVEs.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint flows
Low percentage of properly escaped output
Low percentage of prepared SQL statements

Vulnerabilities

None known

WP-WebRTC2 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP-WebRTC2 Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

192

165 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

54% prepared39 total queries

Output Escaping

46% escaped357 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths

webrtc2_redirectToHTTPS (class-webrtc2-core.php:286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

WP-WebRTC2 Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_signwp-webrtc2.php:243

noprivwp_ajax_signwp-webrtc2.php:245

authwp_ajax_ssewp-webrtc2.php:251

noprivwp_ajax_ssewp-webrtc2.php:253

Shortcodes 1

[webrtc2] class-webrtc2-shortcode.php:27

WordPress Hooks 26

actionadmin_initclass-webrtc2-core.php:27

actionadmin_menuclass-webrtc2-core.php:28

actionadmin_headclass-webrtc2-core.php:29

filterplugin_row_metaclass-webrtc2-core.php:30

filterset-screen-optionclass-webrtc2-core.php:31

actionshow_user_profileclass-webrtc2-core.php:33

actionedit_user_profileclass-webrtc2-core.php:34

actionpersonal_options_updateclass-webrtc2-core.php:35

actionedit_user_profile_updateclass-webrtc2-core.php:36

actioninitclass-webrtc2-core.php:38

actionwp_headclass-webrtc2-core.php:40

actionwp_loginclass-webrtc2-core.php:42

actionwp_body_openclass-webrtc2-core.php:44

actionafter_setup_themeclass-webrtc2-core.php:45

filterprint_styles_arrayclass-webrtc2-core.php:47

actionplugins_loadedclass-webrtc2-core.php:55

actionwp_mail_failedclass-webrtc2-core.php:59

filterwp_mail_content_typeclass-webrtc2-core.php:60

actionwebrtc2_truncateclass-webrtc2-core.php:62

actionwebrtc2_updateclass-webrtc2-core.php:63

actionwebrtc2_update_repeatclass-webrtc2-core.php:64

actionuser_registerclass-webrtc2-core.php:65

filteruser_contactmethodsclass-webrtc2-core.php:66

actioninitwp-webrtc2.php:106

actionadmin_enqueue_scriptswp-webrtc2.php:138

actionwp_enqueue_scriptswp-webrtc2.php:237

Scheduled Events 5

webrtc2_truncate

webrtc2_update

webrtc2_update_repeat

webrtc2_update

webrtc2_update_repeat

Maintenance & Trust

WP-WebRTC2 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 31, 2025

PHP min version7.4

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WP-WebRTC2 Alternatives

FullCall VideoChat

fullcall

This is a one-click installation plugin for FullCall. It is audio and video chat for your website. Easy to use compatible with all modern browsers.

10 No CVEs

Consolto Video Chat

consolto-videochat

100

4-in-1: video chat, appointment scheduling, AI & live chat and forms for Sales, Support and Consultants.

300 No CVEs

HTML5 Chat

html5-chat

HTML5 Chat is a WordPress plugin that lets you easily embed a real-time audio & video chat into your website using HTML5 technology.

90 1 CVE

Easy Video Call [GWE]

easy-video-call

100

Easy Video Call is a simple plugin for making video call easily. To display the video call option simply add this [easy-video-call] shortcode inside y …

50 No CVEs

LiveSmart Video Chat Live Video Chat

new-dev-livesmart-video-chat

LiveSmart Video Chat Live Video chat plugin for WordPress that allows visitors to establish live video chat in the browser without download.

30 No CVEs

Developer Profile

WP-WebRTC2 Developer Profile

adminkov

2 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-WebRTC2

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-webrtc2/css/webrtc2-backend.css/wp-content/plugins/wp-webrtc2/js/webrtc2-backend.js/wp-content/plugins/wp-webrtc2/converter/html2canvas.js/wp-content/plugins/wp-webrtc2/katex/katex.css/wp-content/plugins/wp-webrtc2/katex/katex.js/wp-content/plugins/wp-webrtc2/katex/mhchem.js/wp-content/plugins/wp-webrtc2/css/webrtc2-dark.css/wp-content/plugins/wp-webrtc2/css/webrtc2-light.css+5 more

Script Paths

/wp-content/plugins/wp-webrtc2/converter/html2canvas.js/wp-content/plugins/wp-webrtc2/katex/katex.js/wp-content/plugins/wp-webrtc2/katex/mhchem.js/wp-content/plugins/wp-webrtc2/parser/detect.js/wp-content/plugins/wp-webrtc2/chart/smoothie.js/wp-content/plugins/wp-webrtc2/js/webrtc2-variables.js+3 more

Version Parameters

webrtc2-backend.css?v1.7webrtc2-backend.js?v1.7html2canvas.js?v1.4.1katex.css?v0.16.9katex.js?v0.16.9mhchem.js?v3.3.0webrtc2-dark.css?v1.7webrtc2-light.css?v1.7detect.js?v2.2.2smoothie.js?v1.36webrtc2-variables.js?v1.7webrtc2-interface.js?v1.7webrtc2-init.js?v1.7

HTML / DOM Fingerprints

JS Globals

webrtc2_url_ajaxwebrtc2_noncewebrtc2_hostIdwebrtc2_durationwebrtc2_stunwebrtc2_turn+3 more

FAQ