WP-Safety

AI News Security & Risk Analysis

wordpress.org/plugins/ai-news

Automatically generate AI-powered news articles using Google's Gemini API and publish them to your WordPress site.

0 active installs v1.2.7 PHP 7.0+ WP 4.0+ Updated Nov 18, 2025
aiautomationcontent-generationgemininews
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AI News Safe to Use in 2026?

Generally Safe

Score 100/100

AI News has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "ai-news" v1.2.7 plugin exhibits a generally strong security posture based on the static analysis. A significant positive is the complete absence of unescaped output, robust use of nonce checks, and a substantial number of capability checks for its entry points. The fact that 100% of outputs are properly escaped is a major strength, mitigating risks of XSS vulnerabilities. Furthermore, the plugin has no recorded vulnerabilities (CVEs), indicating a history of stable and secure development.

However, there are areas for concern. The taint analysis revealed two flows with unsanitized paths. While classified as having no critical or high severity, unsanitized paths can still lead to vulnerabilities like path traversal or information disclosure if exploited in specific contexts. Additionally, over half of the SQL queries are not using prepared statements. While the total number of SQL queries is moderate, this practice can open the door to SQL injection vulnerabilities, especially if the inputs to these queries are not strictly validated elsewhere. The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful review to ensure that data used in these operations is properly sanitized.

In conclusion, "ai-news" v1.2.7 has strong defensive coding practices in place, particularly regarding output handling and authentication checks for its AJAX endpoints. The lack of historical vulnerabilities is reassuring. The primary areas for improvement lie in addressing the identified unsanitized paths and ensuring all SQL queries utilize prepared statements to mitigate potential injection risks.

Key Concerns

  • Unsanitized paths found in taint analysis
  • SQL queries not using prepared statements
Vulnerabilities
None known

AI News Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AI News Release Timeline

v1.2.7Current
Code Analysis
Analyzed Mar 17, 2026

AI News Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
8 prepared
Unescaped Output
0
124 escaped
Nonce Checks
25
Capability Checks
13
File Operations
10
External Requests
16
Bundled Libraries
0

SQL Query Safety

53% prepared15 total queries

Output Escaping

100% escaped124 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
ainews_test_api_connection_ajax (includes\ajax-handlers.php:718)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AI News Attack Surface

Entry Points19
Unprotected0

AJAX Handlers 19

authwp_ajax_ainews_test_connectionincludes\ajax-handlers.php:15
authwp_ajax_ainews_generate_articleincludes\ajax-handlers.php:50
authwp_ajax_ainews_load_promptsincludes\ajax-handlers.php:137
authwp_ajax_ainews_get_promptincludes\ajax-handlers.php:164
authwp_ajax_ainews_save_promptincludes\ajax-handlers.php:197
authwp_ajax_ainews_restore_prompt_defaultincludes\ajax-handlers.php:242
authwp_ajax_ainews_restore_all_prompts_defaultincludes\ajax-handlers.php:305
authwp_ajax_ainews_export_promptsincludes\ajax-handlers.php:354
authwp_ajax_ainews_import_promptsincludes\ajax-handlers.php:369
authwp_ajax_ainews_load_topicsincludes\ajax-handlers.php:402
authwp_ajax_ainews_switch_modeincludes\ajax-handlers.php:417
authwp_ajax_ainews_start_autoincludes\ajax-handlers.php:454
authwp_ajax_ainews_stop_autoincludes\ajax-handlers.php:484
authwp_ajax_ainews_test_featured_imageincludes\ajax-handlers.php:501
authwp_ajax_ainews_check_recent_postsincludes\ajax-handlers.php:582
authwp_ajax_ainews_test_siliconflow_directincludes\ajax-handlers.php:645
authwp_ajax_ainews_test_api_connectionincludes\ajax-handlers.php:717
authwp_ajax_ainews_plugin_infoincludes\plugin-info.php:26
noprivwp_ajax_ainews_plugin_infoincludes\plugin-info.php:27
WordPress Hooks 19
actionadmin_initainews.php:72
actionadmin_menuainews.php:100
actionadmin_enqueue_scriptsainews.php:136
actionadmin_initainews.php:810
actionadmin_noticesainews.php:860
actionadmin_noticesainews.php:871
actionadmin_noticesainews.php:882
actionadmin_noticesainews.php:915
filtercron_schedulesainews.php:923
actioninitainews.php:987
actionainews_generate_articlesainews.php:1007
actionadmin_initincludes\featured-image-generator.php:19
actionadmin_initincludes\featured-image-generator.php:20
actionainews_after_article_generatedincludes\featured-image-generator.php:23
actioninitincludes\featured-image-generator.php:38
actionadmin_initincludes\featured-image-generator.php:1009
actionplugins_loadedincludes\plugin-info.php:16
filterplugin_row_metaincludes\plugin-info.php:23
actionadmin_enqueue_scriptsincludes\plugin-info.php:153

Scheduled Events 5

ainews_generate_articles
ainews_generate_articles
ainews_generate_articles
ainews_generate_articles
ainews_generate_articles
Maintenance & Trust

AI News Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 18, 2025
PHP min version7.0
Downloads281

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

AI News Alternatives

Trendly AI Post – Trending Topics from Google News

Trendly AI Post – Trending Topics from Google News

trendly-ai-post

A
100

AI-powered WordPress plugin that generates SEO-optimized blog posts from trending Google News topics.

20 No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 12 CVEs
Developer Profile

AI News Developer Profile

Ausdata

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AI News

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-news/assets/css/admin.css/wp-content/plugins/ai-news/assets/js/admin.js
Script Paths
/wp-content/plugins/ai-news/assets/js/admin.js
Version Parameters
ai-news/assets/css/admin.css?ver=ai-news/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
ainews-admin-css
Data Attributes
ainews_ajax
JS Globals
ainews_ajax
FAQ

Frequently Asked Questions about AI News