CRX aminer
Extension icon

WAPlus CRM - Best AI-Powered Messaging CRM

Version 1.7.80 View in Chrome Web Store

Last scanned: about 12 hours ago

Extension Details

Developer: https://waplus.io/
Rating: 4.9 ★ (3.4K ratings)
Users: 60,000

Context-Aware Verdict

CRITICAL
Overall Risk
Trust Factors: The extension has a strong user base of 60,000 users and an excellent 4.9-star rating from 3,400+ reviews, suggesting legitimate functionality and user satisfaction. The developer maintains a professional website at waplus.io, which adds credibility. However, these positive indicators are overshadowed by significant security concerns.
Concerns: The extension requests extremely broad permissions that far exceed what's necessary for a WhatsApp CRM tool. The combination of tabs, cookies, and identity permissions creates a dangerous attack surface. The tabs permission allows monitoring and manipulation of all browser tabs, while cookies access could enable session hijacking across websites. The identity permission is particularly concerning as it can access personal authentication data. The broad host permissions extending beyond WhatsApp to all waplus.io domains suggest potential data collection beyond the stated purpose.
Recommendations: Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile specifically for this extension and avoid accessing sensitive websites or accounts in that profile. Consider alternative WhatsApp CRM solutions with more restrictive permissions. Regularly audit what data the extension has access to and revoke permissions if possible. Monitor your accounts for any suspicious activity if you've already installed this extension.

Findings

HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: identity
This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.