Does WP Engine AI Toolkit have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Engine AI Toolkit compatible with WordPress 6.9.4?

According to WordPress.org data, WP Engine AI Toolkit 0.3.17 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Engine AI Toolkit compatible with PHP 7.4+?

WP Engine AI Toolkit requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Engine AI Toolkit updated?

WP Engine AI Toolkit was last updated on Apr 1, 2026. Frequent updates are generally a positive security signal.

What is WP Engine AI Toolkit's security score?

WP Engine AI Toolkit has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Engine AI Toolkit Security & Risk Analysis

wordpress.org/plugins/atlas-search

Boost site conversions in just a few clicks with Smart Search AI, AI-Powered Recommendations, and Managed Vector Database.

10 active installs v0.3.17 PHP 7.4+ WP 5.7+ Updated Apr 1, 2026

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Engine AI Toolkit Safe to Use in 2026?

Generally Safe

Score 100/100

WP Engine AI Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "atlas-search" plugin v0.3.15 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The plugin also has no recorded vulnerability history, which is a strong indicator of past secure development.

However, significant concerns arise from its attack surface. The analysis reveals that four out of seven identified entry points (AJAX handlers and REST API routes) lack proper authentication or permission checks. This is a critical oversight as it exposes these functionalities to unauthorized access and potential exploitation. The presence of "assert" functions, while not directly tied to a vulnerability in this analysis, is a code signal that warrants caution as it can sometimes be misused in insecure ways.

The absence of any recorded CVEs and the lack of critical or high severity taint flows are positive signs, suggesting that the plugin has not been publicly compromised or does not have immediately apparent critical flaws. Nevertheless, the unprotected entry points represent a clear and present risk that needs to be addressed to improve the overall security of the plugin.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Presence of dangerous function (assert)

Vulnerabilities

None known

WP Engine AI Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Engine AI Toolkit Release Timeline

v0.3.17Current

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.83

v0.2.82

v0.2.81

Code Analysis

Analyzed Mar 16, 2026

WP Engine AI Toolkit Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

169 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert( $service instanceof $this->type );app\Core\Registry\Keyed_Registry.php:67

assertassert( $setting instanceof $data_class );app\Settings\Settings_Manager.php:67

assertassert( 16 === strlen( $data ) );helper\sync\batches\sync-lock-manager.php:168

SQL Query Safety

100% prepared3 total queries

Output Escaping

92% escaped183 total outputs

Attack Surface

4 unprotected

WP Engine AI Toolkit Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 3

authwp_ajax_get_chatkit_settingsapp\Modules\ChatKit\ChatKit_Subscriber.php:63

authwp_ajax_save_chatkit_settingsapp\Modules\ChatKit\ChatKit_Subscriber.php:64

authwp_ajax_block_editor_noticesincludes\class-wpe-content-engine.php:434

REST API Routes 1

GET/wp-json/analytics/v1/behavioral-analytics/(?P<extra>.*)src\trackers\tracker-controller.php:32

Shortcodes 3

[chatkit] app\Modules\ChatKit\ChatKit_Subscriber.php:61

[fsn_component] src\support\fusion\filters.php:23

[fsn_component] src\support\fusion\filters.php:39

WordPress Hooks 70

actioninitapp\Modules\Block_Shortcode\Block_Shortcode_Subscriber.php:33

actioninitapp\Modules\ChatKit\ChatKit_Subscriber.php:57

actionrest_api_initapp\Modules\ChatKit\ChatKit_Subscriber.php:58

actionwp_enqueue_scriptsapp\Modules\ChatKit\ChatKit_Subscriber.php:59

actionwp_footerapp\Modules\ChatKit\ChatKit_Subscriber.php:60

actionenqueue_block_editor_assetsapp\Modules\ChatKit\ChatKit_Subscriber.php:62

actionwpengine_chatkit_block_renderapp\Modules\ChatKit\ChatKit_Subscriber.php:65

actionadmin_enqueue_scriptsapp\Modules\Cookie_Consent\Cookie_Consent_Subscriber.php:84

actionadmin_noticesapp\Modules\Cookie_Consent\Cookie_Consent_Subscriber.php:85

actionadd_meta_boxes_attachmentapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:66

filterbulk_actions-uploadapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:76

filterattachment_fields_to_editapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:79

actioninitapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:98

actionadd_attachmentapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:101

actionadmin_noticesapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:105

actionadmin_enqueue_scriptsapp\Modules\Smart_Attachment\Smart_Attachment_Subscriber.php:121

actioninitapp\Modules\Smart_Search\Smart_Search_Subscriber.php:84

actionrest_api_initapp\Modules\Smart_Search\Smart_Search_Subscriber.php:92

actionwp_enqueue_scriptsapp\Modules\Smart_Search\Smart_Search_Subscriber.php:112

actioninitapp\Modules\Smart_Search\Smart_Search_Subscriber.php:119

actionplugins_loadedatlas-search.php:141

actionswitch_blogcommands\class-wpe-content-engine-sync-data.php:68

actionplugins_loadedincludes\class-wpe-content-engine.php:418

actionenqueue_block_editor_assetsincludes\class-wpe-content-engine.php:433

actionadmin_noticesincludes\class-wpe-content-engine.php:437

actionadmin_initincludes\class-wpe-content-engine.php:440

actionwp_after_insert_postincludes\class-wpe-content-engine.php:443

actiondelete_postincludes\class-wpe-content-engine.php:444

actionrest_api_initincludes\class-wpe-content-engine.php:447

actionrest_api_initincludes\class-wpe-content-engine.php:448

actionrest_api_initincludes\class-wpe-content-engine.php:449

actionrest_api_initincludes\class-wpe-content-engine.php:450

actionrest_api_initincludes\class-wpe-content-engine.php:453

actionrest_api_initincludes\class-wpe-content-engine.php:455

actionrest_api_initincludes\class-wpe-content-engine.php:463

actionrest_api_initincludes\class-wpe-content-engine.php:471

filterrest_pre_serve_requestincludes\class-wpe-content-engine.php:480

filterposts_pre_queryincludes\class-wpe-content-engine.php:505

filterfound_postsincludes\class-wpe-content-engine.php:506

actionwp_enqueue_scriptsincludes\class-wpe-content-engine.php:508

actionadmin_enqueue_scriptsincludes\smart-search-settings\ai-toolkit-settings-page.php:37

actionadmin_menuincludes\smart-search-settings\ai-toolkit-settings-page.php:38

filterparent_fileincludes\smart-search-settings\ai-toolkit-settings-page.php:39

actionadmin_initincludes\smart-search-settings\settings-callbacks.php:25

filterparent_fileincludes\smart-search-settings\settings-callbacks.php:26

actionadmin_menuincludes\smart-search-settings\settings-callbacks.php:33

actionnetwork_admin_menuincludes\smart-search-settings\settings-callbacks.php:34

actionadmin_enqueue_scriptsincludes\smart-search-settings\settings-callbacks.php:38

actioninitsrc\blocks\blocks-callbacks.php:30

filterblock_categories_allsrc\blocks\blocks-callbacks.php:31

filterrender_blocksrc\blocks\blocks-callbacks.php:32

actionpre_get_postssrc\blocks\blocks-callbacks.php:33

filterpre_render_blocksrc\blocks\recommendations-block\query-loop.php:12

filterquery_loop_block_query_varssrc\blocks\recommendations-block\query-loop.php:22

actionpre_get_postssrc\blocks\support\woocommerce\callbacks.php:22

actionwp_after_insert_postsrc\support\fusion\filters.php:19

filterthe_contentsrc\support\fusion\filters.php:30

actionwoocommerce_loadedsrc\support\woocommerce\filters.php:11

filterpre_get_postssrc\support\woocommerce\filters.php:22

filterwpe_smartsearch/get_order_bysrc\support\woocommerce\filters.php:23

actionwoocommerce_product_querysrc\support\woocommerce\filters.php:24

filterwoocommerce_product_querysrc\support\woocommerce\filters.php:25

filterregister_post_type_argssrc\support\wordpress\page.php:13

filtergraphql_connection_page_infosrc\support\wp-graphql\filters.php:32

filtergraphql_connection_edgessrc\support\wp-graphql\filters.php:54

actionwpe_smartsearch/search_operation_completedsrc\support\wp-graphql\filters.php:65

filterwpe_smartsearch/get_search_aftersrc\support\wp-graphql\filters.php:86

filterwpe_smartsearch/get_order_bysrc\support\wp-graphql\filters.php:107

filterwpe_smartsearch/search_hitssrc\support\wp-graphql\filters.php:120

actionrest_api_initsrc\trackers\tracker-controller.php:28

Maintenance & Trust

WP Engine AI Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 1, 2026

PHP min version7.4

Downloads26K

Community Trust

Rating76/100

Number of ratings4

Active installs10

Alternatives

WP Engine AI Toolkit Alternatives

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

$Rank Math SEO – AI SEO Tools to Dominate SEO Rankings$

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

4.0M 20 CVEs

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

Better Search Replace

better-search-replace

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

Developer Profile

WP Engine AI Toolkit Developer Profile

WP Engine

16 plugins · 3.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

831 days

View full developer profile

Detection Fingerprints

How We Detect WP Engine AI Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/atlas-search/app/asset/style/style.css/wp-content/plugins/atlas-search/app/asset/style/main.css/wp-content/plugins/atlas-search/app/asset/style/editor.css/wp-content/plugins/atlas-search/app/asset/style/blocks/block.css/wp-content/plugins/atlas-search/app/asset/style/admin.css/wp-content/plugins/atlas-search/app/asset/style/search.css/wp-content/plugins/atlas-search/app/asset/style/theme.css/wp-content/plugins/atlas-search/app/asset/script/script.js+14 more

Script Paths

/wp-content/plugins/atlas-search/app/asset/script/script.js/wp-content/plugins/atlas-search/app/asset/script/main.js/wp-content/plugins/atlas-search/app/asset/script/editor.js/wp-content/plugins/atlas-search/app/asset/script/blocks/block.js/wp-content/plugins/atlas-search/app/asset/script/admin.js/wp-content/plugins/atlas-search/app/asset/script/search.js+5 more

Version Parameters

atlas-search/app/asset/style/style.css?ver=atlas-search/app/asset/style/main.css?ver=atlas-search/app/asset/style/editor.css?ver=atlas-search/app/asset/style/blocks/block.css?ver=atlas-search/app/asset/style/admin.css?ver=atlas-search/app/asset/style/search.css?ver=atlas-search/app/asset/style/theme.css?ver=atlas-search/app/asset/script/script.js?ver=atlas-search/app/asset/script/main.js?ver=atlas-search/app/asset/script/editor.js?ver=atlas-search/app/asset/script/blocks/block.js?ver=atlas-search/app/asset/script/admin.js?ver=atlas-search/app/asset/script/search.js?ver=atlas-search/app/asset/script/theme.js?ver=atlas-search/app/Modules/Smart_Search/Assets/style.css?ver=atlas-search/app/Modules/Smart_Search/Assets/script.js?ver=atlas-search/app/Modules/ChatKit/Assets/style.css?ver=atlas-search/app/Modules/ChatKit/Assets/script.js?ver=atlas-search/app/Modules/Cookie_Consent/Assets/style.css?ver=atlas-search/app/Modules/Cookie_Consent/Assets/script.js?ver=atlas-search/app/Modules/Block_Shortcode/Assets/style.css?ver=atlas-search/app/Modules/Block_Shortcode/Assets/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpengine-aitk-chat-widgetwpengine-aitk-chat-bubblewpengine-aitk-chat-messagewpengine-aitk-chat-inputwpengine-aitk-smart-searchwpengine-aitk-smart-search-inputwpengine-aitk-smart-search-resultswpengine-aitk-smart-search-result-item+4 more

HTML Comments

WP Engine AI ToolkitSmart Search AIAI-Powered RecommendationsManaged Vector Database

Data Attributes

data-wpengine-aitk-chatdata-wpengine-aitk-smart-searchdata-wpengine-aitk-cookie-consentdata-wpengine-aitk-block-shortcode

JS Globals

wpengine_aitk_configwpengine_aitk_chat_configwpengine_aitk_smart_search_configwpengine_aitk_cookie_consent_configwpengine_aitk_block_shortcode_config

REST Endpoints

/wp-json/wpengine-aitk/v1/chat/wp-json/wpengine-aitk/v1/search/wp-json/wpengine-aitk/v1/recommendations/wp-json/wpengine-aitk/v1/cookie-consent

Shortcode Output

[wpengine_smart_search][wpengine_chat][wpengine_cookie_consent][wpengine_block_shortcode]

FAQ