WP-Safety

Albert – The AI Butler Security & Risk Analysis

wordpress.org/plugins/albert-ai-butler

At your service — Albert connects AI assistants to your WordPress site so they can manage content, handle tasks, and keep things running smoothly.

0 active installs v1.0.0 PHP 8.1+ WP 6.9+ Updated Feb 25, 2026
aichatgptclaudemcpoauth
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Albert – The AI Butler Safe to Use in 2026?

Generally Safe

Score 100/100

Albert – The AI Butler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "albert-ai-butler" v1.0.1 plugin exhibits a generally strong security posture due to its adherence to secure coding practices. The absence of known vulnerabilities in its history and the comprehensive use of prepared statements for all SQL queries are significant strengths. Furthermore, all output appears to be properly escaped, mitigating common cross-site scripting (XSS) risks, and there are no file operations or external HTTP requests that could be exploited.

However, the static analysis reveals a concerning area related to taint analysis. While no critical severity flows were identified, there are three high-severity flows with unsanitized paths. This suggests that data processed by the plugin might not be adequately validated or sanitized before being used in potentially sensitive operations, even if these operations don't directly lead to SQL injection or XSS in this specific version. The presence of unsanitized paths, even without immediate critical exploits, warrants attention as it could be a precursor to vulnerabilities in future updates or in conjunction with other factors.

In conclusion, "albert-ai-butler" v1.0.1 is a secure plugin in many respects, particularly regarding database interactions and output handling. The lack of historical vulnerabilities is a positive indicator. The primary weakness lies in the identified high-severity taint flows, which indicate potential areas for improvement in data sanitization and input validation to further harden the plugin against unforeseen attack vectors.

Key Concerns

  • High severity taint flows with unsanitized paths
  • 4 flows with unsanitized paths
Vulnerabilities
None known

Albert – The AI Butler Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Albert – The AI Butler Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Albert – The AI Butler Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
41 prepared
Unescaped Output
2
598 escaped
Nonce Checks
9
Capability Checks
15
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared41 total queries

Output Escaping

100% escaped600 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
render_page (src/Admin/Connections.php:507)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Albert – The AI Butler Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 35
actionadmin_noticesalbert-ai-butler.php:52
actionplugins_loadedalbert-ai-butler.php:77
actionadmin_menusrc/Admin/AbstractAbilitiesPage.php:90
actionadmin_initsrc/Admin/AbstractAbilitiesPage.php:91
actionadmin_enqueue_scriptssrc/Admin/AbstractAbilitiesPage.php:92
actionadmin_menusrc/Admin/Connections.php:54
actionadmin_initsrc/Admin/Connections.php:55
actionadmin_enqueue_scriptssrc/Admin/Connections.php:56
actionadmin_post_albert_add_allowed_usersrc/Admin/Connections.php:57
actionadmin_menusrc/Admin/Dashboard.php:51
actionadmin_enqueue_scriptssrc/Admin/Dashboard.php:52
actionadmin_menusrc/Admin/Settings.php:51
actionadmin_enqueue_scriptssrc/Admin/Settings.php:52
actionadmin_post_albert_save_external_urlsrc/Admin/Settings.php:53
actionabilities_api_categories_initsrc/Core/AbilitiesManager.php:41
actionwp_abilities_api_categories_initsrc/Core/AbilitiesManager.php:42
actionabilities_api_initsrc/Core/AbilitiesManager.php:45
actionwp_abilities_api_initsrc/Core/AbilitiesManager.php:46
filteralbert/abilities/wordpresssrc/Core/AbilitiesManager.php:49
filterwp_register_ability_argssrc/Core/AbilitiesManager.php:52
actioninitsrc/Core/Plugin.php:204
actionmcp_adapter_initsrc/MCP/Server.php:66
filterrest_request_before_callbackssrc/MCP/Server.php:67
actioninitsrc/OAuth/Endpoints/AuthorizationPage.php:47
actioninitsrc/OAuth/Endpoints/AuthorizationPage.php:48
actiontemplate_redirectsrc/OAuth/Endpoints/AuthorizationPage.php:49
filterquery_varssrc/OAuth/Endpoints/AuthorizationPage.php:50
filterredirect_canonicalsrc/OAuth/Endpoints/AuthorizationPage.php:51
actionrest_api_initsrc/OAuth/Endpoints/ClientRegistration.php:48
actionrest_api_initsrc/OAuth/Endpoints/OAuthController.php:59
actioninitsrc/OAuth/Endpoints/OAuthDiscovery.php:34
actioninitsrc/OAuth/Endpoints/OAuthDiscovery.php:35
actiontemplate_redirectsrc/OAuth/Endpoints/OAuthDiscovery.php:36
filterquery_varssrc/OAuth/Endpoints/OAuthDiscovery.php:37
filterredirect_canonicalsrc/OAuth/Endpoints/OAuthDiscovery.php:40
Maintenance & Trust

Albert – The AI Butler Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version8.1
Downloads166

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Albert – The AI Butler Alternatives

MountDev AI MCP Connector

MountDev AI MCP Connector

mountdev-ai-mcp-connector

A
100

Transform your WordPress site into an AI-powered Model Context Protocol (MCP) server. Exposes WordPress functionality for AI agents.

0 No CVEs
AI Share & Summarize

AI Share & Summarize

ai-share-summarize

A
100

Share on social media and generate summaries with citations from leading AIs (Claude, ChatGPT, Gemini, Grok, Perplexity, DeepSeek, Copilot, Qwen)

1K No CVEs
StifLi Flex MCP – AI Copilot, Chat Agent and MCP Server

StifLi Flex MCP – AI Copilot, Chat Agent and MCP Server

stifli-flex-mcp

A
100

AI Copilot for the WordPress editor, AI Chat Agent for full site management & MCP server for external AI clients. OpenAI, Claude & Gemini.

900 No CVEs
LLM Bot Tracker – AI Crawler Detection & Analytics

LLM Bot Tracker – AI Crawler Detection & Analytics

llm-bot-tracker-by-hueston

A
100

Automatically track ChatGPT, Claude, Perplexity & 56 AI bots crawling your WordPress site. Monitor AI search engine visits, detect AI web scrapers …

500 No CVEs
Royal MCP

Royal MCP

royal-mcp

A
99

The security-first MCP server for WordPress. Connect Claude, ChatGPT, and Gemini with API key auth, rate limiting, and activity logging.

500 1 CVE
Developer Profile

Albert – The AI Butler Developer Profile

Albert

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Albert – The AI Butler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/albert-ai-butler/assets/css/albert.css/wp-content/plugins/albert-ai-butler/assets/js/albert.js
Script Paths
/wp-content/plugins/albert-ai-butler/assets/js/albert.js
Version Parameters
albert-ai-butler/assets/css/albert.css?ver=albert-ai-butler/assets/js/albert.js?ver=

HTML / DOM Fingerprints

CSS Classes
albert-settingsalbert-page-layoutalbert-main-contentalbert-tab-contentalbert-sidebaralbert-tab-menualbert-tab-item
HTML Comments
Prevent direct access.Define plugin constants.Load Composer autoloader if available.Initialize the plugin.+43 more
Data Attributes
data-albert-toggledata-albert-targetdata-albert-ability-slugdata-albert-ability-status
JS Globals
albert
FAQ

Frequently Asked Questions about Albert – The AI Butler