WP-Safety

AI Workflow Automation Security & Risk Analysis

wordpress.org/plugins/ai-workflow-automation-lite

Transform your WordPress site with AI-powered automation for content, customer support, data analysis, research, and business processes.

100 active installs v1.4.2 PHP 8.0.0+ WP 6.0.0+ Updated Jul 24, 2025
aiai-chatbotai-content-generatorautomationclaude
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AI Workflow Automation Safe to Use in 2026?

Generally Safe

Score 100/100

AI Workflow Automation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The 'ai-workflow-automation-lite' v1.4.2 plugin exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs and shows good practices in its SQL query and output escaping percentages, several areas present significant concerns. The static analysis reveals a substantial attack surface, with 15 unprotected entry points out of a total of 88. Specifically, 14 REST API routes lack permission callbacks, and 1 AJAX handler is not authenticated. This lack of authorization on multiple entry points is a critical weakness that could allow unauthorized users to trigger plugin functionality, potentially leading to data manipulation or other unintended consequences. The absence of any taint analysis findings is positive, suggesting no readily apparent command injection or similar critical vulnerabilities through data flow. However, the high number of unprotected entry points overshadows this strength. In conclusion, the plugin demonstrates decent code hygiene in some areas, but the significant number of unprotected entry points represents a serious security risk that needs immediate attention. The lack of historical vulnerabilities is encouraging, but it does not negate the risks identified in the current static analysis.

Key Concerns

  • REST API routes without permission callbacks
  • AJAX handler without authentication check
Vulnerabilities
None known

AI Workflow Automation Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

AI Workflow Automation Code Analysis

Dangerous Functions
0
Raw SQL Queries
37
179 prepared
Unescaped Output
46
148 escaped
Nonce Checks
5
Capability Checks
16
File Operations
14
External Requests
21
Bundled Libraries
0

SQL Query Safety

83% prepared216 total queries

Output Escaping

76% escaped194 total outputs
Attack Surface
15 unprotected

AI Workflow Automation Attack Surface

Entry Points88
Unprotected15

AJAX Handlers 2

authwp_ajax_wp_ai_workflows_sync_costsincludes\class-wp-ai-workflows-cost-management.php:22
authwp_ajax_dismiss_lite_noticewp-ai-workflows.php:613

REST API Routes 83

GET/wp-json/wp-ai-workflows/v1/workflowsincludes\class-wp-ai-workflows-rest-api.php:14
POST/wp-json/wp-ai-workflows/v1/workflowsincludes\class-wp-ai-workflows-rest-api.php:20
PUT/wp-json/wp-ai-workflows/v1/workflows/(?P<id>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:26
DELETE/wp-json/wp-ai-workflows/v1/workflows/(?P<id>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:32
GET/wp-json/wp-ai-workflows/v1/workflows/(?P<id>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:38
POST/wp-json/wp-ai-workflows/v1/execute-workflow/(?P<id>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:45
GET/wp-json/wp-ai-workflows/v1/executionsincludes\class-wp-ai-workflows-rest-api.php:51
GET/wp-json/wp-ai-workflows/v1/executions/(?P<id>\d+)includes\class-wp-ai-workflows-rest-api.php:57
DELETE/wp-json/wp-ai-workflows/v1/executions/(?P<id>\d+)includes\class-wp-ai-workflows-rest-api.php:63
GET/wp-json/wp-ai-workflows/v1/execution-status/(?P<id>\d+)includes\class-wp-ai-workflows-rest-api.php:69
GET/wp-json/wp-ai-workflows/v1/settingsincludes\class-wp-ai-workflows-rest-api.php:76
POSTPUT/wp-json/wp-ai-workflows/v1/settingsincludes\class-wp-ai-workflows-rest-api.php:82
GET/wp-json/wp-ai-workflows/v1/available-ai-modelsincludes\class-wp-ai-workflows-rest-api.php:88
GET/wp-json/wp-ai-workflows/v1/cost-statisticsincludes\class-wp-ai-workflows-rest-api.php:94
GET/wp-json/wp-ai-workflows/v1/cost-settingsincludes\class-wp-ai-workflows-rest-api.php:100
PUT/wp-json/wp-ai-workflows/v1/cost-settingsincludes\class-wp-ai-workflows-rest-api.php:106
POST/wp-json/wp-ai-workflows/v1/sync-costsincludes\class-wp-ai-workflows-rest-api.php:112
GET/wp-json/wp-ai-workflows/v1/cost-sync-infoincludes\class-wp-ai-workflows-rest-api.php:118
GET/wp-json/wp-ai-workflows/v1/download-logincludes\class-wp-ai-workflows-rest-api.php:124
GET/wp-json/wp-ai-workflows/v1/system-requirementsincludes\class-wp-ai-workflows-rest-api.php:132
GET/wp-json/wp-ai-workflows/v1/gravity-formsincludes\class-wp-ai-workflows-rest-api.php:141
GET/wp-json/wp-ai-workflows/v1/wpformsincludes\class-wp-ai-workflows-rest-api.php:147
GET/wp-json/wp-ai-workflows/v1/contactform7includes\class-wp-ai-workflows-rest-api.php:153
GET/wp-json/wp-ai-workflows/v1/ninjaformsincludes\class-wp-ai-workflows-rest-api.php:159
GET/wp-json/wp-ai-workflows/v1/wp-core-triggersincludes\class-wp-ai-workflows-rest-api.php:167
POST/wp-json/wp-ai-workflows/v1/webhook/(?P<node_id>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:174
POST/wp-json/wp-ai-workflows/v1/generate-webhookincludes\class-wp-ai-workflows-rest-api.php:180
GET/wp-json/wp-ai-workflows/v1/sample-webhook/(?P<id>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:186
POST/wp-json/wp-ai-workflows/v1/save-outputincludes\class-wp-ai-workflows-rest-api.php:196
GET/wp-json/wp-ai-workflows/v1/outputsincludes\class-wp-ai-workflows-rest-api.php:202
GET/wp-json/wp-ai-workflows/v1/latest-outputincludes\class-wp-ai-workflows-rest-api.php:210
GET/wp-json/wp-ai-workflows/v1/shortcode-outputincludes\class-wp-ai-workflows-rest-api.php:216
GET/wp-json/wp-ai-workflows/v1/tablesincludes\class-wp-ai-workflows-rest-api.php:226
GET/wp-json/wp-ai-workflows/v1/export-outputsincludes\class-wp-ai-workflows-rest-api.php:234
POST/wp-json/wp-ai-workflows/v1/tablesincludes\class-wp-ai-workflows-rest-api.php:242
GET/wp-json/wp-ai-workflows/v1/table-structureincludes\class-wp-ai-workflows-rest-api.php:248
DELETE/wp-json/wp-ai-workflows/v1/delete-tableincludes\class-wp-ai-workflows-rest-api.php:254
DELETE/wp-json/wp-ai-workflows/v1/delete-entryincludes\class-wp-ai-workflows-rest-api.php:260
GET/wp-json/wp-ai-workflows/v1/post-typesincludes\class-wp-ai-workflows-rest-api.php:270
GET/wp-json/wp-ai-workflows/v1/post-fields/(?P<post_type>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:276
POST/wp-json/wp-ai-workflows/v1/execute-post-nodeincludes\class-wp-ai-workflows-rest-api.php:282
GET/wp-json/wp-ai-workflows/v1/authorsincludes\class-wp-ai-workflows-rest-api.php:288
GET/wp-json/wp-ai-workflows/v1/categories/(?P<post_type>[\w-]+)includes\class-wp-ai-workflows-rest-api.php:294
GET/wp-json/wp-ai-workflows/v1/templatesincludes\class-wp-ai-workflows-rest-api.php:301
POST/wp-json/wp-ai-workflows/v1/templatesincludes\class-wp-ai-workflows-rest-api.php:307
GET/wp-json/wp-ai-workflows/v1/templates/(?P<id>\d+)includes\class-wp-ai-workflows-rest-api.php:313
PUT/wp-json/wp-ai-workflows/v1/templates/(?P<id>\d+)includes\class-wp-ai-workflows-rest-api.php:319
DELETE/wp-json/wp-ai-workflows/v1/templates/(?P<id>\d+)includes\class-wp-ai-workflows-rest-api.php:325
POST/wp-json/wp-ai-workflows/v1/generate-workflowincludes\class-wp-ai-workflows-rest-api.php:332
POST/wp-json/wp-ai-workflows/v1/rss-previewincludes\class-wp-ai-workflows-rest-api.php:352
POST/wp-json/wp-ai-workflows/v1/test-api-callincludes\class-wp-ai-workflows-rest-api.php:359
GET/wp-json/wp-ai-workflows/v1/google-integration-statusincludes\class-wp-ai-workflows-rest-api.php:385
POST/wp-json/wp-ai-workflows/v1/unsplash/searchincludes\class-wp-ai-workflows-rest-api.php:392
POST/wp-json/wp-ai-workflows/v1/generate-api-keyincludes\class-wp-ai-workflows-rest-api.php:399
POST/wp-json/wp-ai-workflows/v1/verify-api-keyincludes\class-wp-ai-workflows-rest-api.php:407
GET/wp-json/wp-ai-workflows/v1/human-tasksincludes\class-wp-ai-workflows-rest-api.php:415
POST/wp-json/wp-ai-workflows/v1/human-tasks/(?P<id>\d+)/(?P<action>approve|reject|revert|modify)includes\class-wp-ai-workflows-rest-api.php:423
GET/wp-json/wp-ai-workflows/v1/human-tasks-countincludes\class-wp-ai-workflows-rest-api.php:431
GET/wp-json/wp-ai-workflows/v1/usersincludes\class-wp-ai-workflows-rest-api.php:439
GET/wp-json/wp-ai-workflows/v1/rolesincludes\class-wp-ai-workflows-rest-api.php:445
GET/wp-json/wp-ai-workflows/v1/task-rolesincludes\class-wp-ai-workflows-rest-api.php:451
POST/wp-json/wp-ai-workflows/v1/task-rolesincludes\class-wp-ai-workflows-rest-api.php:459
POST/wp-json/wp-ai-workflows/v1/chatincludes\class-wp-ai-workflows-rest-api.php:468
GET/wp-json/wp-ai-workflows/v1/chat-historyincludes\class-wp-ai-workflows-rest-api.php:474
GET/wp-json/wp-ai-workflows/v1/chat-config/(?P<workflow_id>[a-zA-Z0-9-]+)includes\class-wp-ai-workflows-rest-api.php:481
GET/wp-json/wp-ai-workflows/v1/chat-actions/(?P<workflow_id>[a-zA-Z0-9-]+)includes\class-wp-ai-workflows-rest-api.php:487
GET/wp-json/wp-ai-workflows/v1/chat-eventsincludes\class-wp-ai-workflows-rest-api.php:493
GET/wp-json/wp-ai-workflows/v1/chat-action-resultincludes\class-wp-ai-workflows-rest-api.php:499
POST/wp-json/wp-ai-workflows/v1/chat-action-submitincludes\class-wp-ai-workflows-rest-api.php:506
GET/wp-json/wp-ai-workflows/v1/check-openrouter-balanceincludes\class-wp-ai-workflows-rest-api.php:513
GET/wp-json/wp-ai-workflows/v1/chat-logsincludes\class-wp-ai-workflows-rest-api.php:520
GET/wp-json/wp-ai-workflows/v1/chat-messages/(?P<session_id>[^/]+)includes\class-wp-ai-workflows-rest-api.php:526
GET/wp-json/wp-ai-workflows/v1/chat-statisticsincludes\class-wp-ai-workflows-rest-api.php:532
POST/wp-json/wp-ai-workflows/v1/stream-chatincludes\class-wp-ai-workflows-rest-api.php:538
GET/wp-json/wp-ai-workflows/v1/assistant/sessionincludes\class-wp-ai-workflows-rest-api.php:546
GET/wp-json/wp-ai-workflows/v1/assistant/messageincludes\class-wp-ai-workflows-rest-api.php:564
GET/wp-json/wp-ai-workflows/v1/assistant/contextincludes\class-wp-ai-workflows-rest-api.php:582
POST/wp-json/wp-ai-workflows/v1/assistant/update-modeincludes\class-wp-ai-workflows-rest-api.php:603
POST/wp-json/wp-ai-workflows/v1/assistant/apply-changesincludes\class-wp-ai-workflows-rest-api.php:610
GET/wp-json/wp-ai-workflows/v1/assistant/get-session/(?P<workflow_id>[a-zA-Z0-9-]+)includes\class-wp-ai-workflows-rest-api.php:617
GET/wp-json/wp-ai-workflows/v1/assistant/history/(?P<session_id>[a-zA-Z0-9-]+)includes\class-wp-ai-workflows-rest-api.php:623
GET/wp-json/wp-ai-workflows/v1/openrouter-modelsincludes\class-wp-ai-workflows-rest-api.php:644
GET/wp-json/wp-ai-workflows/v1/streamincludes\class-wp-ai-workflows-rest-api.php:651

Shortcodes 3

[wp_ai_workflow_chat] includes\class-wp-ai-workflows-chat-embedder.php:16
[wp_ai_workflows_output] includes\class-wp-ai-workflows-shortcode.php:8
[wp_ai_workflow_preview] includes\class-wp-ai-workflows-viewer.php:37
WordPress Hooks 55
actionadmin_menuadmin\class-wp-ai-workflows-admin.php:8
actionadmin_enqueue_scriptsadmin\class-wp-ai-workflows-admin.php:9
actionactivated_pluginincludes\class-wp-ai-workflows-analytics-collector.php:16
actiondeactivated_pluginincludes\class-wp-ai-workflows-analytics-collector.php:17
actionwp_ai_workflows_daily_analyticsincludes\class-wp-ai-workflows-analytics-collector.php:18
actionadmin_initincludes\class-wp-ai-workflows-analytics-collector.php:25
actionwidgets_initincludes\class-wp-ai-workflows-chat-embedder.php:19
actionwp_enqueue_scriptsincludes\class-wp-ai-workflows-chat-embedder.php:22
actionwp_footerincludes\class-wp-ai-workflows-chat-embedder.php:25
actionwp_ai_workflows_daily_maintenanceincludes\class-wp-ai-workflows-cost-management.php:21
filterupload_mimesincludes\class-wp-ai-workflows-node-execution.php:1726
filterupload_dirincludes\class-wp-ai-workflows-node-execution.php:1727
actionrest_api_initincludes\class-wp-ai-workflows-rest-api.php:8
actionwp_ai_workflows_cleanupincludes\class-wp-ai-workflows-rest-api.php:9
actionplugins_loadedincludes\class-wp-ai-workflows-utilities.php:7
actionwp_enqueue_scriptsincludes\class-wp-ai-workflows-viewer.php:40
actionwp_ai_workflows_execute_scheduled_workflowincludes\class-wp-ai-workflows-workflow.php:6
actionwp_ai_workflows_execute_webhook_workflowincludes\class-wp-ai-workflows-workflow.php:7
actionwp_ai_workflows_execute_workflowincludes\class-wp-ai-workflows-workflow.php:8
actiongform_after_submissionincludes\class-wp-ai-workflows-workflow.php:9
actionwpforms_process_completeincludes\class-wp-ai-workflows-workflow.php:10
actionwpcf7_before_send_mailincludes\class-wp-ai-workflows-workflow.php:11
actionninja_forms_after_submissionincludes\class-wp-ai-workflows-workflow.php:12
actionwp_ai_workflows_process_form_submissionincludes\class-wp-ai-workflows-workflow.php:13
actionpublish_postincludes\class-wp-ai-workflows-workflow.php:14
actionuser_registerincludes\class-wp-ai-workflows-workflow.php:15
actionwp_insert_commentincludes\class-wp-ai-workflows-workflow.php:16
actionwp_loginincludes\class-wp-ai-workflows-workflow.php:17
actionwp_ai_workflows_process_login_triggerincludes\class-wp-ai-workflows-workflow.php:18
actiontransition_post_statusincludes\class-wp-ai-workflows-workflow.php:19
actioninitincludes\class-wp-ai-workflows-workflow.php:20
actionwp_ai_workflows_rss_checkincludes\class-wp-ai-workflows-workflow.php:21
actionwp_ai_workflows_check_action_resultincludes\class-wp-ai-workflows-workflow.php:22
filtercron_schedulesincludes\class-wp-ai-workflows-workflow.php:2564
actionplugins_loadedwp-ai-workflows.php:95
actioninitwp-ai-workflows.php:215
filterwp_ai_workflows_frontend_settingswp-ai-workflows.php:243
actionadmin_noticeswp-ai-workflows.php:257
actionadmin_noticeswp-ai-workflows.php:311
actioninitwp-ai-workflows.php:323
actionadmin_noticeswp-ai-workflows.php:324
actionwpwp-ai-workflows.php:335
actionwpwp-ai-workflows.php:347
actionwp_ai_workflows_send_delayed_emailwp-ai-workflows.php:348
actioninitwp-ai-workflows.php:349
actionwp_ai_workflows_cleanup_chat_datawp-ai-workflows.php:354
actionwp_ai_workflows_cleanup_assistant_chatwp-ai-workflows.php:355
actionwp_ai_workflows_daily_maintenancewp-ai-workflows.php:356
actionplugins_loadedwp-ai-workflows.php:402
actionplugins_loadedwp-ai-workflows.php:433
filterrest_pre_serve_requestwp-ai-workflows.php:475
actioninitwp-ai-workflows.php:480
actionadmin_noticeswp-ai-workflows.php:557
actionadmin_initwp-ai-workflows.php:570
actionadmin_noticeswp-ai-workflows.php:592

Scheduled Events 19

wp_ai_workflows_daily_analytics
wp_ai_workflows_check_action_result
wp_ai_workflows_cleanup_chat_data
wp_ai_workflows_execute_delayed_output
wp_ai_workflows_execute_scheduled_workflow
wp_ai_workflows_rss_check
wp_ai_workflows_check_action_result
wp_ai_workflows_execute_scheduled_workflow
wp_ai_workflows_execute_webhook_workflow
wp_ai_workflows_process_form_submission
wp_ai_workflows_process_form_submission
wp_ai_workflows_process_form_submission
wp_ai_workflows_process_form_submission
wp_ai_workflows_execute_workflow
wp_ai_workflows_process_login_trigger
wp_ai_workflows_cleanup_chat_data
wp_ai_workflows_daily_maintenance
wp_ai_workflows_daily_maintenance
wp_ai_workflows_cleanup
Maintenance & Trust

AI Workflow Automation Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 24, 2025
PHP min version8.0.0
Downloads4K

Community Trust

Rating80/100
Number of ratings4
Active installs100
Alternatives

AI Workflow Automation Alternatives

AI Content Writer & Auto Post Generator for WordPress by RapidTextAI

AI Content Writer & Auto Post Generator for WordPress by RapidTextAI

ai-text-block

A
100

Generate AI-powered articles using GPT-4, GPT-5, Claude, DeepSeek & Grok with automatic images for WordPress.

70 No CVEs
WPRaiz Content API Tool

WPRaiz Content API Tool

wpraiz-content-api-tool

A
100

REST API + MCP Server for WordPress. Create, update, and manage posts programmatically. AI content generation with your own API keys (BYOK).

60 No CVEs
Gapify AI Customer Communication

Gapify AI Customer Communication

gapify-ai-customer-communication

A
100

AI-powered customer support and chat widget. Automate responses, increase sales, and provide 24/7 customer service with Gapify's intelligent chatbot.

20 No CVEs
ClearPost – AI Blog Post Generator & Automated SEO Content Writer for WordPress

ClearPost – AI Blog Post Generator & Automated SEO Content Writer for WordPress

clearpost-simple-ai-auto-post

A
100

Automatically generate and publish SEO-optimized blog posts with AI. Your automated blog content engine for WordPress. Free forever, premium autopilot &hellip;

10 No CVEs
Helpmate – Support Automation, AI Chatbot, Live Chat, Social Automation, Booking & CRM Solution

Helpmate – Support Automation, AI Chatbot, Live Chat, Social Automation, Booking & CRM Solution

helpmate-ai-chatbot

A
100

Reduce 97% of support queries and 70% of workload with AI Chatbot, Live Chat, CRM, Booking and WhatsApp automation.

10 No CVEs
Developer Profile

AI Workflow Automation Developer Profile

massiveshift

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AI Workflow Automation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ai-workflow-automation-lite/assets/css/admin.css/wp-content/plugins/ai-workflow-automation-lite/assets/css/frontend.css/wp-content/plugins/ai-workflow-automation-lite/assets/js/admin.js/wp-content/plugins/ai-workflow-automation-lite/assets/js/frontend.js/wp-content/plugins/ai-workflow-automation-lite/includes/js/dist/chunks/app.js/wp-content/plugins/ai-workflow-automation-lite/includes/js/dist/chunks/chunk-vendors.js
Script Paths
/wp-content/plugins/ai-workflow-automation-lite/assets/js/admin.js/wp-content/plugins/ai-workflow-automation-lite/assets/js/frontend.js/wp-content/plugins/ai-workflow-automation-lite/includes/js/dist/chunks/app.js/wp-content/plugins/ai-workflow-automation-lite/includes/js/dist/chunks/chunk-vendors.js
Version Parameters
ai-workflow-automation-lite/assets/css/admin.css?ver=ai-workflow-automation-lite/assets/css/frontend.css?ver=ai-workflow-automation-lite/assets/js/admin.js?ver=ai-workflow-automation-lite/assets/js/frontend.js?ver=ai-workflow-automation-lite/includes/js/dist/chunks/app.js?ver=ai-workflow-automation-lite/includes/js/dist/chunks/chunk-vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-ai-workflows-admin-pagewp-ai-workflows-frontend-wrapperai-workflow-designernode-editorworkflow-canvas
HTML Comments
<!-- wp_ai_workflows_dashboard_template --><!-- wp_ai_workflows_node_template --><!-- wp_ai_workflows_workflow_list_item -->
Data Attributes
data-wp-ai-workflows-node-iddata-wp-ai-workflows-workflow-iddata-wp-ai-workflows-node-typedata-wp-ai-workflows-editor-mode
JS Globals
wpAifrontendConfigwpAiAdminConfigWP_AI_Workflows_Utilities
REST Endpoints
/wp-json/wp-ai-workflows/v1/workflows/wp-json/wp-ai-workflows/v1/nodes/wp-json/wp-ai-workflows/v1/execute/wp-json/wp-ai-workflows/v1/settings
Shortcode Output
[wp_ai_workflow_designer][wp_ai_workflow_executor][wp_ai_chat_interface]
FAQ

Frequently Asked Questions about AI Workflow Automation