WP-Safety

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Security & Risk Analysis

wordpress.org/plugins/ai-content-generation

WP Wand is a powerful AI Content Writer for WordPress. Your AI Co-Pilot for generating content, powered by OpenAI, Claude, OpenRouter and Deepseek.

1K active installs v1.3.07 PHP 7.4+ WP 5.0+ Updated Nov 23, 2025
ai-writercontent-generatoropenaiopenroutertags-chatgpt
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 30, 2026
Plugin page Download
Safety Verdict

Is WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Safe to Use in 2026?

Mostly Safe

Score 76/100

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Jan 30, 2026Updated 5mo ago
Risk Assessment

The "ai-content-generation" plugin v1.3.07 presents a mixed security posture. While it demonstrates good practices in many areas, such as a high percentage of properly escaped outputs and the use of prepared statements for most SQL queries, there are significant concerns. The presence of 18 AJAX handlers, with 2 lacking authentication checks, creates a notable attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals 2 flows with unsanitized paths, indicating potential for directory traversal or other path-related vulnerabilities, even if no critical or high-severity issues were flagged in this specific analysis. The plugin's vulnerability history is a major red flag, with two known medium-severity CVEs, one of which remains unpatched. The recurring "Missing Authorization" vulnerability type suggests a systemic issue in how the plugin handles user permissions, which is directly reflected in the static analysis findings. Overall, the plugin has some strengths in code hygiene, but the unpatched vulnerability and the unprotected AJAX endpoints represent immediate and significant risks.

Key Concerns

  • Unpatched CVE
  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Recurring Missing Authorization vulnerability type
Vulnerabilities
2 published

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-25391medium · 4.3Missing Authorization

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek <= 1.3.07 - Missing Authorization

Jan 30, 2026Unpatched
CVE-2025-22302medium · 5.3Missing Authorization

WP Wand <= 1.2.5 - Missing Authorization

Jan 6, 2025 Patched in 1.2.6 (10d)
Version History

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Release Timeline

v1.3.07Current1 CVE
CVE-2026-25391
v1.3.061 CVE
CVE-2026-25391
v1.3.051 CVE
CVE-2026-25391
v1.3.041 CVE
CVE-2026-25391
v1.3.031 CVE
CVE-2026-25391
v1.3.021 CVE
CVE-2026-25391
v1.3.011 CVE
CVE-2026-25391
v1.3.01 CVE
CVE-2026-25391
v1.2.981 CVE
CVE-2026-25391
v1.2.971 CVE
CVE-2026-25391
v1.2.961 CVE
CVE-2026-25391
v1.2.951 CVE
CVE-2026-25391
v1.2.941 CVE
CVE-2026-25391
v1.2.931 CVE
CVE-2026-25391
v1.2.921 CVE
CVE-2026-25391
v1.2.911 CVE
CVE-2026-25391
v1.2.91 CVE
CVE-2026-25391
v1.2.81 CVE
CVE-2026-25391
v1.2.71 CVE
CVE-2026-25391
v1.2.61 CVE
CVE-2026-25391
Code Analysis
Analyzed Mar 16, 2026

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
10
228 escaped
Nonce Checks
12
Capability Checks
8
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

96% escaped238 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
wpwand_download_image (inc\api.php:234)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Attack Surface

Entry Points18
Unprotected2

AJAX Handlers 18

authwp_ajax_wpwand_requestinc\api.php:126
noprivwp_ajax_wpwand_requestinc\api.php:127
authwp_ajax_wpwand_api_setinc\api.php:165
noprivwp_ajax_wpwand_api_setinc\api.php:166
authwp_ajax_wpwand_only_promptinc\api.php:228
noprivwp_ajax_wpwand_only_promptinc\api.php:229
authwp_ajax_wpwand_download_imageinc\api.php:231
noprivwp_ajax_wpwand_download_imageinc\api.php:232
authwp_ajax_wpwand_sync_dateinc\data.php:161
noprivwp_ajax_wpwand_sync_dateinc\data.php:162
authwp_ajax_wpwand_editor_requestinc\gutenberg.php:83
noprivwp_ajax_wpwand_editor_requestinc\gutenberg.php:84
authwp_ajax_wpwand_dismiss_noticeinc\helper-functions.php:598
noprivwp_ajax_wpwand_dismiss_noticeinc\helper-functions.php:599
authwp_ajax_wdelmtr_api_setinc\modules\elementor\inc\elementor.php:75
noprivwp_ajax_wdelmtr_api_setinc\modules\elementor\inc\elementor.php:76
authwp_ajax_wpwand_post_generatorinc\post-generator.php:27
noprivwp_ajax_wpwand_post_generatorinc\post-generator.php:28
WordPress Hooks 45
actionadmin_menuinc\admin.php:453
actionadmin_initinc\admin.php:454
actionwpwand_ajax_apiinc\api.php:86
actionadmin_initinc\config.php:8
actionplugins_loadedinc\data.php:8
actioninitinc\data.php:398
actionadmin_headinc\editor.php:7
filtermce_external_pluginsinc\editor.php:31
filtermce_buttonsinc\editor.php:32
filtermce_cssinc\editor.php:33
actionswitch_themeinc\Finestics\Insights.php:125
actionswitch_themeinc\Finestics\Insights.php:126
actionadmin_footerinc\Finestics\Insights.php:139
actionadmin_noticesinc\Finestics\Insights.php:158
actionadmin_initinc\Finestics\Insights.php:161
filtercron_schedulesinc\Finestics\Insights.php:167
actionadmin_footerinc\frontend.php:539
actionadmin_enqueue_scriptsinc\gutenberg.php:4
actionenqueue_block_editor_assetsinc\gutenberg.php:6
actionadmin_enqueue_scriptsinc\helper-functions.php:65
actionwpwand_add_tab_linkinc\helper-functions.php:305
actionwpwand_add_tab_contentinc\helper-functions.php:374
actionwpwand_general_tab_contentinc\helper-functions.php:404
actionadmin_bar_menuinc\helper-functions.php:635
actionwpwand_dall_e_frontend_fieldsinc\helper-functions.php:658
actionupdate_option_wpwand_api_keyinc\helper-functions.php:1019
actionupdate_option_wpwand_claude_api_keyinc\helper-functions.php:1020
actionupdate_option_wpwand_openrouter_api_keyinc\helper-functions.php:1021
actioninitinc\modules\elementor\wp-wand-elementor.php:55
actionadmin_noticesinc\modules\elementor\wp-wand-elementor.php:71
actionadmin_noticesinc\modules\elementor\wp-wand-elementor.php:77
actionelementor/widgets/registerinc\modules\elementor\wp-wand-elementor.php:81
actionelementor/editor/after_enqueue_scriptsinc\modules\elementor\wp-wand-elementor.php:82
actionwp_enqueue_scriptsinc\modules\elementor\wp-wand-elementor.php:83
actionelementor/controls/registerinc\modules\elementor\wp-wand-elementor.php:215
actionadmin_menuinc\post-generator.php:26
actionwpwand_add_tab_linkinc\white-label.php:7
actionwpwand_add_tab_contentinc\white-label.php:8
actionadmin_footerinc\WooCommerce.php:14
actionadmin_noticeswp-wand.php:63
actionelementor/initwp-wand.php:103
actionplugins_loadedwp-wand.php:111
actionadmin_noticeswp-wand.php:135
actioninitwp-wand.php:148
actionadmin_initwp-wand.php:151
Maintenance & Trust

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 23, 2025
PHP min version7.4
Downloads23K

Community Trust

Rating76/100
Number of ratings10
Active installs1K
Alternatives

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Alternatives

BotWriter – AI Writer & Content Generator

BotWriter – AI Writer & Content Generator

botwriter

A
100

AI Writer & content generator for WordPress & WooCommerce. Auto blogging, AI writing plugin, product descriptions and SEO content.

2K No CVEs
Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic

Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

A
98

AI SEO content creator and humanizer for OpenAI and Anthropic models. SEO articles with GPT-5, Sonnet 4.5 & 4o images. Works with Yoast & Rank Math.

200 3 CVEs
Easy GPT for WP | AI Content Generator

Easy GPT for WP | AI Content Generator

easy-gpt-for-wp

A
100

Generate SEO content for WordPress with GPT models from OpenAI, DeepSeek and Gemini. Includes auto updates, translations, moderation, Yoast & WooC &hellip;

90 No CVEs
AIPress – OpenAI, ChatGPT Content Creator, Image Generator

AIPress – OpenAI, ChatGPT Content Creator, Image Generator

aipress

A
85

This is a plugin that uses OpenAI's GPT-3 and chatGPT models to generate AI-powered content on your WordPress site.

70 No CVEs
WebPlanetSoft AI Content Gen – Google Gemini AI Writer, SEO Blog Post & Content Generator

WebPlanetSoft AI Content Gen – Google Gemini AI Writer, SEO Blog Post & Content Generator

webplanet-ai-content-gen

A
100

Create high-quality SEO content with AI. The ultimate AI writer for manual blog posts, smart previews, and auto-categories using Google Gemini.

50 No CVEs
Developer Profile

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek Developer Profile

WP Grids

4 plugins · 21K total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
98 days
View full developer profile
Detection Fingerprints

How We Detect WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-content-generation/assets/css/style.css/wp-content/plugins/ai-content-generation/assets/js/app.js/wp-content/plugins/ai-content-generation/assets/js/chunk-vendors.js/wp-content/plugins/ai-content-generation/assets/js/chunk-common.js/wp-content/plugins/ai-content-generation/assets/css/quill.snow.css/wp-content/plugins/ai-content-generation/assets/css/quill.bubble.css
Script Paths
/wp-content/plugins/ai-content-generation/assets/js/app.js/wp-content/plugins/ai-content-generation/assets/js/chunk-vendors.js/wp-content/plugins/ai-content-generation/assets/js/chunk-common.js
Version Parameters
ai-content-generation/assets/css/style.css?ver=ai-content-generation/assets/js/app.js?ver=ai-content-generation/assets/js/chunk-vendors.js?ver=ai-content-generation/assets/js/chunk-common.js?ver=ai-content-generation/assets/css/quill.snow.css?ver=ai-content-generation/assets/css/quill.bubble.css?ver=

HTML / DOM Fingerprints

CSS Classes
ai-content-generator-wrapperai-content-generator-editor
HTML Comments
This is the main wrapper for the AI Content Generator plugin.
Data Attributes
data-ai-generator-iddata-ai-generator-type
JS Globals
ai_content_generator_params
REST Endpoints
/wp-json/ai-content-generation/v1/generate/wp-json/ai-content-generation/v1/save
Shortcode Output
[ai_content_generator]
FAQ

Frequently Asked Questions about WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek