WP-Safety

WP Chat App Security & Risk Analysis

wordpress.org/plugins/wp-whatsapp

Integrate WhatsApp experience directly into your WordPress website.

100K active installs v3.7.3 PHP + WP 3.0+ Updated Oct 15, 2025
click-to-chatwhatsappwhatsapp-businesswhatsapp-chatwoocommerce-whatsapp
97
A · Safe
CVEs total6
Unpatched0
Last CVENov 15, 2024
Plugin page Download
Safety Verdict

Is WP Chat App Safe to Use in 2026?

Generally Safe

Score 97/100

WP Chat App has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Nov 15, 2024Updated 5mo ago
Risk Assessment

The wp-whatsapp plugin v3.7.3 exhibits a mixed security posture. On the positive side, the code analysis reveals a commendable adherence to secure coding practices, with no dangerous functions, all SQL queries using prepared statements, and a significant percentage of output being properly escaped. The presence of numerous nonce and capability checks across its AJAX handlers further suggests an effort to protect against common WordPress vulnerabilities. However, a substantial vulnerability history, with 6 known medium-severity CVEs, raises significant concerns. The prevalence of past vulnerabilities related to Missing Authorization, Cross-site Scripting, and Improper Input Validation indicates recurring weaknesses in how the plugin handles user input and controls access. While the current version shows no unpatched vulnerabilities, the historical pattern suggests a need for continued vigilance and potentially more rigorous code review in these specific areas. The overall attack surface is moderate, with 14 AJAX handlers, and thankfully, none are found to be unprotected in this analysis.

Key Concerns

  • Six known medium-severity CVEs
  • 73% output escaping (27% unescaped)
Vulnerabilities
6

WP Chat App Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
5 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2024-10533medium · 4.3Missing Authorization

WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

Nov 15, 2024 Patched in 3.6.9 (1d)
CVE-2024-4664medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Chat App <= 3.6.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 6, 2024 Patched in 3.6.5 (26d)
CVE-2024-2837medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Chat App <= 3.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 5, 2024 Patched in 3.6.4 (21d)
CVE-2024-2513medium · 6.4Improper Input Validation

WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute

Mar 29, 2024 Patched in 3.6.3 (12d)
CVE-2024-1761medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Mar 6, 2024 Patched in 3.6.2 (1d)
CVE-2023-51370medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Chat App <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 26, 2023 Patched in 3.4.5 (28d)
Code Analysis
Analyzed Mar 16, 2026

WP Chat App Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
107
283 escaped
Nonce Checks
19
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

73% escaped390 total outputs
Attack Surface

WP Chat App Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 14

authwp_ajax_njt_wa_get_accountincludes\PostType.php:35
authwp_ajax_yay_recommended_get_plugin_dataincludes\Recommended\Recommended.php:24
authwp_ajax_yay_recommended_activate_pluginincludes\Recommended\Recommended.php:25
authwp_ajax_yay_recommended_upgrade_pluginincludes\Recommended\Recommended.php:26
authwp_ajax_njt_wa_set_account_positionincludes\Settings.php:42
authwp_ajax_njt_wa_load_accounts_ajaxincludes\Settings.php:43
authwp_ajax_njt_wa_set_account_statusincludes\Settings.php:44
authwp_ajax_njt_wa_save_display_settingincludes\Settings.php:46
authwp_ajax_njt_wa_save_design_settingincludes\Settings.php:47
authwp_ajax_njt_wa_save_woocommerce_settingincludes\Settings.php:48
authwp_ajax_njt_wa_save_analytics_settingincludes\Settings.php:49
authwp_ajax_njt_wa_save_url_settingincludes\Settings.php:50
authwp_ajax_njt_wa_save_user_role_settingincludes\Settings.php:51
authwp_ajax_njt_wa_restoreincludes\Upgrade.php:43

Shortcodes 1

[njwa_button] includes\Shortcode.php:21
WordPress Hooks 39
actioninitblocks\src\init.php:149
actionenqueue_block_assetsblocks\src\init.php:150
actioninitincludes\Cross.php:51
actionadmin_noticesincludes\Cross.php:59
actionwp_dashboard_setupincludes\Cross.php:67
actionadmin_footerincludes\Cross.php:68
actionadmin_noticesincludes\Fallback.php:4
actionwp_enqueue_scriptsincludes\Popup.php:24
actionwp_footerincludes\Popup.php:25
actioninitincludes\PostType.php:26
actionsave_post_whatsapp-accountsincludes\PostType.php:27
actionadd_meta_boxesincludes\PostType.php:28
filtermanage_whatsapp-accounts_posts_columnsincludes\PostType.php:30
actionmanage_whatsapp-accounts_posts_custom_columnincludes\PostType.php:31
filterenter_title_hereincludes\PostType.php:32
actionwp_print_scriptsincludes\PostType.php:33
actioninitincludes\Recommended\Recommended.php:19
actionadmin_menuincludes\Recommended\Recommended.php:22
actionadmin_footerincludes\Recommended\Recommended.php:23
filteryay_recommended_plugins_excludedincludes\Recommended\Recommended.php:541
actionadmin_noticesincludes\Review.php:33
actionadmin_initincludes\Settings.php:37
actionadmin_menuincludes\Settings.php:38
actionadmin_enqueue_scriptsincludes\Settings.php:39
actionadmin_footerincludes\Settings.php:40
filterplugin_row_metaincludes\Settings.php:54
actioninitincludes\Support\Woocommerce.php:29
filternjt_whatsapp_is_page_or_shop_filterincludes\Support\Woocommerce.php:47
filternjt_whatsapp_get_post_id_filterincludes\Support\Woocommerce.php:48
actionwoocommerce_after_add_to_cart_buttonincludes\Support\Woocommerce.php:55
actionwoocommerce_before_add_to_cart_buttonincludes\Support\Woocommerce.php:57
filterwoocommerce_short_descriptionincludes\Support\Woocommerce.php:59
filterthe_contentincludes\Support\Woocommerce.php:61
filterwoocommerce_get_stock_htmlincludes\Support\Woocommerce.php:64
filternjt_wa_get_post_typeincludes\Support\WPML.php:26
actionadmin_initincludes\Upgrade.php:23
actionadmin_noticesincludes\Upgrade.php:42
actionadmin_initwhatsapp.php:19
actionplugins_loadedwhatsapp.php:97
Maintenance & Trust

WP Chat App Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 15, 2025
PHP min version
Downloads1.8M

Community Trust

Rating98/100
Number of ratings212
Active installs100K
Alternatives

WP Chat App Alternatives

Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Social Chat – Click To Chat App Button

Social Chat – Click To Chat App Button

wp-whatsapp-chat

A
100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE
Contact Form to Chat Apps | Click to Chat to Order – FormyChat

Contact Form to Chat Apps | Click to Chat to Order – FormyChat

social-contact-form

A
100

Connect contact forms and WooCommerce to WhatsApp by live click to chat. Send form data to WhatsApp Business for instant customer engagement

3K No CVEs
ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form

ChatHelp – Click to Chat Button, Chat to Order, Floating Chat & Form

chat-help

A
96

Add WhatsApp click to chat with floating chat button, chat to order for WooCommerce, and chat forms to convert visitors into customers.

1K 2 CVEs
Watso – Basic Help Chat Button

Watso – Basic Help Chat Button

watso-basic-chat

A
100

Lightweight and blazing-fast WhatsApp chat button for WordPress with full customization, UTM tracking, multi-agent support, and scheduling.

100 No CVEs
Developer Profile

WP Chat App Developer Profile

Ninja Team

13 plugins · 496K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
93 days
View full developer profile
Detection Fingerprints

How We Detect WP Chat App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-whatsapp/assets/css/whatsapp.css/wp-content/plugins/wp-whatsapp/assets/js/whatsapp.js/wp-content/plugins/wp-whatsapp/blocks/dist/blocks.style.build.css/wp-content/plugins/wp-whatsapp/blocks/dist/blocks.build.js/wp-content/plugins/wp-whatsapp/blocks/dist/blocks.editor.build.css
Script Paths
/wp-content/plugins/wp-whatsapp/blocks/dist/blocks.build.js
Version Parameters
wp-whatsapp/assets/css/whatsapp.css?ver=wp-whatsapp/assets/js/whatsapp.js?ver=wp-whatsapp/blocks/dist/blocks.style.build.css?ver=wp-whatsapp/blocks/dist/blocks.build.js?ver=wp-whatsapp/blocks/dist/blocks.editor.build.css?ver=

HTML / DOM Fingerprints

CSS Classes
wa__buttonwa__r_buttonwa__sq_buttonwa__button_text_onlywa__btn_iconwa__cs_imgwa__cs_img_wrapwa__btn_txt+3 more
HTML Comments
<!-- BEGIN: WP WA Button --><!-- END: WP WA Button --><!-- Shortcode Output -->
Data Attributes
data-phonedata-colordata-text-colordata-background-colordata-positiondata-size+13 more
JS Globals
njtwa
Shortcode Output
[njwa_button[wp_whatsapp
FAQ

Frequently Asked Questions about WP Chat App