WP-Safety

AI Engine – The Chatbot, AI Framework & MCP for WordPress Security & Risk Analysis

wordpress.org/plugins/ai-engine

AI meets WordPress. Your site can now chat, write poetry, solve problems, and maybe make you coffee.

100K active installs v3.4.3 PHP 7.4+ WP 6.0+ Updated Mar 15, 2026
aichatbotclaudegptopenai
76
B · Generally Safe
CVEs total22
Unpatched0
Last CVEFeb 25, 2026
Plugin page Download
Safety Verdict

Is AI Engine – The Chatbot, AI Framework & MCP for WordPress Safe to Use in 2026?

Mostly Safe

Score 76/100

AI Engine – The Chatbot, AI Framework & MCP for WordPress is generally safe to use. 22 past CVEs were resolved. Keep it updated.

22 known CVEsLast CVE: Feb 25, 2026Updated 19d ago
Risk Assessment

The "ai-engine" plugin v3.4.4 exhibits a mixed security posture. On the positive side, the static analysis reveals no unprotected entry points (AJAX, REST API, shortcodes, cron events) and a high percentage of properly escaped output. The use of prepared statements for SQL queries is also commendable. However, the presence of the `unserialize` function is a significant concern, as deserialization of untrusted data is a common attack vector, and the static analysis did not identify any sanitization for this function.

The plugin's vulnerability history is alarming, with a substantial number of past CVEs (22 in total), including a significant number of critical and high-severity issues. The types of past vulnerabilities, such as Deserialization of Untrusted Data, Missing Authorization, SQL Injection, and Code Injection, directly align with potential risks flagged by the static analysis (e.g., `unserialize`). This history suggests a recurring pattern of security weaknesses within the plugin's development.

While the current version (v3.4.4) reports no currently unpatched vulnerabilities, the past track record and the presence of the `unserialize` function create a notable risk. The plugin developers have demonstrated a history of introducing vulnerabilities, and the static analysis indicates a specific risky function that could be exploited if not handled with extreme care and robust input validation. Therefore, while there are some good security practices in place, the past history and the presence of `unserialize` necessitate caution.

Key Concerns

  • Presence of unserialize function
  • High number of past critical CVEs
  • High number of past high CVEs
  • History of deserialization vulnerabilities
  • History of SQL injection vulnerabilities
  • History of code injection vulnerabilities
  • History of missing/incorrect authorization vulnerabilities
Vulnerabilities
22

AI Engine – The Chatbot, AI Framework & MCP for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
9 CVEs in 2024
2024
9 CVEs in 2025
2025
3 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
3
High
7
Medium
12

22 total CVEs

CVE-2026-23802high · 7.2Unrestricted Upload of File with Dangerous Type

AI Engine – The Chatbot, AI Framework & MCP for WordPress <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload

Feb 25, 2026 Patched in 3.3.3 (9d)
CVE-2026-1400high · 7.2Unrestricted Upload of File with Dangerous Type

AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint

Jan 27, 2026 Patched in 3.3.3 (1d)
CVE-2026-0746medium · 6.4Server-Side Request Forgery (SSRF)

AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

Jan 27, 2026 Patched in 3.3.3 (1d)
CVE-2025-8084medium · 6.8Server-Side Request Forgery (SSRF)

AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

Nov 18, 2025 Patched in 3.1.9 (1d)
CVE-2025-12844high · 7.1Deserialization of Untrusted Data

AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization

Nov 12, 2025 Patched in 3.1.9 (1d)
CVE-2025-11749critical · 9.8Exposure of Sensitive Information to an Unauthorized Actor

AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

Nov 4, 2025 Patched in 3.1.4 (1d)
CVE-2025-8268medium · 6.5Missing Authorization

Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion

Sep 3, 2025 Patched in 2.9.6 (1d)
CVE-2025-7847high · 8.8Unrestricted Upload of File with Dangerous Type

AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

Jul 30, 2025 Patched in 2.9.5 (1d)
CVE-2025-7780medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

AI Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

Jul 23, 2025 Patched in 2.9.5 (28d)
CVE-2025-5570medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter

Jul 7, 2025 Patched in 2.8.5 (1d)
CVE-2025-6238high · 8URL Redirection to Untrusted Site ('Open Redirect')

AI Engine 2.8.4 - Insecure OAuth Implementation

Jul 3, 2025 Patched in 2.8.5 (1d)
CVE-2025-5071high · 8.8Incorrect Authorization

AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP

Jun 18, 2025 Patched in 2.8.4 (1d)
CVE-2024-10499medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

AI Engine <= 2.6.3 - Authenticated (Admin+) SQL Injection

Nov 21, 2024 Patched in 2.6.5 (58d)
CVE-2024-6723medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

AI Engine <= 2.4.7 - Authenticated (Admin+) SQL Injection

Aug 22, 2024 Patched in 2.4.8 (44d)
CVE-2024-6451high · 7.2Improper Control of Generation of Code ('Code Injection')

AI Engine <= 2.5.0 - Authenticated (Admin+) Remote Code Execution

Jul 29, 2024 Patched in 2.5.1 (31d)
CVE-2024-38791medium · 6.4Server-Side Request Forgery (SSRF)

AI Engine <= 2.4.7 - Authenticated (Subscriber+) Server-Side Request Forgery

Jul 22, 2024 Patched in 2.4.8 (11d)
CVE-2024-34440critical · 9.1Unrestricted Upload of File with Dangerous Type

AI Engine: ChatGPT Chatbot <= 2.2.63 - Authenticated (Editor+) Arbitrary File Upload

May 7, 2024 Patched in 2.2.70 (9d)
CVE-2024-29090medium · 6.4Server-Side Request Forgery (SSRF)

AI Engine <= 2.1.4 - Authenticated (Editor+) Server-Side Request Forgery

Mar 26, 2024 Patched in 2.1.5 (43d)
CVE-2024-0378medium · 6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

Mar 1, 2024 Patched in 2.2.1 (151d)
CVE-2024-0699medium · 6.6Unrestricted Upload of File with Dangerous Type

AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url

Jan 18, 2024 Patched in 2.1.5 (194d)
CVE-2023-51409critical · 9.8Unrestricted Upload of File with Dangerous Type

AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload

Jan 9, 2024 Patched in 1.9.99 (14d)
CVE-2023-2580medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting

May 19, 2023 Patched in 1.6.83 (249d)
Code Analysis
Analyzed Mar 16, 2026

AI Engine – The Chatbot, AI Framework & MCP for WordPress Code Analysis

Dangerous Functions
1
Raw SQL Queries
29
96 prepared
Unescaped Output
14
232 escaped
Nonce Checks
8
Capability Checks
14
File Operations
39
External Requests
29
Bundled Libraries
0

Dangerous Functions Found

unserialize$message = unserialize( $key );classes\modules\chatbot.php:511

SQL Query Safety

77% prepared125 total queries

Output Escaping

94% escaped246 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<rest> (classes\rest.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AI Engine – The Chatbot, AI Framework & MCP for WordPress Attack Surface

Entry Points16
Unprotected0

REST API Routes 13

GET/wp-json/mwai/v1/simpleAuthCheckclasses\api.php:54
POST/wp-json/mwai/v1/simpleTextQueryclasses\api.php:61
POST/wp-json/mwai/v1/simpleFastTextQueryclasses\api.php:68
POST/wp-json/mwai/v1/simpleImageQueryclasses\api.php:75
POST/wp-json/mwai/v1/simpleImageEditQueryclasses\api.php:82
POST/wp-json/mwai/v1/simpleVisionQueryclasses\api.php:89
POST/wp-json/mwai/v1/simpleJsonQueryclasses\api.php:96
POST/wp-json/mwai/v1/moderationCheckclasses\api.php:103
POST/wp-json/mwai/v1/simpleTranscribeAudioclasses\api.php:110
POST/wp-json/mwai/v1/simpleFileUploadclasses\api.php:117
POST/wp-json/mwai/v1/simpleChatbotQueryclasses\api.php:126
GET/wp-json/mwai/v1/listChatbotsclasses\api.php:134
POST/wp-json/mwai/v1/helpers/task_create_testclasses\modules\tasks-examples.php:103

Shortcodes 3

[mwai_chatbot] classes\modules\chatbot.php:22
[mwai_discussions] classes\modules\chatbot.php:27
[mwai_form] classes\modules\forms-manager.php:9
WordPress Hooks 82
filtermwai_ai_exceptionai-engine.php:38
actionadmin_enqueue_scriptsclasses\admin.php:23
actionadmin_menuclasses\admin.php:27
actionadmin_menuclasses\admin.php:31
filterpost_row_actionsclasses\admin.php:36
filterpage_row_actionsclasses\admin.php:37
filtermedia_row_actionsclasses\admin.php:41
actionadmin_footerclasses\admin.php:44
actionadmin_bar_menuclasses\admin.php:103
filterload_script_translation_fileclasses\admin.php:349
actionrest_api_initclasses\api.php:15
filtermwai_allow_public_apiclasses\api.php:51
actionplugins_loadedclasses\core.php:53
actionwp_register_scriptclasses\core.php:54
actionwp_enqueue_scriptsclasses\core.php:55
actionadmin_enqueue_scriptsclasses\core.php:56
actionhttp_api_curlclasses\engines\anthropic.php:954
actionhttp_api_curlclasses\engines\chatml.php:1151
actionhttp_api_curlclasses\engines\chatml.php:1990
actionhttp_api_curlclasses\engines\openai.php:1753
actionhttp_api_curlclasses\engines\openai.php:2607
actionhttp_api_curlclasses\engines\replicate.php:400
actionhttp_api_curlclasses\engines\replicate.php:687
actionadmin_noticesclasses\init.php:7
actioninitclasses\modules\advisor.php:41
actionwp_dashboard_setupclasses\modules\advisor.php:45
filtermwai_task_advisor_dailyclasses\modules\advisor.php:60
actionrest_api_initclasses\modules\chatbot.php:23
actionwp_enqueue_scriptsclasses\modules\chatbot.php:24
actionadmin_enqueue_scriptsclasses\modules\chatbot.php:25
actionwp_footerclasses\modules\chatbot.php:56
filtermwai_chatbot_replyclasses\modules\discussions.php:19
actionrest_api_initclasses\modules\discussions.php:20
filtermwai_task_cleanup_discussionsclasses\modules\discussions.php:23
filtermwai_internal_chatbotclasses\modules\editor-assistant.php:10
actionrest_api_initclasses\modules\editor-assistant.php:11
actionadmin_headclasses\modules\editor-assistant.php:12
actionadmin_footerclasses\modules\editor-assistant.php:13
actionrest_api_initclasses\modules\files.php:21
filtermwai_task_cleanup_filesclasses\modules\files.php:24
actioninitclasses\modules\forms-manager.php:8
filtermwai_chatbot_blocksclasses\modules\gdpr.php:8
actionrest_api_initclasses\modules\search.php:9
actionpre_get_postsclasses\modules\search.php:10
filterthe_postsclasses\modules\search.php:11
filterget_search_queryclasses\modules\search.php:12
filtermwai_ai_allowedclasses\modules\security.php:14
filtermwai_ai_allowedclasses\modules\security.php:17
filtermwai_task_runclasses\modules\tasks-examples.php:47
actionrest_api_initclasses\modules\tasks-examples.php:48
actioninitclasses\modules\tasks-examples.php:53
filtermwai_task_ping_exampleclasses\modules\tasks-examples.php:54
actionrest_api_initclasses\modules\tasks.php:24
filtercron_schedulesclasses\modules\tasks.php:27
actionmwai_tasks_internal_runclasses\modules\tasks.php:30
actionmwai_tasks_internal_dev_runclasses\modules\tasks.php:31
filtermwai_task_cleanup_tasksclasses\modules\tasks.php:34
actioninitclasses\modules\tasks.php:37
actionadmin_initclasses\modules\tasks.php:38
actioninitclasses\modules\tasks.php:42
actionrest_api_initclasses\rest.php:9
actionadmin_noticescommon\admin.php:72
filterplugin_row_metacommon\admin.php:77
filteredd_sl_api_request_verify_sslcommon\admin.php:78
actioninitcommon\admin.php:96
actionadmin_menucommon\admin.php:153
filteradmin_footer_textcommon\admin.php:158
actionadmin_footercommon\admin.php:218
actionadmin_headcommon\admin.php:456
actionadmin_noticescommon\news.php:43
filtersafe_style_csscommon\news.php:44
actionadmin_noticescommon\ratings.php:33
filtersafe_style_csscommon\ratings.php:34
actionrest_api_initcommon\rest.php:14
actionrest_api_initlabs\mcp-core.php:9
filtermwai_mcp_toolslabs\mcp-core.php:12
filtermwai_mcp_callbacklabs\mcp-core.php:13
actionrest_api_initlabs\mcp-rest.php:8
filtermwai_mcp_toolslabs\mcp-rest.php:12
filtermwai_mcp_callbacklabs\mcp-rest.php:13
actionrest_api_initlabs\mcp.php:56
filtermwai_allow_mcplabs\mcp.php:73

Scheduled Events 4

mwai_tasks_internal_dev_run
mwai_tasks_internal_run
mwai_tasks_internal_dev_run
mwai_tasks_internal_run
Maintenance & Trust

AI Engine – The Chatbot, AI Framework & MCP for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.4
Downloads6.2M

Community Trust

Rating98/100
Number of ratings814
Active installs100K
Alternatives

AI Engine – The Chatbot, AI Framework & MCP for WordPress Alternatives

AI Puffer – Your AI engine for WordPress (formerly AI Power)

AI Puffer – Your AI engine for WordPress (formerly AI Power)

gpt3-ai-content-generator

A
86

Your AI engine for WordPress. Chat, write, automate, and generate — all in one workspace.

10K 10 CVEs
Aimogen – AI Content Writer, Editor, Chat and Automation

Aimogen – AI Content Writer, Editor, Chat and Automation

aimogen

A
100

Connect your WordPress site with multiple AI models. Create chatbots, generate content, edit content and automate workflows using AI.

200 No CVEs
GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation

GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation

geeky-bot

A
97

Generate AI content without prompt, AI chatbot, WooCommerce lead generation, intelligent web search, and interactive customer engagement on your WordP &hellip;

5K 1 CVE
AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation

AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation

ai-copilot

B
78

Boost productivity with ChatGPT AI Engine: automate content creation, enhance Gutenberg editing, and deploy AI chatbots for smarter, faster workflows.

1K 1 unpatched
AI ChatBot with ChatGPT and Content Generator by AYS

AI ChatBot with ChatGPT and Content Generator by AYS

ays-chatgpt-assistant

A
92

AI Writing Assistant, Chatbot, and virtual support all-in-one! Answer customer queries and generate content easily. Works with ChatGPT and Gemini.

500 6 CVEs
Developer Profile

AI Engine – The Chatbot, AI Framework & MCP for WordPress Developer Profile

Jordy Meow

27 plugins · 371K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
372 days
View full developer profile
Detection Fingerprints

How We Detect AI Engine – The Chatbot, AI Framework & MCP for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-engine/assets/js/ai-engine-admin.js/wp-content/plugins/ai-engine/assets/css/ai-engine-admin.css/wp-content/plugins/ai-engine/assets/js/meow-kit.js/wp-content/plugins/ai-engine/assets/js/admin.js
Script Paths
/wp-content/plugins/ai-engine/assets/js/ai-engine-admin.js/wp-content/plugins/ai-engine/assets/js/meow-kit.js/wp-content/plugins/ai-engine/assets/js/admin.js
Version Parameters
ai-engine/assets/js/ai-engine-admin.js?ver=ai-engine/assets/css/ai-engine-admin.css?ver=ai-engine/assets/js/meow-kit.js?ver=ai-engine/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mwai-settingsmwai-content-generatormwai-images-generatormwai-videos-generatormwai-playgroundmeowkit-admin
Data Attributes
data-module_generator_contentdata-module_generator_imagesdata-module_generator_videosdata-module_playgrounddata-module_suggestions
JS Globals
meow_ai_admin_obj
FAQ

Frequently Asked Questions about AI Engine – The Chatbot, AI Framework & MCP for WordPress