Joinchat – Enhanced "click to chat"
Slug: creame-whatsapp-me · Creame · 700,000+
Overall Score
Excellent quality and security
95
Excellent
What this score means
Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.
-
Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
-
Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
-
Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
-
High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
Score computed: May 23, 2026 10:17 pm (3 weeks ago). Vulnerability data mode: Live.
High confidence (100/100) based on metadata completeness and vulnerability evidence quality.
Open vulnerabilities are weighted by severity, CVSS, and patch availability, then adjusted slightly when the source data is incomplete.
High confidence (100/100) based on metadata completeness and vulnerability evidence quality.
Open vulnerabilities are weighted by severity, CVSS, and patch availability, then adjusted slightly when the source data is incomplete.
- Wordfence: June 10, 2026 11:47 am (27 minutes ago)
Score Breakdown
Security
88
Good
Why this score?
Top deductions are based on 1 affected rules, reducing this category by 12 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Security issue: Warning | 3 | -12 | 100% |
WP.org Readiness
95
Excellent
Why this score?
Top deductions are based on 2 affected rules, reducing this category by 5 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Repo issue: Warning | 1 | -3 | 60% |
| Repo issue: Notice | 2 | -2 | 40% |
Performance
100
Excellent
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Code Quality
100
Excellent
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Accessibility
92
Excellent
Why this score?
Top deductions are based on 1 affected rules, reducing this category by 8 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Accessibility issue: Warning | 4 | -8 | 100% |
Vulnerability Status
100
Excellent
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Plugin Details
- Version: 6.2.2
- Active Installs: 700,000+
- Last Updated: 2026-05-22 07:32:00
- Tested up to: 7.0
- Requires PHP: 7.0
- Rating: 4.7/5 (189 ratings)
- Support: 3/5 resolved (60%)
- View on WordPress.org
- Download Plugin
Scan Summary
- Errors: 0
- Warnings: 8
- Notices: 2
- Last Scanned: 2026-05-23 21:17:48
- Score confidence: 100/100
Scans are performed automatically once per day, and the report will note when source data is stale or incomplete.
What Changed Since Last Scan
New: 0
Resolved: 0
Worsened: 0
New Issues
No items in this category.
Resolved Issues
No items in this category.
Worsened Issues
No items in this category.
Detected Issues
| Severity | Category | Message | File | Fix Guidance |
|---|---|---|---|---|
| WARNING | SECURITY | Declared minimum PHP 7.0 is end-of-life and no longer receives security updates. |
Quick
Increase minimum PHP version to a currently supported branch.
Moderate
Audit dependencies and code for compatibility with modern PHP runtime behavior.
Advanced
Track upstream PHP lifecycle changes and schedule proactive baseline upgrades.
|
|
| WARNING | SECURITY | Declared minimum WordPress 4.9.6 is very outdated and lacks modern security APIs. |
Quick
Raise minimum WordPress version to a modern supported release.
Moderate
Replace deprecated APIs and confirm compatibility across current WordPress branches.
Advanced
Run multi-version WordPress integration tests in CI and block unsupported API usage.
|
|
| WARNING | SECURITY | Main plugin file does not appear to guard direct access with an ABSPATH check. | joinchat.php |
Quick
Add an ABSPATH guard near the top of the main plugin file to prevent direct execution.
Moderate
Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
| WARNING | REPO | Plugin package is missing readme.txt. |
Quick
Add a readme.txt file so repository metadata, installation instructions, and compatibility information are available.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
|
| NOTICE | REPO | Plugin package does not include a license file. |
Quick
Add a LICENSE or COPYING file so distribution terms are explicit.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
|
| WARNING | ACCESSIBILITY | Image markup without an alt attribute detected. | admin/class-joinchat-admin.php |
Quick
Add alt attributes to the flagged image tags, or alt="" for decorative images.
Moderate
Audit all templates/components for missing alternative text and update content guidelines.
Advanced
Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
|
| WARNING | ACCESSIBILITY | Image markup without an alt attribute detected. | admin/partials/premium.php |
Quick
Add alt attributes to the flagged image tags, or alt="" for decorative images.
Moderate
Audit all templates/components for missing alternative text and update content guidelines.
Advanced
Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
|
| WARNING | ACCESSIBILITY | Image markup without an alt attribute detected. | admin/partials/page-preview.php |
Quick
Add alt attributes to the flagged image tags, or alt="" for decorative images.
Moderate
Audit all templates/components for missing alternative text and update content guidelines.
Advanced
Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
|
| WARNING | ACCESSIBILITY | Image markup without an alt attribute detected. | includes/class-joinchat-formatter.php |
Quick
Add alt attributes to the flagged image tags, or alt="" for decorative images.
Moderate
Audit all templates/components for missing alternative text and update content guidelines.
Advanced
Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
|
| NOTICE | REPO | Translation functions are present, but no textdomain loader was detected. |
Quick
Call load_plugin_textdomain() during plugin bootstrap so translations can be loaded.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
Score History
Range Change: 0 pts · All-Time High: 95/100
All Past Vulnerabilities
No vulnerabilities have been recorded for this plugin yet.