WP-Safety

AI App Onsite Security & Risk Analysis

wordpress.org/plugins/ai-app-onsite

Add AI-powered apps to any site in minutes. Forget OpenAI “GPTs” or Claude “Projects”. The power of AI is now in your hands (and on your website)!

10 active installs v1.2.7 PHP 7.0+ WP 4.7+ Updated Nov 19, 2025
aiai-appapp-builderform-buildergpt
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is AI App Onsite Safe to Use in 2026?

Generally Safe

Score 100/100

AI App Onsite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "ai-app-onsite" v1.2.7 plugin presents a mixed security posture. While it demonstrates good practices in output escaping and avoids known vulnerabilities and bundled libraries, significant concerns arise from its attack surface and data handling.

The plugin has a substantial attack surface with 66 AJAX handlers, a concerning 37 of which lack authentication checks. This opens a large vector for unauthorized actions. Furthermore, the presence of the `unserialize` function is a critical risk, especially when combined with unsanitized data, as evidenced by the high-severity taint flow. While the vulnerability history is clean, this does not mitigate the immediate risks identified in the static analysis.

In conclusion, the plugin's strengths in output escaping are overshadowed by the critical risk of unauthenticated AJAX handlers and the potential for deserialization vulnerabilities. The lack of known CVEs is positive but offers no guarantee of future security. Aggressive remediation of the unauthenticated AJAX endpoints and careful scrutiny of `unserialize` usage are highly recommended.

Key Concerns

  • Large attack surface without auth checks
  • Dangerous function (unserialize) present
  • High severity taint flow with unsanitized path
  • 27% of SQL queries not using prepared statements
  • 0 capability checks on entry points
Vulnerabilities
None known

AI App Onsite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AI App Onsite Release Timeline

v1.2.7Current
v1.2.6
v1.2.5
v1.2.4.3
v1.2.4.2
v1.2.4.1
v1.2.4
v1.2.3
v1.2.2
v1.1.1
v1.1.0
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

AI App Onsite Code Analysis

Dangerous Functions
6
Raw SQL Queries
82
30 prepared
Unescaped Output
1
115 escaped
Nonce Checks
16
Capability Checks
0
File Operations
11
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserialize$field_dropdown_options = unserialize($field['field_dropdown_options']);handler\ai-app-onsite-app-preview.php:335
unserialize$field_dropdown_options = unserialize($record['field_dropdown_options']);handler\ai-app-onsite-field-selector.php:290
unserialize? unserialize($plugin_settings[0]['banned_words'])handler\ai-app-onsite-openAi-api.php:80
unserialize$unserializedDataCsv = unserialize($banned_words_raw);handler\ai-app-onsite-plugin-settings.php:216
unserialize$unserializedData = unserialize($row['banned_words']);handler\ai-app-onsite-plugin-settings.php:220
unserialize$value = unserialize($value);handler\ai-app-onsite-plugin-settings.php:223

SQL Query Safety

27% prepared112 total queries

Output Escaping

99% escaped116 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<ai-app-onsite-app-license> (handler\ai-app-onsite-app-license.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
37 unprotected

AI App Onsite Attack Surface

Entry Points66
Unprotected37

AJAX Handlers 66

authwp_ajax_ai_app_onsite_app_verify_license_keyhandler\ai-app-onsite-app-license.php:15
noprivwp_ajax_ai_app_onsite_app_verify_license_keyhandler\ai-app-onsite-app-license.php:16
authwp_ajax_ai_app_onsite_get_app_license_keyhandler\ai-app-onsite-app-license.php:18
noprivwp_ajax_ai_app_onsite_get_app_license_keyhandler\ai-app-onsite-app-license.php:19
authwp_ajax_ai_app_onsite_app_remove_license_keyhandler\ai-app-onsite-app-license.php:21
noprivwp_ajax_ai_app_onsite_app_remove_license_keyhandler\ai-app-onsite-app-license.php:22
authwp_ajax_ai_app_onsite_app_toggle_license_key_statushandler\ai-app-onsite-app-license.php:24
noprivwp_ajax_ai_app_onsite_app_toggle_license_key_statushandler\ai-app-onsite-app-license.php:25
authwp_ajax_ai_app_onsite_update_style_properties_onlyhandler\ai-app-onsite-app-preview.php:14
noprivwp_ajax_ai_app_onsite_update_style_properties_onlyhandler\ai-app-onsite-app-preview.php:15
authwp_ajax_ai_app_onsite_create_app_preview_formhandler\ai-app-onsite-app-preview.php:17
noprivwp_ajax_ai_app_onsite_create_app_preview_formhandler\ai-app-onsite-app-preview.php:18
authwp_ajax_ai_app_onsite_save_app_propertieshandler\ai-app-onsite-app-properties.php:10
noprivwp_ajax_ai_app_onsite_save_app_propertieshandler\ai-app-onsite-app-properties.php:11
authwp_ajax_ai_app_onsite_get_app_propertieshandler\ai-app-onsite-app-properties.php:13
noprivwp_ajax_ai_app_onsite_get_app_propertieshandler\ai-app-onsite-app-properties.php:14
authwp_ajax_ai_app_onsite_handle_sitelogo_uploadhandler\ai-app-onsite-app-properties.php:16
noprivwp_ajax_ai_app_onsite_handle_sitelogo_uploadhandler\ai-app-onsite-app-properties.php:17
authwp_ajax_ai_app_onsite_remove_app_logohandler\ai-app-onsite-app-properties.php:19
noprivwp_ajax_ai_app_onsite_remove_app_logohandler\ai-app-onsite-app-properties.php:20
authwp_ajax_ai_app_onsite_save_email_settinghandler\ai-app-onsite-email-settings.php:10
noprivwp_ajax_ai_app_onsite_save_email_settinghandler\ai-app-onsite-email-settings.php:11
authwp_ajax_ai_app_onsite_get_email_settingshandler\ai-app-onsite-email-settings.php:14
authwp_ajax_ai_app_onsite_save_field_selectorhandler\ai-app-onsite-field-selector.php:11
noprivwp_ajax_ai_app_onsite_save_field_selectorhandler\ai-app-onsite-field-selector.php:13
authwp_ajax_ai_app_onsite_read_field_selectorhandler\ai-app-onsite-field-selector.php:16
noprivwp_ajax_ai_app_onsite_read_field_selectorhandler\ai-app-onsite-field-selector.php:18
authwp_ajax_ai_app_onsite_delete_field_selectorhandler\ai-app-onsite-field-selector.php:21
noprivwp_ajax_ai_app_onsite_delete_field_selectorhandler\ai-app-onsite-field-selector.php:23
authwp_ajax_ai_app_onsite_drag_data_save_databasehandler\ai-app-onsite-field-selector.php:25
noprivwp_ajax_ai_app_onsite_drag_data_save_databasehandler\ai-app-onsite-field-selector.php:27
authwp_ajax_ai_app_onsite_save_model_settingshandler\ai-app-onsite-model-settings.php:10
noprivwp_ajax_ai_app_onsite_save_model_settingshandler\ai-app-onsite-model-settings.php:11
authwp_ajax_ai_app_onsite_get_model_settingshandler\ai-app-onsite-model-settings.php:13
noprivwp_ajax_ai_app_onsite_get_model_settingshandler\ai-app-onsite-model-settings.php:14
authwp_ajax_ai_app_onsite_get_model_listhandler\ai-app-onsite-model-settings.php:16
noprivwp_ajax_ai_app_onsite_get_model_listhandler\ai-app-onsite-model-settings.php:17
authwp_ajax_ai_app_onsite_save_openai_keyhandler\ai-app-onsite-model-settings.php:19
noprivwp_ajax_ai_app_onsite_save_openai_keyhandler\ai-app-onsite-model-settings.php:20
authwp_ajax_ai_app_onsite_get_openapi_datahandler\ai-app-onsite-model-settings.php:22
noprivwp_ajax_ai_app_onsite_get_openapi_datahandler\ai-app-onsite-model-settings.php:23
authwp_ajax_ai_app_onsite_openAi_apihandler\ai-app-onsite-openAi-api.php:10
noprivwp_ajax_ai_app_onsite_openAi_apihandler\ai-app-onsite-openAi-api.php:11
authwp_ajax_ai_app_onsite_save_plugin_settingshandler\ai-app-onsite-plugin-settings.php:6
noprivwp_ajax_ai_app_onsite_save_plugin_settingshandler\ai-app-onsite-plugin-settings.php:7
authwp_ajax_ai_app_onsite_get_plugin_settingshandler\ai-app-onsite-plugin-settings.php:9
noprivwp_ajax_ai_app_onsite_get_plugin_settingshandler\ai-app-onsite-plugin-settings.php:10
authwp_ajax_ai_app_onsite_handle_csv_uploadhandler\ai-app-onsite-plugin-settings.php:12
noprivwp_ajax_ai_app_onsite_handle_csv_uploadhandler\ai-app-onsite-plugin-settings.php:13
authwp_ajax_ai_app_onsite_get_accept_terms_of_servicehandler\ai-app-onsite-plugin-settings.php:15
noprivwp_ajax_ai_app_onsite_get_accept_terms_of_servicehandler\ai-app-onsite-plugin-settings.php:16
authwp_ajax_ai_app_onsite_get_field_tagshandler\ai-app-onsite-prompt-editor.php:8
noprivwp_ajax_ai_app_onsite_get_field_tagshandler\ai-app-onsite-prompt-editor.php:9
authwp_ajax_ai_app_onsite_get_Model_Token_fieldhandler\ai-app-onsite-prompt-editor.php:11
noprivwp_ajax_ai_app_onsite_get_Model_Token_fieldhandler\ai-app-onsite-prompt-editor.php:12
authwp_ajax_ai_app_onsite_save_prompt_editorhandler\ai-app-onsite-prompt-editor.php:14
noprivwp_ajax_ai_app_onsite_save_prompt_editorhandler\ai-app-onsite-prompt-editor.php:15
authwp_ajax_ai_app_onsite_get_prompt_editorhandler\ai-app-onsite-prompt-editor.php:17
noprivwp_ajax_ai_app_onsite_get_prompt_editorhandler\ai-app-onsite-prompt-editor.php:18
authwp_ajax_ai_app_onsite_save_user_statshandler\ai-app-onsite-user-stats.php:6
noprivwp_ajax_ai_app_onsite_save_user_statshandler\ai-app-onsite-user-stats.php:7
authwp_ajax_ai_app_onsite_download_user_statshandler\ai-app-onsite-user-stats.php:10
authwp_ajax_ai_app_onsite_save_feedbackhandler\ai-app-onsite-user-stats.php:12
noprivwp_ajax_ai_app_onsite_save_feedbackhandler\ai-app-onsite-user-stats.php:13
authwp_ajax_ai_app_onsite_store_sessionhandler\ai-app-onsite-user-stats.php:15
noprivwp_ajax_ai_app_onsite_store_sessionhandler\ai-app-onsite-user-stats.php:16
WordPress Hooks 16
actionwp_enqueue_scriptsai-app-onsite.php:17
actionadmin_noticesai-app-onsite.php:24
filtercron_schedulesai-app-onsite.php:30
actionadmin_enqueue_scriptsai-app-onsite.php:366
actionwp_enqueue_scriptsai-app-onsite.php:389
actionenqueue_block_editor_assetsai-app-onsite.php:403
actionadmin_print_stylesai-app-onsite.php:445
actionwp_enqueue_scriptsai-app-onsite.php:446
actionadmin_footerai-app-onsite.php:509
actionadmin_enqueue_scriptsai-app-onsite.php:517
actionplugins_loadedai-app-onsite.php:581
actionadmin_initai-app-onsite.php:613
actioninitai-app-onsite.php:631
actionupgrader_process_completeai-app-onsite.php:791
actionai_app_onsite_user_stats_cronhandler\ai-app-onsite-user-stats.php:18
actionadmin_menuincludes\class-ai-app-onsite-admin.php:7

Scheduled Events 2

ai_app_onsite_user_stats_cron
ai_app_onsite_user_stats_cron
Maintenance & Trust

AI App Onsite Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 19, 2025
PHP min version7.0
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

AI App Onsite Alternatives

Taqnix

Taqnix

taqnix

A
99

Build AI-powered mobile apps for WordPress/WooCommerce. No code, 100+ templates, push alerts, payments. Launch in minutes.

50 1 CVE
Free AI Lead Generation Chatbot – ChatSale

Free AI Lead Generation Chatbot – ChatSale

ai-lead-form-builder-chatsale

A
92

ChatSale is a ChatGPT chatbot for a website that turns website visitors into qualified leads and booked appointments through smart conversations.

10 No CVEs
AI Engine – The Chatbot, AI Framework & MCP for WordPress

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

B
76

AI meets WordPress. Your site can now chat, write poetry, solve problems, and maybe make you coffee.

100K 22 CVEs
LocoAI – Auto Translate For Loco Translate

LocoAI – Auto Translate For Loco Translate

automatic-translator-addon-for-loco-translate

A
100

LocoAI - Auto Translate For Loco Translate is a powerful tool for developers looking to quickly translate their WordPress plugins and themes.

80K No CVEs
GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

getgenie

A
95

GPT-4o powered AI content writer with 37+ templates, chatbot, AI image, NLP keyword research, SEO analysis for WordPress, Gutenberg & Elementor.

80K 4 CVEs
Developer Profile

AI App Onsite Developer Profile

AIappOnsite

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AI App Onsite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-app-onsite/assets/css/ai-app-onsite-style.css/wp-content/plugins/ai-app-onsite/assets/css/fontawesome.min.css/wp-content/plugins/ai-app-onsite/assets/css/quill.snow.css/wp-content/plugins/ai-app-onsite/assets/css/atom-one-dark.min.css/wp-content/plugins/ai-app-onsite/assets/css/katex.min.css/wp-content/plugins/ai-app-onsite/assets/js/jquery-3.7.1.min.js/wp-content/plugins/ai-app-onsite/assets/js/ai-app-onsite-scripts.js/wp-content/plugins/ai-app-onsite/assets/js/quill.min.js+2 more
Script Paths
/wp-content/plugins/ai-app-onsite/assets/js/ai-app-onsite-scripts.js
Version Parameters
ai-app-onsite/assets/css/ai-app-onsite-style.css?ver=ai-app-onsite/assets/css/fontawesome.min.css?ver=ai-app-onsite/assets/css/quill.snow.css?ver=ai-app-onsite/assets/css/atom-one-dark.min.css?ver=ai-app-onsite/assets/css/katex.min.css?ver=ai-app-onsite/assets/js/jquery-3.7.1.min.js?ver=ai-app-onsite/assets/js/ai-app-onsite-scripts.js?ver=ai-app-onsite/assets/js/quill.min.js?ver=ai-app-onsite/assets/js/highlight.min.js?ver=ai-app-onsite/assets/js/katex.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
ai-app-onsite-notice
HTML Comments
<!-- AI App Onsite Plugin --><!-- AI App Onsite Admin Page -->
Data Attributes
data-ai-app-onsite-fielddata-ai-app-onsite-model
JS Globals
window.ai_app_onsite_varsai_app_onsite_vars
FAQ

Frequently Asked Questions about AI App Onsite