Does Appypie Chatbot have any unpatched vulnerabilities?

No. All known vulnerabilities in Appypie Chatbot have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Appypie Chatbot compatible with WordPress 5.7.15?

According to WordPress.org data, Appypie Chatbot 1.0.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is Appypie Chatbot compatible with PHP 7.0+?

Appypie Chatbot requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Appypie Chatbot updated?

Appypie Chatbot was last updated on Aug 16, 2021. Frequent updates are generally a positive security signal.

What is Appypie Chatbot's security score?

Appypie Chatbot has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Appypie Chatbot Security & Risk Analysis

wordpress.org/plugins/appypie-chatbot

Use Appy Pie Chatbot Builder, the no-code development platform to create chatbots for your business website and/or mobile app in just a few minutes.

0 active installs v1.0.1 PHP 7.0+ WP 5.4+ Updated Aug 16, 2021

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Appypie Chatbot Safe to Use in 2026?

Generally Safe

Score 85/100

Appypie Chatbot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The appypie-chatbot v1.0.1 plugin presents a significant security risk primarily due to its extensive use of unprotected AJAX handlers. With 10 AJAX endpoints and none of them having any form of authentication or authorization checks, any unauthenticated user can potentially trigger these actions. This creates a wide attack surface where malicious actors could inject data, manipulate plugin functionality, or even potentially execute unintended code if these handlers are not carefully designed.

The code analysis also reveals some positive aspects, such as a high percentage of SQL queries using prepared statements and properly escaped output, indicating some level of secure coding practices. However, the absence of nonce checks on AJAX handlers is a major concern, leaving these endpoints vulnerable to Cross-Site Request Forgery (CSRF) attacks. Furthermore, the single taint flow identified with an unsanitized path, although not rated as critical or high, warrants attention as it could lead to path traversal vulnerabilities if exploited.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator but does not negate the risks identified in the static analysis. A lack of past vulnerabilities could be due to the plugin's limited adoption, infrequent security audits, or simply good fortune. The substantial number of unprotected entry points, particularly AJAX handlers, remains the most pressing issue, demanding immediate attention to mitigate potential exploitation.

Key Concerns

10 unprotected AJAX handlers
0 Nonce checks on AJAX
1 unsanitized path taint flow
0 Capability checks

Vulnerabilities

None known

Appypie Chatbot Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Appypie Chatbot Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

56% prepared9 total queries

Output Escaping

89% escaped27 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<wc-chat-bot> (wc-chat-bot.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Appypie Chatbot Attack Surface

Entry Points10

Unprotected10

AJAX Handlers 10

authwp_ajax_verify_tokenwc-chat-bot.php:27

noprivwp_ajax_verify_tokenwc-chat-bot.php:28

authwp_ajax_wpcb_selectedwc-chat-bot.php:30

noprivwp_ajax_wpcb_selectedwc-chat-bot.php:31

authwp_ajax_wpcb_hidebotwc-chat-bot.php:33

noprivwp_ajax_wpcb_hidebotwc-chat-bot.php:34

authwp_ajax_wpcb_disconnectwc-chat-bot.php:36

noprivwp_ajax_wpcb_disconnectwc-chat-bot.php:37

authwp_ajax_wpcb_enablewc-chat-bot.php:39

noprivwp_ajax_wpcb_enablewc-chat-bot.php:40

WordPress Hooks 4

actionadmin_menuwc-chat-bot.php:22

actioninitwc-chat-bot.php:23

actionadmin_footerwc-chat-bot.php:24

actionwp_footerwc-chat-bot.php:25

Maintenance & Trust

Appypie Chatbot Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedAug 16, 2021

PHP min version7.0

Downloads872

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Appypie Chatbot Alternatives

No alternatives data available yet.

Developer Profile

Appypie Chatbot Developer Profile

Appy Pie

4 plugins · 60 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

28 days

View full developer profile

Detection Fingerprints

How We Detect Appypie Chatbot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/appypie-chatbot/assets/images/chatbot.svg/wp-content/plugins/appypie-chatbot/assets/images/lock.png/wp-content/plugins/appypie-chatbot/assets/images/arrow.png

HTML / DOM Fingerprints

CSS Classes

main-wrappercontent-boxthemeButtonloginPopmodal-contentformFieldverifytokenerrormsg+1 more

Data Attributes

id="tokenVerify"id="token"class="verifytoken"action="admin.php?page=chat_bot"id="chatbot"style="background-image: url(

JS Globals

wpcb.ajax_url

REST Endpoints

/wp-json/appypie-chatbot/v1/verify_token/wp-json/appypie-chatbot/v1/wpcb_selected/wp-json/appypie-chatbot/v1/wpcb_hidebot/wp-json/appypie-chatbot/v1/wpcb_disconnect/wp-json/appypie-chatbot/v1/wpcb_enable

FAQ