PLUGIN SECURITY
Is Tidio Live Chat safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Tidio Live Chat WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
tidio-live-chat - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Tidio – Live Chat & AI Chatbots [tidio-live-chat] < 5.3.0 [Tidio – Live Chat, Chatbots & Email Integration <= 5.2.0 - Sensitive Information Disclosure]
- Tidio – Live Chat & AI Chatbots [tidio-live-chat] < 4.2.1 [Tidio Live Chat < 4.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting]
- Tidio – Live Chat & AI Chatbots [tidio-live-chat] < 4.2.0 [Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- AI Agent by SiteGround — 1000000+ active installs — max PHP <8.0
- Joinchat – Enhanced "click to chat" — 700000+ active installs — max PHP 8.4
- Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty — 400000+ active installs — max PHP 8.4
- AI Engine – The Chatbot, AI Framework & MCP for WordPress — 100000+ active installs
- Facebook Chat Plugin – Live Chat Plugin for WordPress — 80000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.