[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fc8tRCRlXwiyzf0xGhrC5hXosFEFOJOmZdGLi2WVfZDM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":32,"analysis":33,"fingerprints":148},"appypie-chatbot","Appypie Chatbot","1.0.1","Appy Pie","https:\u002F\u002Fprofiles.wordpress.org\u002Fhancock11\u002F","\u003Cp>Use Appy Pie Chatbot Builder, the no-code development platform to create chatbots for your business website and\u002For mobile app in just a few minutes. You don’t need any coding skills or technical knowledge to build amazing chatbots. With Appy Pie Chatbot, you can create a variety of chatbots with ease. All you need is 10 minutes of your time and a bit of creativity to make and integrate fully functional chatbots on your websites and mobile apps. Listed here are some of the best features of the no code chatbot maker Appy Pie –\u003C\u002Fp>\n\u003Ch4>Top Features of No Code Chatbot Creator\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>No Coding Required\u003Cbr \u002F>\nWhether you are a professional or a novice, with Appy Pie no code platform, you can bring your customer support assistant to life in minutes. Sounds interesting? It is. You don’t need any coding to make next generation chatbots with our platform.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Multi Language Support\u003Cbr \u002F>\nBuild chatbots in multiple languages including Portuguese, Arabic, Spanish, etc., through our unique Chatbot Builder. Extend your audience reach by providing support in customers’ local languages and gain more potential customers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Multiple Chatbots and Live Chat\u003Cbr \u002F>\nThe interesting thing about Chatbot Maker Appy Pie is that you can create multiple chatbots for inquiry, appointment or live chat purpose. Make unlimited chatbots, integrate them to your different websites and mobile apps, and take your user experience to a new high.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Contacts and Leads Management\u003Cbr \u002F>\nAppy Pie Chatbot Creator makes it easy for small businesses to manage all their user contacts as well as leads all in one place. This proves beneficial for the customer support team as they can easily streamline the records and close more deals efficiently.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Email Tracking\u003Cbr \u002F>\nAnother great feature of our no code platform is that it allows you to keep track of user emails as soon they hit your inbox. Meaning, no more worries of missing out on any important deals, thus better user engagement and greater revenue.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bot Analytics\u003Cbr \u002F>\nKeep an eye on user behavior and improve engagement using Chatbot Analytics. The Analytics feature allows you to see how many chats occurred with chatbots, study customers’ experience with chatbots, know how the visitors interacted with chatbots, get agent reports, and much more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>App Integrations\u003Cbr \u002F>\nIntegrate apps like Google Sheets, etc., and dramatically scale up your chatbot and live chat experience in no time. Access customer and company information, and emails right on the dashboard with the App Integration feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Use Appy Pie Chatbot Builder, the no-code development platform to create chatbots for your business website and\u002For mobile app in just a few minutes.",0,872,"2021-08-16T07:07:00.000Z","5.7.15","5.4","7.0",[],"https:\u002F\u002Fwww.appypie.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappypie-chatbot.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"hancock11",4,60,91,28,88,"2026-04-05T19:58:07.335Z",[],{"attackSurface":34,"codeSignals":90,"taintFlows":117,"riskAssessment":136,"analyzedAt":147},{"hooks":35,"ajaxHandlers":54,"restRoutes":86,"shortcodes":87,"cronEvents":88,"entryPointCount":89,"unprotectedCount":89},[36,42,46,50],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","add_chatbot_menu","wc-chat-bot.php",22,{"type":37,"name":43,"callback":44,"file":40,"line":45},"init","chatbot_addcss",23,{"type":37,"name":47,"callback":48,"file":40,"line":49},"admin_footer","addChatBot_js",24,{"type":37,"name":51,"callback":52,"file":40,"line":53},"wp_footer","add_chatbot_script",25,[55,60,62,66,68,72,74,78,80,84],{"action":56,"nopriv":57,"callback":58,"hasNonce":57,"hasCapCheck":57,"file":40,"line":59},"verify_token",false,"verify_token_ajax_callback",27,{"action":56,"nopriv":61,"callback":58,"hasNonce":57,"hasCapCheck":57,"file":40,"line":29},true,{"action":63,"nopriv":57,"callback":64,"hasNonce":57,"hasCapCheck":57,"file":40,"line":65},"wpcb_selected","wpcb_selected_ajax_callback",30,{"action":63,"nopriv":61,"callback":64,"hasNonce":57,"hasCapCheck":57,"file":40,"line":67},31,{"action":69,"nopriv":57,"callback":70,"hasNonce":57,"hasCapCheck":57,"file":40,"line":71},"wpcb_hidebot","wpcb_hidebot_ajax_callback",33,{"action":69,"nopriv":61,"callback":70,"hasNonce":57,"hasCapCheck":57,"file":40,"line":73},34,{"action":75,"nopriv":57,"callback":76,"hasNonce":57,"hasCapCheck":57,"file":40,"line":77},"wpcb_disconnect","wpcb_disconnect_ajax_callback",36,{"action":75,"nopriv":61,"callback":76,"hasNonce":57,"hasCapCheck":57,"file":40,"line":79},37,{"action":81,"nopriv":57,"callback":82,"hasNonce":57,"hasCapCheck":57,"file":40,"line":83},"wpcb_enable","wpcb_enable_ajax_callback",39,{"action":81,"nopriv":61,"callback":82,"hasNonce":57,"hasCapCheck":57,"file":40,"line":85},40,[],[],[],10,{"dangerousFunctions":91,"sqlUsage":92,"outputEscaping":105,"fileOperations":11,"externalRequests":115,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":116},[],{"prepared":93,"raw":26,"locations":94},5,[95,98,101,103],{"file":40,"line":96,"context":97},45,"$wpdb->get_var() with variable interpolation",{"file":40,"line":99,"context":100},176,"$wpdb->get_row() with variable interpolation",{"file":40,"line":102,"context":100},230,{"file":40,"line":104,"context":100},340,{"escaped":49,"rawEcho":106,"locations":107},3,[108,111,113],{"file":40,"line":109,"context":110},265,"raw output",{"file":40,"line":112,"context":110},280,{"file":40,"line":114,"context":110},344,2,[],[118],{"entryPoint":119,"graph":120,"unsanitizedCount":134,"severity":135},"\u003Cwc-chat-bot> (wc-chat-bot.php:0)",{"nodes":121,"edges":132},[122,127],{"id":123,"type":124,"label":125,"file":40,"line":126},"n0","source","$_POST",272,{"id":128,"type":129,"label":130,"file":40,"line":114,"wp_function":131},"n1","sink","echo() [XSS]","echo",[133],{"from":123,"to":128,"sanitized":57},1,"low",{"summary":137,"deductions":138},"The appypie-chatbot v1.0.1 plugin presents a significant security risk primarily due to its extensive use of unprotected AJAX handlers. With 10 AJAX endpoints and none of them having any form of authentication or authorization checks, any unauthenticated user can potentially trigger these actions. This creates a wide attack surface where malicious actors could inject data, manipulate plugin functionality, or even potentially execute unintended code if these handlers are not carefully designed.\n\nThe code analysis also reveals some positive aspects, such as a high percentage of SQL queries using prepared statements and properly escaped output, indicating some level of secure coding practices. However, the absence of nonce checks on AJAX handlers is a major concern, leaving these endpoints vulnerable to Cross-Site Request Forgery (CSRF) attacks. Furthermore, the single taint flow identified with an unsanitized path, although not rated as critical or high, warrants attention as it could lead to path traversal vulnerabilities if exploited.\n\nThe plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator but does not negate the risks identified in the static analysis. A lack of past vulnerabilities could be due to the plugin's limited adoption, infrequent security audits, or simply good fortune. The substantial number of unprotected entry points, particularly AJAX handlers, remains the most pressing issue, demanding immediate attention to mitigate potential exploitation.",[139,141,143,145],{"reason":140,"points":89},"10 unprotected AJAX handlers",{"reason":142,"points":89},"0 Nonce checks on AJAX",{"reason":144,"points":93},"1 unsanitized path taint flow",{"reason":146,"points":89},"0 Capability checks","2026-03-17T06:11:14.722Z",{"wat":149,"direct":157},{"assetPaths":150,"generatorPatterns":154,"scriptPaths":155,"versionParams":156},[151,152,153],"\u002Fwp-content\u002Fplugins\u002Fappypie-chatbot\u002Fassets\u002Fimages\u002Fchatbot.svg","\u002Fwp-content\u002Fplugins\u002Fappypie-chatbot\u002Fassets\u002Fimages\u002Flock.png","\u002Fwp-content\u002Fplugins\u002Fappypie-chatbot\u002Fassets\u002Fimages\u002Farrow.png",[],[],[],{"cssClasses":158,"htmlComments":168,"htmlAttributes":169,"restEndpoints":176,"jsGlobals":182,"shortcodeOutput":184},[159,160,161,162,163,164,165,166,167],"main-wrapper","content-box","themeButton","loginPop","modal-content","formField","verifytoken","errormsg","switch",[],[170,171,172,173,174,175],"id=\"tokenVerify\"","id=\"token\"","class=\"verifytoken\"","action=\"admin.php?page=chat_bot\"","id=\"chatbot\"","style=\"background-image: url(",[177,178,179,180,181],"\u002Fwp-json\u002Fappypie-chatbot\u002Fv1\u002Fverify_token","\u002Fwp-json\u002Fappypie-chatbot\u002Fv1\u002Fwpcb_selected","\u002Fwp-json\u002Fappypie-chatbot\u002Fv1\u002Fwpcb_hidebot","\u002Fwp-json\u002Fappypie-chatbot\u002Fv1\u002Fwpcb_disconnect","\u002Fwp-json\u002Fappypie-chatbot\u002Fv1\u002Fwpcb_enable",[183],"wpcb.ajax_url",[]]