WP-Safety

WT Chat Bot Security & Risk Analysis

wordpress.org/plugins/wt-chat-bot

Enhance engagement & support with WT Chat Bot plugin: seamless, user-friendly integration for WordPress.

0 active installs v1.0.0 PHP 7.0+ WP 3.0.1+ Updated Unknown
answer-a-questionauto-chat-botquestion-chat-botsupport-botwt-chat-bot
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WT Chat Bot Safe to Use in 2026?

Generally Safe

Score 100/100

WT Chat Bot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wt-chat-bot" plugin v1.0.0 exhibits a generally good security posture, with no known historical vulnerabilities and a well-protected attack surface. The static analysis reveals a robust implementation regarding SQL queries, all utilizing prepared statements, and a significant portion of output is properly escaped. Nonce checks are also present, indicating an awareness of common WordPress security practices.

However, there are a few areas that warrant attention. The taint analysis identified one flow with unsanitized paths, which, while not flagged as critical or high, still represents a potential risk if that path is user-controllable. Additionally, the plugin performs an external HTTP request and a file operation, both of which are potential vectors for injection if not handled with extreme care. The limited number of capability checks is also a concern, especially given the presence of AJAX handlers; while no unprotected entry points were found, relying solely on nonces without proper capability verification can be insufficient in some scenarios.

Overall, the plugin's lack of historical vulnerabilities is a strong positive indicator. Combined with the well-handled SQL queries and good output escaping, this suggests a developer who is mindful of security. The presence of only one unsanitized path in the taint analysis is encouraging. The main weaknesses lie in the potential for exploitation of file operations and external HTTP requests if not properly sanitized, and the limited use of capability checks on AJAX handlers, which could be a vector for privilege escalation if a vulnerability were to be discovered in the future.

Key Concerns

  • Taint flow with unsanitized path
  • File operations without explicit sanitization noted
  • External HTTP requests without explicit sanitization noted
  • No capability checks on AJAX handlers
Vulnerabilities
None known

WT Chat Bot Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WT Chat Bot Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
108
309 escaped
Nonce Checks
11
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

74% escaped417 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<wt-chat-bot-box> (public\templates\chat-bot-content\wt-chat-bot-box.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WT Chat Bot Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_wtcbt_import_chat_questionsadmin\includes\class-wt-chat-bot-functions.php:45
noprivwp_ajax_wtcbt_import_chat_questionsadmin\includes\class-wt-chat-bot-functions.php:46
authwp_ajax_wtcbt_export_chat_questionsadmin\includes\class-wt-chat-bot-functions.php:47
authwp_ajax_chat_bot_asking_questionspublic\templates\wt-chat-function.php:42
noprivwp_ajax_chat_bot_asking_questionspublic\templates\wt-chat-function.php:43
WordPress Hooks 28
actionadmin_menuadmin\class-admin.php:41
actionadmin_enqueue_scriptsadmin\class-admin.php:42
actionadmin_enqueue_scriptsadmin\class-admin.php:43
actionafter_setup_themeadmin\class-admin.php:45
actionadmin_print_scriptsadmin\class-field-functions.php:41
filterwtcbt_chat_bot_settings_navadmin\class-wt-chat-bot-custom-setting.php:41
filterwtcbt_chat_bot_settings_paneladmin\class-wt-chat-bot-custom-setting.php:42
actionwtcbt_enqueue_add_extra_styles_beforeadmin\class-wt-chat-bot-custom-setting.php:44
actionwtcbt_enqueue_add_extra_styles_afteradmin\class-wt-chat-bot-custom-setting.php:45
actionwtcbt_enqueue_add_extra_scripts_beforeadmin\class-wt-chat-bot-custom-setting.php:47
actionwtcbt_enqueue_add_extra_scripts_afteradmin\class-wt-chat-bot-custom-setting.php:48
actioninitadmin\class-wt-chat-bot-custom-setting.php:50
filtermanage_wtcbt_ask_questions_posts_columnsadmin\includes\class-wt-chat-bot-functions.php:42
actionmanage_wtcbt_ask_questions_posts_custom_columnadmin\includes\class-wt-chat-bot-functions.php:43
filterwp_list_table_show_post_checkboxadmin\includes\class-wt-chat-bot-functions.php:49
actionplugins_loadedincludes\packages.php:144
actionwp_enqueue_scriptspublic\class-public.php:41
actionwp_enqueue_scriptspublic\class-public.php:42
actionafter_setup_themepublic\class-public.php:44
actionwt_chat_bot_icon_textpublic\include\wt-chat-hook.php:7
actionwt_chat_bot_header_beforepublic\include\wt-chat-hook.php:15
actionwt_chat_bot_header_afterpublic\include\wt-chat-hook.php:20
actionwt_chat_bot_content_afterpublic\include\wt-chat-hook.php:25
actionwt_chat_bot_form_beforepublic\include\wt-chat-hook.php:30
actionwt_chat_bot_form_content_beforepublic\include\wt-chat-hook.php:35
actionwt_chat_bot_form_content_afterpublic\include\wt-chat-hook.php:40
actionwt_chat_bot_form_afterpublic\include\wt-chat-hook.php:45
actionwp_footerpublic\templates\wt-chat-function.php:41
Maintenance & Trust

WT Chat Bot Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.0
Downloads418

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WT Chat Bot Alternatives

Zeno – AI-Powered Chatbot

Zeno – AI-Powered Chatbot

zeno-chatbot-ai

A
100

An AI-powered WordPress automation chatbot plugin that helps you automate support, engage visitors, and answer questions using OpenAI or Google Gemini

60 No CVEs
AnyTimeReply – Sales chatbot

AnyTimeReply – Sales chatbot

anytimereply

A
100

AnyTimeReply is the automated sales chatbot available to customers round the clock. It collect leads in interactive way and manage customer queries.

10 No CVEs
Developer Profile

WT Chat Bot Developer Profile

WebbyTemplate

3 plugins · 30 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WT Chat Bot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wt-chat-bot/admin/css/wt-chat-bot-admin.css/wp-content/plugins/wt-chat-bot/admin/js/wt-chat-bot-admin.js/wp-content/plugins/wt-chat-bot/public/css/wt-chat-bot-public.css/wp-content/plugins/wt-chat-bot/public/js/wt-chat-bot-public.js
Script Paths
/wp-content/plugins/wt-chat-bot/admin/js/wt-chat-bot-admin.js/wp-content/plugins/wt-chat-bot/public/js/wt-chat-bot-public.js
Version Parameters
wt-chat-bot/admin/css/wt-chat-bot-admin.css?ver=wt-chat-bot/admin/js/wt-chat-chat-bot-admin.js?ver=wt-chat-bot/public/css/wt-chat-bot-public.css?ver=wt-chat-bot/public/js/wt-chat-bot-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
wt-chat-bot-settings-wrapper
Data Attributes
data-plugin-name="wt-chat-bot"data-plugin-version="1.0.0"
JS Globals
wt_chat_bot_params
FAQ

Frequently Asked Questions about WT Chat Bot