WP-Safety

AI Vector Search (Semantic) Security & Risk Analysis

wordpress.org/plugins/ai-vector-search-semantic

🚀 Transform your WooCommerce search with AI-powered semantic search. Get smarter product recommendations and blazing-fast search results.

0 active installs v1.0.2 PHP 8.0+ WP 6.0+ Updated Mar 27, 2026
airecommendationssearchsemanticwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is AI Vector Search (Semantic) Safe to Use in 2026?

Generally Safe

Score 100/100

AI Vector Search (Semantic) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "ai-vector-search-semantic" v1.0.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped outputs. The presence of nonce and capability checks for all identified AJAX handlers and cron events is also a significant strength. However, several areas of concern warrant attention.

The plugin's attack surface is moderately large, with a notable exception: one AJAX handler lacks any authentication checks. This unprotected entry point represents a potential avenue for unauthorized actions. The taint analysis reveals a concerning number of flows with unsanitized paths, with four identified as high severity. This suggests that data originating from external sources might not be adequately validated before being used in sensitive operations.

While the plugin has no recorded vulnerability history (CVEs), this does not guarantee future security. The presence of dangerous functions like `shell_exec`, `exec`, and `proc_open` within the code, even if not currently exploited, introduces inherent risks. These functions, if misused or if their inputs are not rigorously sanitized, can lead to severe command injection vulnerabilities. Overall, the plugin has good foundational security but requires immediate attention to address the unprotected AJAX handler and the identified high-severity taint flows to mitigate potential risks.

Key Concerns

  • AJAX handler without auth checks
  • High severity unsanitized taint flows
  • Use of dangerous functions (shell_exec, exec, proc_open)
Vulnerabilities
None known

AI Vector Search (Semantic) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AI Vector Search (Semantic) Release Timeline

v1.0.2Current
v1.0.1
v1.0.0
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.0
v0.16.5.1
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.15.3
v0.15.2
v0.15.1
v0.14.0
v0.13.5
v0.13.4
v0.13.3
Code Analysis
Analyzed Apr 16, 2026

AI Vector Search (Semantic) Code Analysis

Dangerous Functions
8
Raw SQL Queries
0
26 prepared
Unescaped Output
19
173 escaped
Nonce Checks
24
Capability Checks
24
File Operations
6
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

shell_exec$psql_version = shell_exec('psql --version 2>/dev/null');includes/class-cli-commands.php:380
execexec($cmd, $output, $exit_code);includes/class-cli-commands.php:422
execexec($cmd, $output, $exit_code);includes/class-cli-commands.php:441
execexec($cmd, $output, $exit_code);includes/class-cli-commands.php:490
execexec($cmd, $output, $exit_code);includes/class-cli-commands.php:509
shell_exec$psql_check = shell_exec('which psql 2>/dev/null');includes/migrations/class-runner.php:90
proc_open$proc = proc_open($cmd, $desc, $pipes);includes/migrations/class-runner.php:162
proc_open$proc = proc_open($cmd, $desc, $pipes);includes/migrations/class-runner.php:215

SQL Query Safety

100% prepared26 total queries

Output Escaping

90% escaped192 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
handle_sync_batch (includes/class-admin-interface.php:871)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

AI Vector Search (Semantic) Attack Surface

Entry Points25
Unprotected1

AJAX Handlers 24

authwp_ajax_aivesese_toggle_helpincludes/class-admin-interface.php:42
authwp_ajax_aivesese_activate_licenseincludes/class-admin-interface.php:43
authwp_ajax_aivesese_postgres_install_schemaincludes/class-admin-interface.php:44
authwp_ajax_aivesese_postgres_check_statusincludes/class-admin-interface.php:45
authwp_ajax_aivesese_update_sold_countsincludes/class-admin-interface.php:46
authwp_ajax_aivesese_sync_products_batchincludes/class-admin-interface.php:47
authwp_ajax_aivesese_sync_field_batchincludes/class-admin-interface.php:48
authwp_ajax_aivs_preview_searchincludes/class-analytics.php:60
authwp_ajax_aivs_get_live_statsincludes/class-analytics.php:61
authwp_ajax_aivs_track_eventincludes/class-analytics.php:62
noprivwp_ajax_aivs_track_eventincludes/class-analytics.php:63
authwp_ajax_aivesese_rebuild_lite_indexincludes/class-lite-mode-ajax.php:27
authwp_ajax_aivesese_test_lite_searchincludes/class-lite-mode-ajax.php:28
authwp_ajax_aivesese_lite_searchincludes/class-lite-mode-ajax.php:31
noprivwp_ajax_aivesese_lite_searchincludes/class-lite-mode-ajax.php:32
authwp_ajax_aivesese_switch_modeincludes/class-lite-mode-ajax.php:35
authwp_ajax_aivesese_get_mode_statsincludes/class-lite-mode-ajax.php:36
authwp_ajax_aivs_dismiss_analytics_noticeincludes/class-plugin.php:400
authwp_ajax_aivesese_autocompleteincludes/class-search-handler.php:30
noprivwp_ajax_aivesese_autocompleteincludes/class-search-handler.php:31
authwp_ajax_aivs_woodmart_searchincludes/class-search-handler.php:55
noprivwp_ajax_aivs_woodmart_searchincludes/class-search-handler.php:56
authwp_ajax_woodmart_ajax_searchincludes/class-search-handler.php:59
noprivwp_ajax_woodmart_ajax_searchincludes/class-search-handler.php:60

Shortcodes 1

[aivesese_cart_recommendations] includes/class-recommendations-integrations.php:27
WordPress Hooks 50
actionplugins_loadedai-supabase-search.php:49
actionadmin_noticesai-supabase-search.php:77
filterplugin_row_metaai-supabase-search.php:150
filteradmin_body_classai-supabase-search.php:165
actionplugins_loadedai-supabase-search.php:175
filterpre_update_option_aivesese_postgres_connection_stringai-supabase-search.php:203
filteroption_aivesese_postgres_connection_stringai-supabase-search.php:212
actionaivesese_status_page_footerai-supabase-search.php:227
actionadmin_initincludes/class-admin-interface.php:36
actionadmin_menuincludes/class-admin-interface.php:37
actionadmin_enqueue_scriptsincludes/class-admin-interface.php:38
actionadmin_noticesincludes/class-admin-interface.php:39
actionadmin_noticesincludes/class-admin-interface.php:40
actionadmin_initincludes/class-admin-interface.php:41
filteradmin_body_classincludes/class-admin-interface.php:1678
actionadmin_initincludes/class-analytics.php:48
actionadmin_menuincludes/class-analytics.php:51
actionaivs_cleanup_analyticsincludes/class-analytics.php:54
filterpre_update_option_aivesese_keyincludes/class-encryption-manager.php:22
filterpre_update_option_aivesese_openaiincludes/class-encryption-manager.php:23
filteroption_aivesese_keyincludes/class-encryption-manager.php:26
filteroption_aivesese_openaiincludes/class-encryption-manager.php:27
actionadmin_initincludes/class-encryption-manager.php:30
actionadmin_noticesincludes/class-encryption-manager.php:33
actionsave_postincludes/class-lite-engine.php:27
actionwoocommerce_update_productincludes/class-lite-engine.php:28
actiondelete_postincludes/class-lite-engine.php:29
actionaivesese_rebuild_lite_indexincludes/class-lite-engine.php:32
actionupdate_option_aivesese_lite_stopwordsincludes/class-lite-engine.php:33
actionupdate_option_aivesese_lite_synonymsincludes/class-lite-engine.php:34
actionplugins_loadedincludes/class-plugin.php:47
actionadmin_noticesincludes/class-plugin.php:56
actionadmin_noticesincludes/class-plugin.php:57
actionadmin_enqueue_scriptsincludes/class-plugin.php:58
actionwoocommerce_update_productincludes/class-product-sync.php:38
actionwoocommerce_new_productincludes/class-product-sync.php:39
actioninitincludes/class-recommendations-integrations.php:20
actioninitincludes/class-recommendations-integrations.php:21
actionenqueue_block_editor_assetsincludes/class-recommendations-integrations.php:22
actionelementor/widgets/registerincludes/class-recommendations-integrations.php:23
filterwoocommerce_cart_item_nameincludes/class-recommendations.php:25
filterwoocommerce_related_products_argsincludes/class-recommendations.php:29
filterwoocommerce_related_productsincludes/class-recommendations.php:30
actionwoocommerce_after_cartincludes/class-recommendations.php:40
actionwp_enqueue_scriptsincludes/class-search-handler.php:32
actionwp_footerincludes/class-search-handler.php:33
actionpre_get_postsincludes/class-search-handler.php:36
actiontemplate_redirectincludes/class-search-handler.php:42
actionwp_loadedincludes/class-search-handler.php:63
actionpre_get_postsincludes/class-search-handler.php:66

Scheduled Events 2

aivs_cleanup_analytics
aivesese_rebuild_lite_index
Maintenance & Trust

AI Vector Search (Semantic) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 27, 2026
PHP min version8.0
Downloads951

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

AI Vector Search (Semantic) Alternatives

AI Search – Intelligent Search for WooCommerce and WordPress

AI Search – Intelligent Search for WooCommerce and WordPress

ai-search

A
100

Replaces the default WordPress search with an AI-powered semantic search system. Perfect for WooCommerce stores and eCommerce sites. ---

90 No CVEs
AI Search for WooCommerce – Semantic Search

AI Search for WooCommerce – Semantic Search

queryra-ai-search

A
100

Replaces WooCommerce search with AI semantic search. Understands customer intent — finds products even with natural language queries.

10 No CVEs
jessyp AI Product Finder

jessyp AI Product Finder

jessyp-ai-product-finder

A
100

AI-powered semantic product search block that uses vector embeddings to find products based on natural language descriptions.

0 No CVEs
Clerk

Clerk

clerkio

A
92

Clerk.io is a software that helps your customers buy more from your webshop, through 4 amazing feature:

300 1 CVE
Init Live Search – AI-Powered, Related Posts, Slash Commands

Init Live Search – AI-Powered, Related Posts, Slash Commands

init-live-search

A
100

Fast, modern live search powered by REST API — with AI-powered Related Posts Engine, slash commands, SEO-aware, ACF, Woo, and custom UI presets.

100 No CVEs
Developer Profile

AI Vector Search (Semantic) Developer Profile

eastercow

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AI Vector Search (Semantic)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-vector-search-semantic/assets/css/admin.css/wp-content/plugins/ai-vector-search-semantic/assets/css/frontend.css/wp-content/plugins/ai-vector-search-semantic/assets/js/admin.js/wp-content/plugins/ai-vector-search-semantic/assets/js/frontend.js
Script Paths
/wp-content/plugins/ai-vector-search-semantic/assets/js/admin.js/wp-content/plugins/ai-vector-search-semantic/assets/js/frontend.js
Version Parameters
ai-vector-search-semantic/assets/css/admin.css?ver=ai-vector-search-semantic/assets/css/frontend.css?ver=ai-vector-search-semantic/assets/js/admin.js?ver=ai-vector-search-semantic/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
aivesese-adminaivesese-mode-liteaivesese-mode-apiaivesese-mode-self-hosted
Data Attributes
data-aivesese-mode
FAQ

Frequently Asked Questions about AI Vector Search (Semantic)