WP-Safety

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Security & Risk Analysis

wordpress.org/plugins/ai-botkit-for-lead-generation

Add a smart ChatGPT-powered AI chatbot to your WordPress site to automate support, answer FAQs, engage visitors 24/7, and escalate when needed.

90 active installs v1.1.9 PHP 7.4+ WP 5.8+ Updated Mar 24, 2026
aichatbotchatgptlive-chatlive-support
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2026
Plugin page Download
Safety Verdict

Is AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Safe to Use in 2026?

Generally Safe

Score 99/100

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 6, 2026Updated 1mo ago
Risk Assessment

The plugin "ai-botkit-for-lead-generation" v1.1.8 exhibits a mixed security posture. While it demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage of properly escaped output (96%), significant concerns arise from its attack surface. A substantial 18 out of 21 AJAX handlers lack authentication checks, presenting a considerable risk of unauthorized access and manipulation of plugin functionalities. The taint analysis, though limited, did identify 2 flows with unsanitized paths, which, while not classified as critical or high, still warrant attention as they indicate potential avenues for injection vulnerabilities.

The plugin's vulnerability history shows one known medium-severity CVE related to Cross-site Scripting, which has been patched. This suggests that past vulnerabilities have been addressed, which is a positive sign. However, the presence of a historical XSS vulnerability, even if patched, combined with the current number of unprotected AJAX endpoints, indicates a need for ongoing vigilance in securing all entry points. The plugin's strengths lie in its secure handling of database interactions and output sanitization, but its primary weakness is the lack of robust authentication on a significant portion of its AJAX handlers.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Missing capability checks on AJAX
  • Minor output not properly escaped
Vulnerabilities
1 published

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-13887medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Jan 6, 2026 Patched in 1.1.8 (7d)
Version History

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Release Timeline

v1.1.9Current
v1.1.8
v1.1.71 CVE
CVE-2025-13887
v1.1.61 CVE
CVE-2025-13887
v1.1.51 CVE
CVE-2025-13887
v1.1.41 CVE
CVE-2025-13887
v1.1.31 CVE
CVE-2025-13887
v1.1.21 CVE
CVE-2025-13887
v1.1.11 CVE
CVE-2025-13887
v1.1.01 CVE
CVE-2025-13887
v1.0.11 CVE
CVE-2025-13887
v1.0.01 CVE
CVE-2025-13887
Code Analysis
Analyzed Mar 16, 2026

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
185 escaped
Nonce Checks
10
Capability Checks
5
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

96% escaped192 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
<chat-session> (admin\views\chat-session.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Attack Surface

Entry Points22
Unprotected18

AJAX Handlers 21

authwp_ajax_ai_botkit_test_api_connectionincludes\admin\class-ajax-handler.php:17
authwp_ajax_ai_botkit_save_chatbotincludes\admin\class-ajax-handler.php:20
authwp_ajax_ai_botkit_get_chatbotincludes\admin\class-ajax-handler.php:21
authwp_ajax_ai_botkit_delete_chatbotincludes\admin\class-ajax-handler.php:22
authwp_ajax_ai_botkit_update_fallback_orderincludes\admin\class-ajax-handler.php:25
authwp_ajax_ai_botkit_set_rate_limitsincludes\admin\class-ajax-handler.php:28
authwp_ajax_ai_botkit_reset_rate_limitsincludes\admin\class-ajax-handler.php:29
authwp_ajax_ai_botkit_preview_contentincludes\admin\class-ajax-handler.php:32
authwp_ajax_ai_botkit_upload_fileincludes\admin\class-ajax-handler.php:35
authwp_ajax_ai_botkit_import_urlincludes\admin\class-ajax-handler.php:36
authwp_ajax_ai_botkit_import_wp_contentincludes\admin\class-ajax-handler.php:37
authwp_ajax_ai_botkit_delete_documentincludes\admin\class-ajax-handler.php:38
authwp_ajax_ai_botkit_add_chatbot_documentsincludes\admin\class-ajax-handler.php:41
authwp_ajax_ai_botkit_remove_chatbot_documentincludes\admin\class-ajax-handler.php:42
authwp_ajax_ai_botkit_get_chatbot_documentsincludes\admin\class-ajax-handler.php:43
authwp_ajax_ai_botkit_get_available_documentsincludes\admin\class-ajax-handler.php:46
authwp_ajax_ai_botkit_upload_avatarincludes\admin\class-ajax-handler.php:49
authwp_ajax_ai_botkit_upload_background_imageincludes\admin\class-ajax-handler.php:50
authwp_ajax_ai_botkit_enable_chatbot_sitewideincludes\admin\class-ajax-handler.php:53
authwp_ajax_ai_botkit_enable_chatbotincludes\admin\class-ajax-handler.php:54
authwp_ajax_ai_botkit_get_pagesincludes\admin\class-ajax-handler.php:55

Shortcodes 1

[ai_botkit_widget] includes\public\class-shortcode-handler.php:19
WordPress Hooks 15
actionplugins_loadedai-botkit-for-lead-generation.php:61
actionadmin_menuincludes\admin\class-admin.php:112
actionadmin_initincludes\admin\class-admin.php:113
actionadmin_footerincludes\admin\class-admin.php:114
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:118
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:119
actionadmin_initincludes\admin\class-admin.php:122
actionadmin_noticesincludes\admin\class-admin.php:528
actionadmin_menuincludes\class-ai-botkit.php:72
actionadmin_enqueue_scriptsincludes\class-ai-botkit.php:75
actionadmin_enqueue_scriptsincludes\class-ai-botkit.php:76
actionwp_footerincludes\class-ai-botkit.php:83
actionsave_postincludes\integration\class-api-handler.php:87
actiondelete_postincludes\integration\class-api-handler.php:88
actionrest_api_initincludes\integration\class-rest-api.php:16
Maintenance & Trust

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 24, 2026
PHP min version7.4
Downloads11K

Community Trust

Rating100/100
Number of ratings3
Active installs90
Alternatives

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Alternatives

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

B
76

AI ChatBot for WordPress WPBot - Automated 24/7 Live Chat Customer Support. NATIVE, Lead Generation, Forms, Gemini, DialogFlow, ChatGPT, OpenRouter

6K 35 CVEs
AI Chatbot – Jotform

AI Chatbot – Jotform

jotform-ai-chatbot

A
100

AI chatbot that automates support, answers FAQs, drives WooCommerce sales, generates leads, and boosts engagement — easy setup, no coding!

4K No CVEs
BotPenguin – Generative AI Chatbot with Live Chat & ChatGPT

BotPenguin – Generative AI Chatbot with Live Chat & ChatGPT

botpenguinbot

A
92

WordPress AI Chatbot with Live Chat & ChatGPT for your website. It automates Customer Support, Lead Generation, Bookings, Marketing, eCommerce, etc.

700 No CVEs
Social Intents – Live Chat

Social Intents – Live Chat

live-chat-support-by-social-intents

B
79

AI Chatbot & Live Chat plugin for WordPress. Chat with visitors using ChatGPT, Claude, Gemini, Slack, Teams, and Google Chat.

400 1 unpatched
AI Chatbot & Live Chat with ChatGPT Support by WebChatAgent

AI Chatbot & Live Chat with ChatGPT Support by WebChatAgent

webchatagent

A
100

Add an AI chatbot and live chat to your WordPress site. Answer visitors 24/7, capture leads, book appointments and hand over chats to humans when it m &hellip;

400 No CVEs
Developer Profile

AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code Developer Profile

WisdmLabs

7 plugins · 15K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
147 days
View full developer profile
Detection Fingerprints

How We Detect AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-botkit-for-lead-generation/admin/js/chart.js/wp-content/plugins/ai-botkit-for-lead-generation/admin/js/chartjs-adapter-date-fns.js
Script Paths
/wp-content/plugins/ai-botkit-for-lead-generation/admin/js/chart.js/wp-content/plugins/ai-botkit-for-lead-generation/admin/js/chartjs-adapter-date-fns.js
Version Parameters
ai-botkit-for-lead-generation/style.css?ver=ai-botkit-chartjs?ver=ai-botkit-chartjs-adapter?ver=

HTML / DOM Fingerprints

CSS Classes
ai-botkit-knowledge-containerai-botkit-knowledge-headerai-botkit-knowledge-header-leftai-botkit-knowledge-titleai-botkit-knowledge-descriptionai-botkit-knowledge-buttonsai-botkit-form-groupai-botkit-analytics-form+7 more
Data Attributes
id="ai_botkit_analytics_form"id="ai_botkit_analytics_time_range"id="usageChart"
JS Globals
ai_botkitAnalyticsAI_BotKit
REST Endpoints
/wp-json/ai-botkit/v1/settings/wp-json/ai-botkit/v1/chatbots/wp-json/ai-botkit/v1/conversations/wp-json/ai-botkit/v1/messages/wp-json/ai-botkit/v1/analytics/wp-json/ai-botkit/v1/analytics/daily-usage
FAQ

Frequently Asked Questions about AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code