Does WSChat – WordPress Live Chat have any unpatched vulnerabilities?

No. All known vulnerabilities in WSChat – WordPress Live Chat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WSChat – WordPress Live Chat compatible with WordPress 6.9.4?

According to WordPress.org data, WSChat – WordPress Live Chat 3.1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WSChat – WordPress Live Chat compatible with PHP 7.1.3+?

WSChat – WordPress Live Chat requires PHP 7.1.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WSChat – WordPress Live Chat updated?

WSChat – WordPress Live Chat was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is WSChat – WordPress Live Chat's security score?

WSChat – WordPress Live Chat has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WSChat – WordPress Live Chat Security & Risk Analysis

wordpress.org/plugins/wschat-live-chat

WordPress Live Chat Made Simple! Unlike other Live Chat plugins, this plugin works within WordPress with no external API calls.

40 active installs v3.1.8 PHP 7.1.3+ WP 4.3+ Updated Feb 3, 2026

chatchat-pluginlive-chatlive-supportwordpress-chat

A · Safe

CVEs total1

Unpatched0

Last CVENov 18, 2025

Plugin page Download

Safety Verdict

Is WSChat – WordPress Live Chat Safe to Use in 2026?

Generally Safe

Score 99/100

WSChat – WordPress Live Chat has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 18, 2025Updated 1mo ago

Risk Assessment

The "wschat-live-chat" plugin version 3.1.8 exhibits a mixed security posture, with some positive signs but also notable areas of concern. The plugin demonstrates good practices by largely utilizing prepared statements for SQL queries and having a significant portion of its output properly escaped. The absence of critical or high-severity taint flows is also a positive indicator, suggesting that data input is generally handled with some level of sanitization for path traversal and similar vulnerabilities. However, the presence of 53 AJAX handlers, with two of them lacking any authentication checks, presents a significant attack surface that is directly accessible to unauthenticated users. This is a primary concern that could lead to unauthorized actions being performed. The plugin's vulnerability history, while currently showing no unpatched CVEs, indicates a past medium-severity vulnerability with a common theme of missing authorization. This pattern suggests a recurring issue with access control that warrants careful monitoring and proactive security measures. Overall, while the plugin has strengths in its SQL handling and output escaping, the unprotected AJAX endpoints and historical authorization weaknesses are substantial risks that significantly detract from its security. The potential for attackers to leverage these unprotected entry points for malicious purposes is a serious drawback. The plugin's reliance on bundled libraries like Select2 and Guzzle also introduces potential risks if these libraries themselves have known vulnerabilities and are not kept up to date. Future development should prioritize addressing these authentication gaps and ensuring robust authorization checks are in place across all entry points.

Key Concerns

Unprotected AJAX handlers
Past medium severity vulnerability (missing auth)
Bundled libraries with potential vulnerabilities

Vulnerabilities

WSChat – WordPress Live Chat Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12751medium · 4.3Missing Authorization

WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

Nov 18, 2025 Patched in 3.1.7 (1d)

Code Analysis

Analyzed Mar 16, 2026

WSChat – WordPress Live Chat Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

274

577 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Guzzle

SQL Query Safety

79% prepared19 total queries

Output Escaping

68% escaped851 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

download_info (src\HelpAndSupport\HelpAndSupportController.php:158)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WSChat – WordPress Live Chat Attack Surface

Entry Points53

Unprotected2

AJAX Handlers 53

authwp_ajax_wschat_admin_create_wsdesk_ticketsrc\Integrations\Integration.php:32

authwp_ajax_wschat_pre_chat_frm_add_fieldsrc\PreChatForm\Settings.php:26

authwp_ajax_wschat_pre_chat_frm_toggle_field_statussrc\PreChatForm\Settings.php:27

authwp_ajax_wschat_pre_chat_frm_toggle_field_mandatorysrc\PreChatForm\Settings.php:28

authwp_ajax_wschat_pre_chat_frm_delete_fieldsrc\PreChatForm\Settings.php:29

authwp_ajax_reset_settingssrc\PreChatForm\Settings.php:30

authwp_ajax_wschat_pre_chat_frm_rearrange_fieldssrc\PreChatForm\Settings.php:32

authwp_ajax_wschat_pre_chat_frm_submitsrc\PreChatForm\Settings.php:34

noprivwp_ajax_wschat_pre_chat_frm_submitsrc\PreChatForm\Settings.php:35

authwp_ajax_wschat_admin_wc_get_orders_summarysrc\WooCommerce\WooCommerce.php:11

authwp_ajax_wschat_admin_search_postssrc\WooCommerce\WooCommerce.php:12

authwp_ajax_wschat_add_new_rolesrc\WSAgent.php:13

authwp_ajax_wschat_edit_rolesrc\WSAgent.php:14

authwp_ajax_wschat_delete_rolesrc\WSAgent.php:15

authwp_ajax_wschat_add_new_agentsrc\WSAgent.php:17

authwp_ajax_wschat_edit_agentsrc\WSAgent.php:18

authwp_ajax_wschat_delete_agentsrc\WSAgent.php:19

authwp_ajax_wschat_edit_existing_agentsrc\WSAgent.php:21

authwp_ajax_elex-wschat-search-existing-userssrc\WSAgent.php:22

authwp_ajax_wschat_set_agent_statussrc\WSAgent.php:27

noprivwp_ajax_wschat_start_conversationsrc\WSConversation.php:17

authwp_ajax_wschat_start_conversationsrc\WSConversation.php:18

authwp_ajax_wschat_admin_deAssign_Agentsrc\WSConversation.php:19

authwp_ajax_wschat_admin_get_conversationssrc\WSConversation.php:20

authwp_ajax_wschat_admin_join_conversationsrc\WSConversation.php:21

authwp_ajax_elex_chatgpt_generate_replysrc\WSConversation.php:22

authwp_ajax_wschat_admin_delete_conversationsrc\WSConversation.php:23

authwp_ajax_wschat_admin_end_sessionsrc\WSConversation.php:24

noprivwp_ajax_wschat_email_transcriptsrc\WSConversation.php:26

authwp_ajax_wschat_email_transcriptsrc\WSConversation.php:27

noprivwp_ajax_wschat_coversation_feedbacksrc\WSConversation.php:31

authwp_ajax_wschat_coversation_feedbacksrc\WSConversation.php:32

authwp_ajax_wschat_agent_accept_invitaionsrc\WSConversation.php:45

authwp_ajax_wschat_agent_decline_invitaionsrc\WSConversation.php:46

noprivwp_ajax_wschat_get_messagessrc\WSMessage.php:21

authwp_ajax_wschat_get_messagessrc\WSMessage.php:22

authwp_ajax_wschat_admin_get_messagessrc\WSMessage.php:23

noprivwp_ajax_wschat_send_messagesrc\WSMessage.php:26

authwp_ajax_wschat_send_messagesrc\WSMessage.php:27

authwp_ajax_wschat_admin_send_messagesrc\WSMessage.php:28

noprivwp_ajax_wschat_read_allsrc\WSMessage.php:31

authwp_ajax_wschat_read_allsrc\WSMessage.php:32

authwp_ajax_wschat_admin_read_allsrc\WSMessage.php:33

authwp_ajax_wschat_get_agent_unread_countsrc\WSMessage.php:40

noprivwp_ajax_wschat_pusher_authsrc\WSPusher.php:24

authwp_ajax_wschat_pusher_authsrc\WSPusher.php:25

authwp_ajax_wschat_admin_pusher_authsrc\WSPusher.php:27

authwp_ajax_general_pusher_verifysrc\WSPusher.php:29

authwp_ajax_wschat_admin_add_a_tagsrc\WSTag.php:13

authwp_ajax_wschat_admin_edit_a_tagsrc\WSTag.php:14

authwp_ajax_wschat_admin_delete_a_tagsrc\WSTag.php:15

authwp_ajax_wschat_admin_tag_a_messagesrc\WSTag.php:17

authwp_ajax_wschat_admin_untag_a_messagesrc\WSTag.php:18

WordPress Hooks 79

actionadmin_noticesresources\review_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:20

actionadmin_initresources\review_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:21

actionreq_settings_tab_faqssrc\HelpAndSupport\HelpAndSupportController.php:12

actionreq_settings_tab_ticketsrc\HelpAndSupport\HelpAndSupportController.php:13

actionadmin_initsrc\HelpAndSupport\HelpAndSupportController.php:14

actionwschat_on_send_messagesrc\Integrations\Dialogflow\Dialogflow.php:28

actionwschat_settings_tab_integrations_dialogflowsrc\Integrations\Dialogflow\Dialogflow.php:29

actionwschat_settings_tab_integrationssrc\Integrations\Integration.php:16

filterwschat_settings_saving_integrationssrc\Integrations\Integration.php:17

filterwschat_settings_saving_integrations_wsdesksrc\Integrations\Integration.php:19

filterwschat_settings_saving_integrations_chatgptsrc\Integrations\Integration.php:20

filterwschat_settings_saving_integrations_dialogflowsrc\Integrations\Integration.php:21

filterwschat_get_settingssrc\Integrations\Integration.php:23

actionwschat_settings_tab_integrations_dialogflowsrc\Integrations\Integration.php:25

actionwschat_settings_tab_integrations_wsdesksrc\Integrations\Integration.php:26

actionwschat_settings_tab_integrations_chatgptsrc\Integrations\Integration.php:27

actionwschat_settings_saved_generalsrc\PreChatForm\Settings.php:37

filterwschat_get_settingssrc\PreChatForm\Settings.php:39

filterwschat_user_conversationsrc\PreChatForm\Settings.php:41

filterwschat_start_conversation_failed_responsesrc\PreChatForm\Settings.php:42

actionwschat_after_submit_pre_chat_formsrc\PreChatForm\Settings.php:44

actionwschat_conversation_session_endedsrc\PreChatForm\Settings.php:46

filterpre_set_site_transient_update_pluginssrc\WfApiManager\PluginUpdate.php:118

filterplugins_apisrc\WfApiManager\PluginUpdate.php:121

filterpre_set_site_transient_update_themessrc\WfApiManager\PluginUpdate.php:128

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:316

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:317

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:321

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:325

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:329

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:333

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:337

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:341

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:345

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:349

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:353

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:357

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:361

actionadmin_noticessrc\WfApiManager\PluginUpdate.php:365

actionwschat_settings_tab_agentsrc\WSAgent.php:24

filterwschat_settings_saving_agentsrc\WSAgent.php:25

actionwp_logoutsrc\WSAgent.php:29

actionwp_loginsrc\WSAgent.php:30

actionadmin_noticessrc\WSChat.php:49

actioninitsrc\WSChat.php:51

actioninitsrc\WSChat.php:52

actioninitsrc\WSChat.php:53

actioninitsrc\WSChat.php:54

actionadmin_initsrc\WSChat.php:57

actionwp_footersrc\WSChat.php:59

actionadmin_menusrc\WSChat.php:342

actionwschat_conversation_session_endedsrc\WSConversation.php:28

actionwschat_conversation_session_endedsrc\WSConversation.php:29

actionwp_footersrc\WSConversation.php:33

filterquery_varssrc\WSConversation.php:35

actionwschat_on_send_messagesrc\WSConversation.php:43

actionadmin_menusrc\WSConversation.php:48

actionwschat_conversation_session_startedsrc\WSConversation.php:50

actionwschat_create_new_conversationsrc\WSConversation.php:51

filterquery_varssrc\WSConversation.php:1006

actionwschat_on_start_conversationsrc\WSMessage.php:34

actionwschat_conversation_session_endedsrc\WSMessage.php:36

filterwschat_participant_has_joined_the_chatsrc\WSMessage.php:38

filterwschat_agent_is_designed_from_the_chatsrc\WSMessage.php:39

filterwschat_settings_saving_generalsrc\WSPusher.php:18

filterwschat_get_settingssrc\WSPusher.php:19

actionwschat_settings_saved_generalsrc\WSPusher.php:21

actionwschat_on_send_messagesrc\WSPusher.php:22

actionwschat_admin_settings_noticessrc\WSPusher.php:172

actionwschat_settings_tab_generalsrc\WSSettings.php:15

actionwschat_settings_tab_restrictionssrc\WSSettings.php:16

actionwschat_settings_tab_customizationsrc\WSSettings.php:17

actionwschat_settings_tab_emailsrc\WSSettings.php:18

actionwschat_settings_tab_licencesrc\WSSettings.php:20

filterwschat_settings_saving_generalsrc\WSSettings.php:22

filterwschat_settings_saving_restrictionssrc\WSSettings.php:23

filterwschat_settings_saving_customizationsrc\WSSettings.php:24

filterwschat_settings_saving_emailsrc\WSSettings.php:25

actionbefore_woocommerce_initwschat.php:63

Maintenance & Trust

WSChat – WordPress Live Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version7.1.3

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

WSChat – WordPress Live Chat Alternatives

JivoChat Live Chat – WP live chat plugin for WordPress

jivochat

Omnichannel Live Chat and Help Desk plugin, optimized for WordPress. Free, fast, easy to install and to use. Turn your visitors into happy customers!

20K 1 CVE

LiveAgent – Omnichannel Help Desk & Live Chat Software

liveagent

LiveAgent is a multichannel help desk software that offers over 180 help desk and live chat features. Discover the power of the universal inbox, a hyb …

500 1 CVE

Live Chat by User.com

userengage-live-chat-marketing-automation-integration

With Live Chat by User.com you can chat with any visitor on your website with a simple Wordpress plugin.

200 No CVEs

KP Fastest Tidio Chat

kp-fastest-tidio-chat

Tidio Live Chat made fast and easy. Speed up your WordPress website and help customers via Tidio Live Chat on your website.

100 No CVEs

Live Chat Plugin for Elementor – LiveChat

livechat-elementor

100

A hassle-free WordPress Elementor live chat plugin for sales and customer support.

30 1 CVE

Developer Profile

WSChat – WordPress Live Chat Developer Profile

ELEXtensions

22 plugins · 28K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect WSChat – WordPress Live Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wschat-live-chat/resources/css/livechat.css/wp-content/plugins/wschat-live-chat/resources/css/user-chat.css/wp-content/plugins/wschat-live-chat/resources/dist/user-chat.js

Script Paths

/wp-content/plugins/wschat-live-chat/resources/dist/user-chat.js

Version Parameters

wschat-live-chat/resources/css/livechat.css?ver=wschat-live-chat/resources/css/user-chat.css?ver=wschat-live-chat/resources/dist/user-chat.js?ver=

HTML / DOM Fingerprints

CSS Classes

wschat-live-chat-wrapperwschat-live-chat-headerwschat-live-chat-messageswschat-live-chat-messagewschat-live-chat-input-wrapperwschat-live-chat-send-buttonelex-chat-widget-container

HTML Comments

Data Attributes

data-chat-iddata-widget-statusdata-user-id

JS Globals

wschat_globalsWSChatUserChat

REST Endpoints

/wp-json/wschat/v1/conversation/wp-json/wschat/v1/message/wp-json/wschat/v1/settings/wp-json/wschat/v1/pusher/wp-json/wschat/v1/pre_chat_form/wp-json/wschat/v1/woocommerce/wp-json/wschat/v1/dialogflow/wp-json/wschat/v1/agent/wp-json/wschat/v1/tag/wp-json/wschat/v1/config

FAQ