Does AI Experiments have any unpatched vulnerabilities?

No. All known vulnerabilities in AI Experiments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AI Experiments compatible with WordPress 7.0?

According to WordPress.org data, AI Experiments 0.5.0 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is AI Experiments compatible with PHP 7.4+?

AI Experiments requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AI Experiments updated?

AI Experiments was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is AI Experiments's security score?

AI Experiments has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AI Experiments Security & Risk Analysis

wordpress.org/plugins/ai

AI experiments and capabilities for WordPress.

1K active installs v0.5.0 PHP 7.4+ WP 7.0+ Updated Mar 12, 2026

abilitiesaiartificial-intelligenceexperimentsmcp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AI Experiments Safe to Use in 2026?

Generally Safe

Score 100/100

AI Experiments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The 'ai' plugin version 0.5.0 demonstrates a generally strong security posture, with robust use of WordPress security features like nonce and capability checks. The plugin also avoids common pitfalls such as dangerous function usage and external HTTP requests. Its SQL queries are exclusively prepared, and a high percentage of output is properly escaped, indicating a good understanding of secure coding practices.

However, a significant concern arises from the taint analysis, which identified one flow with an unsanitized path. While this did not result in a high or critical severity finding and there are no recorded vulnerabilities, it represents a potential avenue for malicious input if not handled carefully. The presence of file operations without further context also warrants attention, as these can sometimes be associated with insecure practices if not implemented with strict sanitization and validation.

Given the complete absence of known vulnerabilities and a proactive approach to security features, the plugin is relatively safe. The primary weakness lies in the single unsanitized path identified in the taint analysis. This plugin is a good example of a developer who understands many security principles, but there's a specific area that needs verification to ensure it doesn't become a point of exploitation.

Key Concerns

Flow with unsanitized path found

Vulnerabilities

None known

AI Experiments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

AI Experiments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

141 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped150 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

render_test_runner (includes\Experiments\Abilities_Explorer\Admin_Page.php:243)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

AI Experiments Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_ai_ability_explorer_invokeincludes\Experiments\Abilities_Explorer\Admin_Page.php:35

REST API Routes 1

GET/wp-json/ai/v1/exampleincludes\Experiments\Example_Experiment\Example_Experiment.php:84

WordPress Hooks 33

actionwp_abilities_api_initincludes\Abilities\Utilities\Posts.php:39

actionadmin_noticesincludes\bootstrap.php:74

actionadmin_noticesincludes\bootstrap.php:103

actioninitincludes\bootstrap.php:182

actionwp_abilities_api_categories_initincludes\bootstrap.php:211

actionplugins_loadedincludes\bootstrap.php:241

actionadmin_enqueue_scriptsincludes\Experiments\Abilities_Explorer\Abilities_Explorer.php:49

actionadmin_menuincludes\Experiments\Abilities_Explorer\Admin_Page.php:34

actionwp_abilities_api_initincludes\Experiments\Alt_Text_Generation\Alt_Text_Generation.php:58

actionenqueue_block_editor_assetsincludes\Experiments\Alt_Text_Generation\Alt_Text_Generation.php:59

actionwp_enqueue_mediaincludes\Experiments\Alt_Text_Generation\Alt_Text_Generation.php:60

actionadmin_enqueue_scriptsincludes\Experiments\Alt_Text_Generation\Alt_Text_Generation.php:61

actionadd_meta_boxes_attachmentincludes\Experiments\Alt_Text_Generation\Alt_Text_Generation.php:62

filterattachment_fields_to_editincludes\Experiments\Alt_Text_Generation\Alt_Text_Generation.php:63

actionwp_footerincludes\Experiments\Example_Experiment\Example_Experiment.php:45

filterdocument_title_partsincludes\Experiments\Example_Experiment\Example_Experiment.php:46

actionrest_api_initincludes\Experiments\Example_Experiment\Example_Experiment.php:47

actionwp_abilities_api_initincludes\Experiments\Excerpt_Generation\Excerpt_Generation.php:48

actionadmin_enqueue_scriptsincludes\Experiments\Excerpt_Generation\Excerpt_Generation.php:49

actionwp_abilities_api_initincludes\Experiments\Image_Generation\Image_Generation.php:52

actionadmin_enqueue_scriptsincludes\Experiments\Image_Generation\Image_Generation.php:53

actionenqueue_block_editor_assetsincludes\Experiments\Image_Generation\Image_Generation.php:54

actionadmin_menuincludes\Experiments\Image_Generation\Image_Generation.php:55

actionadmin_footer-upload.phpincludes\Experiments\Image_Generation\Image_Generation.php:56

actionwp_abilities_api_initincludes\Experiments\Review_Notes\Review_Notes.php:52

actionenqueue_block_editor_assetsincludes\Experiments\Review_Notes\Review_Notes.php:53

filterrest_pre_insert_commentincludes\Experiments\Review_Notes\Review_Notes.php:54

actionwp_abilities_api_initincludes\Experiments\Summarization\Summarization.php:50

actionadmin_enqueue_scriptsincludes\Experiments\Summarization\Summarization.php:51

actionwp_abilities_api_initincludes\Experiments\Title_Generation\Title_Generation.php:48

actionadmin_enqueue_scriptsincludes\Experiments\Title_Generation\Title_Generation.php:49

actionadmin_menuincludes\Settings\Settings_Page.php:69

actionadmin_enqueue_scriptsincludes\Settings\Settings_Page.php:104

Maintenance & Trust

AI Experiments Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 12, 2026

PHP min version7.4

Downloads5K

Community Trust

Rating100/100

Number of ratings2

Active installs1K

Alternatives

AI Experiments Alternatives

Abilities Bridge

abilities-bridge

100

MCP server for WordPress. Connect Claude AI or OpenAI to execute WordPress Abilities with configurable permissions.

0 No CVEs

Angie – Agentic AI for WordPress (Beta)

angie

100

Angie Code: Your expert WordPress developer, powered by AI. Build anything you can imagine without writing a single line of code.

7K No CVEs

Notification for Telegram

notification-for-telegram

Sends notifications to Telegram users or groups, when some events occur in WordPress.

4K 2 unpatched

AutoWP – AI Content Writer & Rewriter

autowp-ai-content-writer-rewriter

AI Content Writer & Rewriter. Write content with AI from zero. Import content from RSS, Wordpress, Google News and rewrite with AI.

1K 1 unpatched

LLMs.txt Generator

llms-txt-generator

Optimize your WordPress content for AI discovery and interaction through the llms.txt file, the robots.txt for AI engines.

1K No CVEs

Developer Profile

AI Experiments Developer Profile

WordPress.org

34 plugins · 14.9M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1718 days

View full developer profile

Detection Fingerprints

How We Detect AI Experiments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ai/build/index.js/wp-content/plugins/ai/build/style.css

Script Paths

/wp-content/plugins/ai/build/index.js

Version Parameters

ai/build/index.js?ver=ai/build/style.css?ver=

HTML / DOM Fingerprints

HTML Comments

JS Globals

window.ai

REST Endpoints

/wp-json/ai/v1/example

FAQ