WP-Safety

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Security & Risk Analysis

wordpress.org/plugins/askany

Complete AI chatbot solution with live agent handoff, WooCommerce integration, PDF knowledge base, and multi-provider AI support (OpenAI, DeepSeek, Ge …

10 active installs v1.11.0 PHP 7.4+ WP 5.9+ Updated Mar 27, 2026
aiai-supportchatgptcustomer-supporthelpdesk
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Safe to Use in 2026?

Generally Safe

Score 100/100

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "askany" v1.10.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices, with a high percentage of SQL queries using prepared statements and properly escaped output. The extensive use of nonce and capability checks for its entry points suggests a robust effort to protect against unauthorized access. Furthermore, its clean vulnerability history with no recorded CVEs is a significant strength, indicating a generally stable and well-maintained codebase.

However, there are areas of concern. The static analysis reveals the presence of dangerous functions like `shell_exec` and `exec`, which can be risky if not handled with extreme caution and proper sanitization. Taint analysis shows a concerning number of flows with unsanitized paths, including two critical and fifteen high-severity flows. This indicates potential vulnerabilities where user-supplied data could be manipulated to execute unintended code or access sensitive information. The presence of one unprotected REST API route also presents a direct attack vector.

In conclusion, while "askany" v1.10.0 benefits from a strong track record and good general coding practices, the critical and high-severity taint flows, along with the use of dangerous functions and an unprotected REST API endpoint, necessitate careful review and potential remediation. The lack of historical vulnerabilities is encouraging, but the current static analysis findings highlight specific areas requiring attention to maintain a secure environment.

Key Concerns

  • Critical severity taint flows
  • High severity taint flows
  • Unprotected REST API route
  • Dangerous functions (shell_exec, exec)
Vulnerabilities
None known

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Release Timeline

v1.11.0Current
v1.10.0
v1.9.0
v1.8.0
v1.7.0
v1.6.1
v1.6.0
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.1
v1.1.0
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Code Analysis

Dangerous Functions
4
Raw SQL Queries
117
255 prepared
Unescaped Output
29
867 escaped
Nonce Checks
99
Capability Checks
102
File Operations
18
External Requests
14
Bundled Libraries
1

Dangerous Functions Found

shell_execif (function_exists('shell_exec') && !empty(shell_exec('which pdftotext'))) {includes\class-ajax-handler.php:1153
shell_exec$output = shell_exec('pdftotext "' . escapeshellarg($file_path) . '" -');includes\class-ajax-handler.php:1154
execexec('which pdftotext', $output, $return_var);includes\class-pdf-upload-handler.php:218
execexec('pdftotext ' . escapeshellarg($file_path) . ' ' . escapeshellarg($temp_txt), $output, $return_vincludes\class-pdf-upload-handler.php:222

Bundled Libraries

Freemius1.0

SQL Query Safety

69% prepared372 total queries

Output Escaping

97% escaped896 total outputs
Data Flows · Security
19 unsanitized

Data Flow Analysis

25 flows19 with unsanitized paths
export_data (includes\class-ajax-handler.php:3664)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Attack Surface

Entry Points122
Unprotected1

AJAX Handlers 114

authwp_ajax_askany_dismiss_pro_upgrade_noticeaskany.php:271
authwp_ajax_askany_chat_responseincludes\class-ajax-handler.php:90
noprivwp_ajax_askany_chat_responseincludes\class-ajax-handler.php:91
authwp_ajax_askany_chat_response_with_filesincludes\class-ajax-handler.php:94
noprivwp_ajax_askany_chat_response_with_filesincludes\class-ajax-handler.php:95
authwp_ajax_askany_save_settingsincludes\class-ajax-handler.php:98
authwp_ajax_askany_test_api_connectionincludes\class-ajax-handler.php:99
authwp_ajax_askany_reindex_contentincludes\class-ajax-handler.php:100
authwp_ajax_askany_process_pdfincludes\class-ajax-handler.php:101
authwp_ajax_askany_delete_pdfincludes\class-ajax-handler.php:102
authwp_ajax_askany_clear_chat_all_historyincludes\class-ajax-handler.php:103
authwp_ajax_askany_get_provider_settingsincludes\class-ajax-handler.php:106
authwp_ajax_askany_get_provider_modelsincludes\class-ajax-handler.php:107
authwp_ajax_askany_test_api_connectionincludes\class-ajax-handler.php:112
authwp_ajax_askany_add_qa_pairincludes\class-ajax-handler.php:114
authwp_ajax_askany_update_qa_pairincludes\class-ajax-handler.php:115
authwp_ajax_askany_delete_qa_pairincludes\class-ajax-handler.php:116
authwp_ajax_askany_get_qa_pairincludes\class-ajax-handler.php:117
authwp_ajax_askany_export_qa_pairsincludes\class-ajax-handler.php:118
authwp_ajax_askany_import_qa_pairsincludes\class-ajax-handler.php:119
authwp_ajax_askany_add_agentincludes\class-ajax-handler.php:122
authwp_ajax_askany_remove_agentincludes\class-ajax-handler.php:123
authwp_ajax_askany_get_chat_sessionsincludes\class-ajax-handler.php:124
authwp_ajax_askany_get_chat_messagesincludes\class-ajax-handler.php:125
authwp_ajax_askany_assign_agentincludes\class-ajax-handler.php:126
authwp_ajax_askany_release_agentincludes\class-ajax-handler.php:127
authwp_ajax_askany_send_agent_messageincludes\class-ajax-handler.php:128
authwp_ajax_askany_merge_sessionincludes\class-ajax-handler.php:129
noprivwp_ajax_askany_merge_sessionincludes\class-ajax-handler.php:130
authwp_ajax_askany_set_typingincludes\class-ajax-handler.php:133
noprivwp_ajax_askany_set_typingincludes\class-ajax-handler.php:134
authwp_ajax_askany_get_realtime_updatesincludes\class-ajax-handler.php:135
noprivwp_ajax_askany_get_realtime_updatesincludes\class-ajax-handler.php:136
authwp_ajax_askany_poll_messagesincludes\class-ajax-handler.php:137
authwp_ajax_askany_save_home_settingsincludes\class-ajax-handler.php:140
authwp_ajax_askany_save_home_faqincludes\class-ajax-handler.php:141
authwp_ajax_askany_get_home_faqincludes\class-ajax-handler.php:142
authwp_ajax_askany_delete_home_faqincludes\class-ajax-handler.php:143
authwp_ajax_askany_toggle_home_faqincludes\class-ajax-handler.php:144
authwp_ajax_askany_save_home_linkincludes\class-ajax-handler.php:145
authwp_ajax_askany_get_home_linkincludes\class-ajax-handler.php:146
authwp_ajax_askany_delete_home_linkincludes\class-ajax-handler.php:147
authwp_ajax_askany_toggle_home_linkincludes\class-ajax-handler.php:148
authwp_ajax_askany_submit_get_startedincludes\class-ajax-handler.php:151
noprivwp_ajax_askany_submit_get_startedincludes\class-ajax-handler.php:152
authwp_ajax_askany_clear_chat_historyincludes\class-ajax-handler.php:155
authwp_ajax_askany_delete_user_sessionincludes\class-ajax-handler.php:156
authwp_ajax_askany_search_internetincludes\class-ajax-handler.php:159
noprivwp_ajax_askany_search_internetincludes\class-ajax-handler.php:160
authwp_ajax_askany_get_session_infoincludes\class-ajax-handler.php:163
noprivwp_ajax_askany_get_session_infoincludes\class-ajax-handler.php:164
authwp_ajax_askany_generate_embeddings_batchincludes\class-ajax-handler.php:167
authwp_ajax_askany_get_embeddings_statusincludes\class-ajax-handler.php:168
authwp_ajax_askany_clear_all_embeddingsincludes\class-ajax-handler.php:169
authwp_ajax_askany_save_embedding_modelincludes\class-ajax-handler.php:170
authwp_ajax_askany_get_embedding_errorsincludes\class-ajax-handler.php:171
authwp_ajax_askany_reset_stuck_embeddingsincludes\class-ajax-handler.php:172
authwp_ajax_askany_dismiss_rag_noticeincludes\class-ajax-handler.php:173
authwp_ajax_askany_check_quota_errorincludes\class-ajax-handler.php:174
authwp_ajax_askany_save_quota_errorincludes\class-ajax-handler.php:175
authwp_ajax_askany_dismiss_quota_errorincludes\class-ajax-handler.php:176
authwp_ajax_askany_clear_quota_errorincludes\class-ajax-handler.php:177
authwp_ajax_askany_get_full_postincludes\class-ajax-handler.php:180
noprivwp_ajax_askany_get_full_postincludes\class-ajax-handler.php:181
authwp_ajax_askany_get_indexed_contentincludes\class-ajax-handler.php:184
authwp_ajax_askany_get_content_detailsincludes\class-ajax-handler.php:185
authwp_ajax_askany_get_all_messagesincludes\class-ajax-handler.php:188
authwp_ajax_askany_mark_session_readincludes\class-ajax-handler.php:191
authwp_ajax_askany_get_unread_countincludes\class-ajax-handler.php:192
authwp_ajax_askany_save_integration_settingsincludes\class-ajax-handler.php:195
authwp_ajax_askany_save_slack_settingsincludes\class-ajax-handler.php:196
authwp_ajax_askany_test_slack_webhookincludes\class-ajax-handler.php:197
authwp_ajax_askany_save_woocommerce_settingsincludes\class-ajax-handler.php:198
noprivwp_ajax_askany_get_all_messagesincludes\class-ajax-handler.php:199
authwp_ajax_askany_save_user_messageincludes\class-ajax-handler.php:202
noprivwp_ajax_askany_save_user_messageincludes\class-ajax-handler.php:203
authwp_ajax_askany_get_product_detailsincludes\class-ajax-handler.php:206
noprivwp_ajax_askany_get_product_detailsincludes\class-ajax-handler.php:207
authwp_ajax_askany_add_to_cartincludes\class-ajax-handler.php:208
noprivwp_ajax_askany_add_to_cartincludes\class-ajax-handler.php:209
authwp_ajax_askany_get_api_statsincludes\class-ajax-handler.php:212
authwp_ajax_askany_refresh_api_statsincludes\class-ajax-handler.php:213
authwp_ajax_askany_get_paginated_errorsincludes\class-ajax-handler.php:214
authwp_ajax_askany_clear_api_errorsincludes\class-ajax-handler.php:215
authwp_ajax_askany_get_paginated_chat_logsincludes\class-ajax-handler.php:216
authwp_ajax_askany_cleanup_old_dataincludes\class-ajax-handler.php:219
authwp_ajax_askany_truncate_all_dataincludes\class-ajax-handler.php:221
authwp_ajax_askany_optimize_tablesincludes\class-ajax-handler.php:222
authwp_ajax_askany_delete_date_rangeincludes\class-ajax-handler.php:223
authwp_ajax_askany_export_dataincludes\class-ajax-handler.php:224
authwp_ajax_askany_import_dataincludes\class-ajax-handler.php:225
authwp_ajax_askany_filter_dataincludes\class-ajax-handler.php:226
authwp_ajax_askany_get_database_statsincludes\class-ajax-handler.php:227
authwp_ajax_askany_clear_chat_logsincludes\class-ajax-handler.php:228
authwp_ajax_askany_save_feature_requestincludes\class-ajax-handler.php:231
noprivwp_ajax_askany_save_feature_requestincludes\class-ajax-handler.php:232
authwp_ajax_askany_save_bug_reportincludes\class-ajax-handler.php:233
noprivwp_ajax_askany_save_bug_reportincludes\class-ajax-handler.php:234
authwp_ajax_askany_get_feature_requestsincludes\class-ajax-handler.php:235
authwp_ajax_askany_get_bug_reportsincludes\class-ajax-handler.php:236
authwp_ajax_askany_update_feature_request_statusincludes\class-ajax-handler.php:237
authwp_ajax_askany_update_bug_report_statusincludes\class-ajax-handler.php:238
authwp_ajax_askany_get_feature_request_detailsincludes\class-ajax-handler.php:239
authwp_ajax_askany_get_bug_report_detailsincludes\class-ajax-handler.php:240
authwp_ajax_askany_delete_feature_requestincludes\class-ajax-handler.php:241
authwp_ajax_askany_delete_bug_reportincludes\class-ajax-handler.php:242
authwp_ajax_askany_check_statusincludes\class-ajax-handler.php:243
noprivwp_ajax_askany_check_statusincludes\class-ajax-handler.php:244
authwp_ajax_askany_upload_pdfincludes\class-pdf-upload-handler.php:63
authwp_ajax_askany_delete_pdfincludes\class-pdf-upload-handler.php:64
authwp_ajax_askany_sse_streamincludes\class-sse-handler.php:51
noprivwp_ajax_askany_sse_streamincludes\class-sse-handler.php:52
authwp_ajax_askany_broadcast_messageincludes\class-sse-handler.php:55
noprivwp_ajax_askany_broadcast_messageincludes\class-sse-handler.php:56

REST API Routes 7

POST/wp-json/askany/v1/chatincludes\class-ajax-handler.php:255
POST/wp-json/askany/v1/external-sourcesincludes\class-external-sources-handler.php:182
GET/wp-json/askany/v1/external-sourcesincludes\class-external-sources-handler.php:225
DELETE/wp-json/askany/v1/external-sources/(?P<id>\d+)includes\class-external-sources-handler.php:234
GET/wp-json/askany/v1/external-sources/(?P<id>\d+)/urlsincludes\class-external-sources-handler.php:243
POST/wp-json/askany/v1/external-sources/(?P<id>\d+)/reprocessincludes\class-external-sources-handler.php:252
GET/wp-json/askany/v1/external-sources/statusincludes\class-external-sources-handler.php:261

Shortcodes 1

[askany_chat] includes\class-shortcode-handler.php:44
WordPress Hooks 30
actionadmin_noticesaskany.php:136
actionadmin_initaskany.php:148
actionadmin_noticesaskany.php:245
actionactivate_askany-pro/askany-pro.phpaskany.php:313
actionadmin_noticesaskany.php:433
actionplugins_loadedaskany.php:449
actionadmin_menuincludes\class-admin-pages.php:82
actionadmin_enqueue_scriptsincludes\class-admin-pages.php:83
actionadmin_enqueue_scriptsincludes\class-admin-pages.php:84
actionrest_api_initincludes\class-ajax-handler.php:110
actionwp_enqueue_scriptsincludes\class-assets-manager.php:52
actionaskany_reindex_contentincludes\class-content-indexer.php:55
actionsave_postincludes\class-content-indexer.php:56
actiondelete_postincludes\class-content-indexer.php:57
actionwp_insert_commentincludes\class-content-indexer.php:58
actiondelete_commentincludes\class-content-indexer.php:59
actionwoocommerce_new_productincludes\class-content-indexer.php:60
actionwoocommerce_update_productincludes\class-content-indexer.php:61
actionwoocommerce_delete_productincludes\class-content-indexer.php:62
actionrest_api_initincludes\class-external-sources-handler.php:87
actionaskany_process_external_urlincludes\class-external-sources-handler.php:90
actionadd_attachmentincludes\class-pdf-handler.php:65
actiondelete_attachmentincludes\class-pdf-handler.php:66
actionaskany_process_pdfincludes\class-pdf-handler.php:67
filterplugin_row_metaincludes\class-plugin.php:197
actionwp_footerincludes\class-plugin.php:200
actionaskany_user_message_savedincludes\class-slack-notifier.php:44
actionaskany_agent_message_savedincludes\class-slack-notifier.php:45
actionaskany_ai_message_savedincludes\class-slack-notifier.php:46
actionaskany_message_savedincludes\class-sse-handler.php:59

Scheduled Events 4

askany_index_all_content
askany_process_external_url
askany_process_external_url
askany_process_pdf
Maintenance & Trust

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 27, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Alternatives

JS Help Desk – AI-Powered Support & Ticketing System

JS Help Desk – AI-Powered Support & Ticketing System

js-support-ticket

B
76

Professional, beautiful, complete and powerful help desk & support system for WordPress.

8K 24 CVEs
AI Chatbot – Jotform

AI Chatbot – Jotform

jotform-ai-chatbot

A
100

AI chatbot that automates support, answers FAQs, drives WooCommerce sales, generates leads, and boosts engagement — easy setup, no coding!

4K No CVEs
AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)

axiachat-ai

A
100

The best AI Chatbot for WordPress. Like having ChatGPT trained on your content — turn your site into a 24/7 sales & support machine.

1K No CVEs
MxChat – AI Chatbot & Content Generation for WordPress

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

A
98

The best free AI chatbot and content generation plugin for WordPress. Train ChatGPT, Claude, Gemini, or Grok on your website content.

1K 2 CVEs
Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

A
97

AI-powered helpdesk & support ticket system with chatbot, knowledge base, and smart automation for WordPress.

1K 3 CVEs
Developer Profile

AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny Developer Profile

wpazleen

6 plugins · 800 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/askany/build/index.css/wp-content/plugins/askany/build/index.js
Script Paths
/wp-content/plugins/askany/build/index.js
Version Parameters
askany/build/index.css?ver=askany/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
askany-chatbot-containeraskany-chat-bubbleaskany-message-useraskany-message-bot
HTML Comments
<!-- Askany Chatbot --><!-- End Askany Chatbot --><!-- Askany Pro Upgrade Notice -->
Data Attributes
data-askany-widget-id
JS Globals
AskanyaskanyConfig
REST Endpoints
/wp-json/askany/v1/chat/wp-json/askany/v1/get_settings
Shortcode Output
[askany_chatbot]
FAQ

Frequently Asked Questions about AI-Powered Chat Assistant & Live Agent using SSE, RAG Architecture- AskAny